1. 2

    An interactive raymarching environment, amazing!

    I always wanted to make one myself but had too many other things to do to dedicate it enough time. Now if only instead of spheres it had some nice fractal to go around :P

    1. 2

      Has anyone here tried using Godot in anger yet? I’m tempted to use this instead of Unity for things, but a bit unsure of how difficult it might be to use Godot for simple prototyping (namely whether docs are complete enough).

      Would love to hear the pros of this in terms of usability.

      1. 2

        Godot is great. I’ve used Unity a bit but honestly I don’t think I’d ever choose it over Godot (except for maybe non-technical reasons, like the asset store).

        As for the docs, I found them to be pretty good, and things are reasonably discoverable in-editor too.

        1. 2

          I quit Unity years ago and switched to Godot. The docs aren’t great (they seem to be working on that) but the builtin stuff is amazing, it’s kinda weird at times but it always seems like it has the one specific thing you want. I spent days implementing things that I usually don’t find in editors just to find out that they were already implemented in Godot, just a bit hidden.

          GDScript is acquired taste, I still don’t love it, but it’s grown on me enough that I can use it comfortably. For all its quirkiness (tries to be python but fails) it hasn’t given me a single issue or unwanted behavior, unlike the spotty C# in Unity (although I’ve heard it’s getting better?).

          1. 4

            Looks like they support C# now via Mono. Looking forward to someone writing a wrapper for F#.

            1. 2

              The main reason I never took Godot seriously is that they decided to invent their own language because “none of the existing ones were good enough” which tells me that the project leadership at the time were not very sensible. It’s a good sign that they’ve realized that was a mistake.

              1. 2

                I think that was nearly ubiquitous in game engines prior to, say, 2009–2010 or so. Unreal has its own language, UnrealScript, based on a previous in-house language, ZZT-oop. And Unity started with a DIY language, UnityScript, which had Javascript-like syntax and was sometimes called “Javascript” in the docs, but wasn’t really JS, and was finally axed just a few months ago. So it’s not that surprising Godot would also have one, even if it started a little later than those two engines.

                I’m not 100% sure on the timeline, but I think Lua was one of the first third-party languages to be widely picked up as a game scripting language. At the time it was seen as necessary for game-scripting languages that they be lightweight, small implementations that are easily embeddable, and ideally permissively licensed, which Lua fit the bill. Though now things have moved on to where embedding Mono isn’t a dealbreaker.

        1. 12

          I recently switched from Chrome to Firefox, due to some annoyances and problems I’ve been encountering in Chrome. For example, the entire Chrome UI goes unresponsive frequently when I use the IRCCloud web application. And Chrome is woefully behind when it comes to stopping autoplay videos from playing. This should have been built-in functionality for a long time now - there’s just no excuse for it not being there. And using Ctrl+click to put individual Google Hangouts conversations into their own tabs is now causing problems too (after a while, the tab goes blank!). This is a brand new problem I’m seeing in Chrome 64.

          Not sure what’s happening with the Chrome team. They seem to have lost their mojo.

          The Firefox UI is now nice and smooth. And Firefox is fast. I can no longer perceive any performance differences between Chrome and Firefox. I think the two browsers are on par again – and I would even give Firefox the edge at the moment.

          1. 12

            I’ve always like Firefox better ideologically, but I just couldn’t deal with the reduced performance. I tried FF 57 beta, and never looked back. I’m really glad Mozilla finally managed to put out serious competition to Chrome.

            1. 2

              Can’t say that’s been my experience, sadly. I switched from Chrome to Firefox and was having a blast with Quantum, I never thought web pages could load that quickly! But the UI was still clunky and the whole browser froze several times while using it with more intensive apps (and it really makes me wonder what went wrong when with several web tools open the one to really bring my computer to its knees is Slack, an IM app).

              I know a friend that’s using it and he’s not having my issues, wonder if it’s Windows (since he uses macOS), the fact that my PC is older (Thinkpad T430 vs MBP 2017) but Chrome just never skips a beat, even when the website is under heavy load, while Firefox just gives up when any of the pages get a little busy (this includes mundane tasks like opening and browsing the inspector).

              I really think Mozilla is on the right track for once and I hope for the best to them, I just hope they don’t get blinded by trying to ace every benchmark and think of the overall experience more, otherwise they’ll end up doing the same things we hate Chrome for (like breaking the web)

            1. 1

              Why is this tagged satire? Is there something I missed?

              1. 1

                I’m always kind of surprised when people use Unity for 2D stuff like this instead of just rolling their own. Like, 2D isn’t the big win that Unity gives you for 3D stuff.

                1. 2

                  I used to think the same back when Unity3D didn’t support 2D natively and you had to do all sorts of wizardry but I think they got much better. If you want pixel-art like 2D it’s still not ideal, but for resolution-independent, scalable 2D where you don’t do pixel-specific alignment (think Rayman origins/legends) it’s actually pretty nice nowadays.

                  1. 1

                    Ah, thank you for the explanation!

                1. 7

                  Windows 10 Mobile tried to attract users by letting them run the same “universal apps” on both their PCs and handsets, but the concept failed to catch on.

                  As it turns out, smartphones and PCs have different interfaces.

                  1. 12

                    I don’t actually thing that was the biggest reason.

                    My biggest turn off for developing on Windows Phone (as a Winphone user) was the horrible state of UWP development itself. Turns out there are several (3+) SDKs for “UWP”, each one targeting a specific version of Windows and/or Windows phone, with code that is incompatible between SDKs (finding libraries for a specific UWP SDK is hell, every time I would try another UWP sdk the next library I would need was for another one).

                    To make matters worse every UWP SDK has its own definition of what “Universal” actually means, earlier SDKs actually requires different projects with different UIs for each platform, only sharing some common code (as DLLs, same way you would with XNA or any other old .NET framework targeting different platforms) while the more recent ones do actually share UI code between platforms.

                    Microsoft screwed up the environment several times within the lifespan of Windows Phone, with apps built for WP7 not being compatible with 8, unless they are Silverlight (which they encouraged people to port to native, but actually ended up being the only app format that would work on every WP iteration), then making an entire SDK for apps for WP8.1 which would NOT work on WP8. Doing the same on WP10 promising that all 8.1 devices would be upgradable to WP10 and then not deliver on that promise (I’m still angry about that).

                    Their whining about trying to convince developers to develop apps is just that. They have only put roadblocks in front of app developers and their effort to convince iOS/Android developers to port app came way too late (not helping that that announcement came just after announcing they would drop the Android compatibility layer and just before dropping the bombshell about WP10 not getting to all devices, way to work against your own user and get bad press, Microsoft)

                    1. 4

                      But the tile interface is actually a really good one for mobile touch devices. The ecosystem never really arrived, but I really liked how windows phone apps worked. It’s better than iOS and Android.

                      1. 2

                        I remember the first iteration of Windows for mobile/PDAs (I can’t remember the name now) - it literally tried to emulate the Windows interface, start button and all.

                        That didn’t work, so they went in the completely other direction and tried to force the mobile interface on PCs.

                        It’s not as if MS don’t understand interface design. In my opinion, the ribbon interface for their core “productivity” apps is a step up over the previous design. But the mobile/PC integration seemed driven more by corporate interests than actually making stuff easy to use for people.

                        1. 2

                          A couple weeks ago I found my father’s old PDA (an i-mate jam) that was actually still fully functional. And the first thing that struck me was that: the user interface is like a tiny Windows XP, including the start menu and all.

                          1. 2

                            Windows CE? It was horrible. I think partly it was before its time, tiny screen with low resolution meant the touch areas were too small, so a stylus was required. a better screen may have fixed it, but they didn’t arrive for at least 5 more years.

                        1. 2

                          My company received the visit of a Oracle seller trying to sell us SPARC machines with Solaris a week ago. Apparently he was the only one not to find the thing completely out of place following the fact that Oracle basically gave up on both.

                          Glad to see that was boldness from Oracle rather than ignorance on his part.

                          1. 4

                            That is amazing! I never do things like that with my arduinos because my projects are always either too simple for arduino or too complex for them (more often issues are with timing rathen than processing power though).

                            Do you have stats on how much overhead does the whole graphic drawing add to the prime calculation?

                            1. 4


                              I use a simple memory-less division algorithm (wheel factorization) though while researching I found several cool probabilistic algorithms on that page. The time taken to compute a prime increases as the square root of the number while the graphics overhead remains constant.

                              Your question is cool in the context of figuring out at what number does the time spent drawing become less than, say 1%, of the compute time. I don’t have that value, but once you get to about a million, you can see that the graphics refreshes faster than the compute.

                              Update: Actually, I take it back - most of the numbers are not prime, so their testing ends very quickly (e.g. half the numbers are even) and drawing that line representing 1/k of possible divisors probably takes a lot longer than the actual compute.

                              I’d say you are right if you were thinking that the drawing overhead dominates. I’ll try by switching off the clock animation and just printing the numbers and see how different that is and get back.

                              1. 2


                                The timing test was a bit surprising for me:

                                N is the integer tested i.e. how many numbers we did
                                G is with graphics on, NG is with graphics OFF, which means
                                we only update the display if we find a prime, and the update 
                                is restricted to drawing the number's digits on the screen.
                                **The timing is given in the format XX.YY where XX is min and YY is sec**
                                timing_data = [
                                    #  N       G    NG
                                    (1000,    0.11,   0.03),
                                    (5000,    0.53,   0.14),
                                    (10000,   1.46,   0.28),
                                    (20000,   3.34,   1.00),
                                    (30000,   5.24,   1.35),
                                    (40000,   7.15,   2.11),
                                    (50000,   9.08,   2.48),
                                    (60000,  11.02,   3.26),
                                    (70000,  12.56,   4.06),
                                    (100000, 18.51,   6.14)

                                When I plot this both lines are very linear with the graphics ON line having a slope (or rather inverse slope) of 88.41 numbers/s and the graphics OFF line is 267.37 numbers/s (about 3x faster)

                                So I think, at least for these lower numbers the graphics drawing causes a 3x slowdown.

                                Now, about the linearity - it’s possible that I don’t have a large enough range and it LOOKS linear in this short segment. However, there are two opposing pulls to this computation. As the number gets larger though in the worst case we have to do sqrt(N) operations, we mostly do 1 operation (divide by 3) or two operations (divide by 2 and 3) and so on AND the prime numbers get sparser and sparser.

                                These two may counteract to make an average constant rate for testing numbers.

                                It would be fun to work this out.

                                Best -Kaushik

                                PS. The following code will suffice to plot the data in an IPython notebook

                                %matplotlib inline
                                import matplotlib.pyplot as plt
                                import math
                                # A convenient way to represent time as min, sec by using the decimal point
                                # XX.YY -> XX * 60 + YY
                                def T(s):
                                    s, m = math.modf(s)
                                    return m * 60 + s * 100
                                # N = integer tested
                                # G - with graphics
                                # NG - without graphics
                                # Here 
                                timing_data = [
                                    #  N       G    NG
                                    (1000,    0.11,   0.03),
                                    (5000,    0.53,   0.14),
                                    (10000,   1.46,   0.28),
                                    (20000,   3.34,   1.00),
                                    (30000,   5.24,   1.35),
                                    (40000,   7.15,   2.11),
                                    (50000,   9.08,   2.48),
                                    (60000,  11.02,   3.26),
                                    (70000,  12.56,   4.06),
                                    (100000, 18.51,   6.14)
                                x = [n[0] for n in timing_data]
                                y1 = [T(n[1]) for n in timing_data]
                                y2 = [T(n[2]) for n in timing_data]
                                plt.plot(x, y1, '.-', label='With graphics')
                                plt.plot(x, y2, '.-', label='No graphics')
                                1. 2

                                  Nice, this was exactly what I was looking for (although I would have tested it by writing the number on the serial console instead to eliminate the graphics overhead completely).

                                  I.. definitely did not expect it to look that linear either, just like you I thought the overhead would get less and less significant the higher the numbers.

                              1. 10

                                I know this post will sound really bad no matter how I say it, but I wonder how much of sexism, in the present (unlikely) or future (more likely) will be more fear than misogyny.

                                Womens are becoming a touchy subjects and, in today’s world where a trial is decided by the public before it goes to court, a false rape accusation does more damage than the trial itself (at least imo). If I were an employer I’d be worried of female employees, not out of hatred or anything, but because they would hold so much power to screw me over.

                                I personally don’t care what gender you are or religion or species.. I even like talking to assholes as long as they have something interesting to say. (Sadly I tend to be a bit of an asshole myself) But I would still be scared of talking to random women in a context like a conference because I might say something that puts me in a really bad place. It feels like I would be talking to someone with a loaded gun in my face.

                                I think the best friends I have are those who made me notice my mistakes instead of assuming the worst of me, while the tech scene today seems more like a witch-hunting marathon to me.

                                On that subject, why does the world have to work with cues and aggressive stances? Why can’t we be honest with each other? I see it every day, someone above me expects everyone to catch on her cues, if they don’t, they’re the bad guys, without even letting the other end knowing anything.

                                Most angry tweets and blog posts about this topic are from people who just kept everything in or bursted out in anger at them and they got defensive or responded just as aggressively (kinda to be expected, honestly). I would love to see examples of people who were made aware of their behavior and everything went fine after that.

                                1. 18

                                  a false rape accusation does more damage than the trial itself (at least imo).

                                  A genuine rape accusation also does more damage than the trial itself. In both cases, the victim is affected. It’s only how we perceive it that’s different.

                                  I think somewhere along the line communities started to encourage angry reactions as a way of maximising engagement. Somewhere along the line, we forgot to be kind by default, in a way we weren’t offline. I meet people who spend a lot of time in online communities, and you can see (amongst some people) that their online behaviour leaks into their personal offline behaviour, but rarely the other way.

                                  I think the recent furore over Equifax’s CSO having a music degree is a good example of this. Nobody should care about someone’s degree, but a marketwatch piece designed to provoke angry responses, provoked angry responses on the Internet. The Twitter algorithms designed to increase engagement increased engagement and the Internet went twitter crazy.

                                  There has to be a way to use a combo of the tools we use for engagement to promote de-escalation and de-engagement. Deprioritising inflammatory content to make the world a better place is not losing out. It’s winning.

                                  That’s what I really love about lobsters. People may have issues misinterpreting context and social cues here, but generally people are kind to each other.

                                  1. 10

                                    a false rape accusation does more damage than the trial itself

                                    That sort of accusation could, for example, prevent you from winning an Oscar. Or become elected US President.

                                    1. 11

                                      [Note: Before reading this, readers should probably know I have PTSD from a head injury. The side effects of nervous eyes, mumbly voice, and shaky hands apparently make me look like an easy target for male and female predators alike. I’m like a magnet for assholes who I usually deal with patiently, dismiss, or stand ground. Mostly ignore them. This issue required special treatment, though, since I was always treated very differently when it as something like this.]

                                      Far as scenario you’re worried about, it’s a real thing that’s happened to me multiple times. Not rape claims fortunately but sexual harassment or discrimination. I think I was getting false claims to managers two or three times a year with dozens making them to me directly as a warning or rebuke but not to my bosses. They just wanted me to worry that they could or would destroy me. Aside from the random ones, it was usually women who wanted a discount on something, wanted to be served ahead of other customers, or (with employees) not wanting to do the task they were given since it was beneath them or “man’s work.” Saying no to any of that was all it took…

                                      However, I was in a service position dealing with thousands of people plus dozens of workers due to high turnover. With all those people, just a few claims a year plus dozens of threats shows how rare this specific kind of bully is. Those that will fully push a false, gender-oriented claim are rare but highly damaging: each claim led people [that didn’t know me well] to assume I was guilty by default since I was male, interrogations by multiple supervisors or managers, and a waiting period for final results where I wondered if I’d loose my job and house with no work reference. Employment gaps on resumes make it harder to get new jobs in the U.S.. I got through those thanks to what I think were coworker’s testimony (mostly women) and managers’ judgment that the good and bad of me they’ve seen versus straight-up evil stuff a tiny number of women were claiming didn’t match up.

                                      Quick example: As a team supervisor, I always gave jobs to people in a semi-random way to try to be equal in what people had to do. Some supervisors seemed to cave in if a worker claimed the work was better for another gender, esp labor vs clerical vs people-focused work. When giving an assignment, the most shocking reply I got was from a beautiful, racially-mixed woman who had been a model and so on. A typically-good, funny worker who had a big ego. She said the specific task was a man’s job. I told her “I enforce equality like in the 19th Amendment here: women get equal rights, equal responsibilities.” She gave me a snobby look then said “I didn’t ask for that Amendment. Keep it, get rid of it, I don’t care. (Smirked and gestured about her appearance) I don’t need it. And I’m not doing man’s work.” I was a little stunned but kept insisting. She grudgingly did the job but poorly on purpose to disrupt our workflow. I had to correct that bias in my head where I assumed no woman would ever counter law’s or policies giving them equality outside maybe the religious. I was wrong…

                                      Back to false claims. That they defaulted against males, including other men who got hit with this, maybe for image reasons or just gender bias led me to change my behavior. Like I do in INFOSEC, I systematically looked for all the types of false claims people made esp what gave them believability. I then came up with mitigations even down to how I walk past attractive women on camera or go around them if off-camera. The specific words to use or avoid is important, esp consistency. I was pretty paranoid but supporting a house of five people when lots of layoffs were happening. The methods worked with a huge drop in threats and claims. Maybe the bullies had less superficial actions to use as leverage. So, I kept at it.

                                      This problem is one reason I work on teams with at least two people who are minorities that won’t lie for me. The latter ensures their credibility as witnesses. Main reason I like mixed teams is I like meeting and learning from new kinds of people. :) It’s a nice side benefit, though, that false claims dropped or ceased entirely when I’m on them for whatever reason. I’m still not sure given I don’t have enough data on that one. I also push for no-nonsense women, especially older with plenty of experience, to get management roles (a) since I’ve always promoted women in the workplace on principle and because mixed teams are more interesting; (b) side benefit that a woman whose dealt with and countered bullshit for years will be more likely to dismiss a false claim by a woman. When I finally got a female boss, esp who fought sexism to get there, the false claims that took serious investigation were handled usually in minutes by her. There was just one problem while she was there with a Hispanic woman… highly attractive with excellent ability to work crowds… that wanted my position launching a smear campaign. It almost worked but she had previously tried something on same manager she needed to convince. Her ego was so strong she didn’t think it would matter because she’d win her over too. Unbelievable lol. She left in a few months.

                                      So, yeah, I’d not go to one of these conferences at all probably. If I do, I’m bringing at least two women, one non-white, who barely like me but support the cause. If they leave me, I’m either going outside or doing something on my computer/phone against a wall or something. I’m not going to be in there alone at all given this specific type of bully or claim will likely win by default in such a place. Normally, though, I don’t mind being alone with women if there’s witnesses around that’s a mixed crowd, I’ve gotten to know them (trust them), or they’re one of the personalities that never pull stuff like this. I’ve gotten good at spotting those thanks to the jobs I did working with strangers all day. I get to relax more than you’d think from this comment, though, since vast majority of females on my team, other teams, and customers’ like me or at least neutral. The risk reducing behaviors are so habitual after years of doing them I barely notice I’m doing them until I see a post like this.

                                      Not funny note: There was also real sexism and harassment against women, esp from younger crowd. We had to deal with that, too. On rare events, some physical assault and stalkers that required police and other actions to deal with. One of the problems in many organizations is people will say the woman is making it up. Then, justice won’t happen. Our women were honest enough and male assholes brazen enough that we usually knew who was lying. Similarly when the women were bullshitting about harassment. In many other places or in trials, the defense was the woman might have been making it all up to spite the male. The reason that defense often works is because of the kind of bullies and lies I describe above. I get so pissed about false claims not just since they impacted me but because a steady stream of them in the media is used to prevent justice for real victims. That combination is why I write longer and fight harder on this issue.

                                      1. 9

                                        a false rape accusation does more damage than the trial itself (at least imo)

                                        In our society, a woman reporting a rape has to deal with a lot of shit from a lot of different people. Stuff like victim blaming, “What did you wear?”, “Oh you must’ve been reckless” make it already very hard for women to report rape when it happens. If anything we should be more concerned with women not reporting rape cases rather than false reports – especially since the latter is very small compared to the former. Sorry for not providing any sources, I’m on mobile right now.

                                        1. 15

                                          I know this post will sound really bad no matter how I say it,

                                          It does sound really bad. My favorite part is when you use the phrase “witch hunting” to somehow excuse the fear of women being around.

                                          but I wonder how much of sexism, in the present (unlikely) or future (more likely) will be more fear than misogyny.

                                          Oh so very little. Do not fear for mysoginy, it will be around forever.

                                          1. 16

                                            My favorite part is when you use the phrase “witch hunting” to somehow excuse the fear of women being around.

                                            I could not find a gender-neutral term that carried a similar meaning. This is definitely a fault on my part (my english dictionary is not that rich) but I was referring to the act of persecution by one or more individuals to the intended result of ruining someone’s life, humiliating them etc.

                                            Oh so very little. Do not fear for mysoginy, it will be around forever.

                                            What little hope for humanity and its self-improvement you seem to have. I understand the feeling.

                                            My point was not whether misogyny will go away (it won’t), but how much of the perceived misogyny will be out of outright hatred rather than fear of consequences. Someone who doesn’t interact with women will be perceived as misogynous, but maybe he might just want to stay safe from ending up in a really bad situation? My “gun pointed at your head” analogy still stands. It feels uncomfortable and you can’t expect people to behave normally in those situations.

                                            You seem to be the exact type of person I’m talking about, all going on the aggressive thinking I’m your worst enemy, not giving me the benefit of the doubt. I personally find it really hard to express my thoughts (it’s not just a language barrier, sadly), and getting attacked like that makes me really demoralized and demotivated to even talk. When I am not allowed to talk my mind without people instantly getting so aggressive at me, how am I supposed to not fear doing it?

                                            1. 15

                                              I personally find it really hard to express my thoughts (it’s not just a language barrier, sadly), and getting attacked like that makes me really demoralized and demotivated to even talk. When I am not allowed to talk my mind without people instantly getting so aggressive at me, how am I supposed to not fear doing it?

                                              Thanks for saying this.

                                              1. 5

                                                I’m sorry that I sounded aggressive, because I was not trying to. I’m still not angry, nor replying out of spite or hate. :) I’m not a native english speaker (either?), so it can be that. Oh, and I also never thought of you as my worst enemy.

                                                I could probably hug your right now, seriously, although I’m a little unsure how to understand your analogy that interacting with women is like having a gun pointed at your head.

                                                As far as I can tell, we agree that misogyny will not go away – try to destroy an idea… – but we kinda disagree about how we should deal with it. I am not in a position to lecture anyone on the topic, and deeply nested threads tend to go off-topic easily, so I’ll happily reply to your emails if you’d like to.

                                                1. 2

                                                  Thank you for your kind words, I’m sorry I misinterpreted your reply then!

                                                  I hate to link to it but I think that what best describes my analogy is a scenario like what ESR described. With no proof (even though the source claimed there had been attempts already) either back then or now, that was ruled as “unlikely” at best, but the fact that it doesn’t sound completely ridiculous and could be actually be put to action by a malicious group worries me.

                                                  I honestly don’t think most women are like that at all, and as you said, this is going a bit off topic.

                                                  About “how to deal with it”, I’m not proposing a solution, I do wonder if being more straightforward with people and less “I’ll totally blogpost this unacceptable behavior” would make anything easier though.

                                                  For example, the author quotes Berry’s paragraph about not giving anything for granted, yet instantly assumes that assuming that females are less technical is a big drag for women in tech. What about a little understanding? With so many women in sales and PR positions, the guy might be just tired as hell of having to deal with marketers (although the CTO title should have spoken for itself.)

                                                  Not denying that some people are just sexist jerks, though.

                                              2. 8

                                                Both literal witch hunts and the more recent metaphorical sense were frequently directed at men. The notion that “witch” is female is an ahistorical modern one and simply not part of what the word means in the context of a “witch hunt”.

                                                1. 0

                                                  …So? Are you reading that Internet comment in the 1700s when historical witch hunts were actually happening?

                                                  1. 3

                                                    The witches arrested during the Salem Witch Trials (in 1692-3, around 150 being arrested) and killed (24, 20 executed, 4 died in jail) weren’t all women. A cursory scan of the accused show plenty of male names (although it does seem to bias towards women).

                                              3. -2

                                                The post content here is a man relating his experience of seeing his cofounder get talked over and ignored because she is a woman, so you immediately comment about… how bothersome it is that a woman might one day accuse you of sexual assault?

                                                What the actual fuck is wrong with you? You should be thoroughly ashamed of yourself. Delete your account.

                                                1. 16

                                                  What the actual fuck is wrong with you? You should be thoroughly ashamed of yourself. Delete your account.

                                                  I generally avoid these topics like the plague, but this is the exact reason why. It’s absolutely appalling to me that anyone thinks this is a good response to any comment ever. If you are trying to persuade people or this person, then you have completely failed in backing up your comments with anything but insults. If you aren’t trying to persuade anyone, then you are just a troll who enjoys yelling at someone who is clearly (based on the other comments in this thread) is trying to genuinely learn. You took a teaching moment and made it a display of hatred.

                                                  1. -1

                                                    If you are trying to persuade people or this person, then you have completely failed in backing up your comments with anything but insults

                                                    This assertion is completely absurd. I’ve been this asshole, been told off and/or beaten up, and learned better. Violent complaint is precisely how signalling to people that their behavior is utterly abhorrent works in society.

                                                    1. 6

                                                      How should I signal to you that your behavior here, in this thread, is utterly abhorrent? Should I threaten to beat you up? Tell you to delete your account? Scream aggressive obscenities at you?

                                                      Whatever it is you think you need to hear to stop behaving this way, pretend that I said it.

                                                      1. 3

                                                        I’ve been this asshole, been told off and/or beaten up, and learned better.

                                                        I’ll just say that I find this comment immensely more helpful than your previous comment. If you’d like to expound on how specifically you’ve “been this asshole” in the past, and what you’ve learned from the experience I’d wager that’s much more likely to convince Hamcha (and the rest of us) to change their mind and behavior.

                                                    2. 5

                                                      I questioned the reason she was ignored and proposed a motivation for which people might fear dealing with women. I also questioned what would have happened if the guy would have put any effort in making the issue clear to the people he’s talking shit about other than vague clues before making accusations with circumstantial evidence.

                                                      What is there to be ashamed of?

                                                      1. 3

                                                        Normal people can have conversions with members of the opposite or same gender without constantly panicking about rape allegations. Do you specifically avoid female waiters at restaurants or cashiers at supermarkets? Is this somehow different to taking to a woman in a nontechnical role? If not, why do you think it is reasonable to pretend a woman who codes is any different? Hell, how on earth can you pretend the possibility of rape allegations is a valid reason to pretend that a person does not exist while in a meeting with multiple participants?

                                                        Your regurgitation of sexist crap is shameful. Your lack of thought about it is bewildering. Delete your account.

                                                      2. 3

                                                        Who taught you to shame people for their feelings and beliefs?

                                                        1. 0

                                                          Some beliefs are horrendously evil. Your freedom to believe harmful crap does not constitute immunity from being yelled at for spouting it in public.

                                                    1. 1

                                                      I think the main point is that a single english world doesn’t put you apart from others, and it anything you might just end up using the same name as someone else that’s already more popular (but not popular enough for you to notice).

                                                      It doens’t help that it’s more of a trend than anything, “pants.io” is just today’s “readr”, remember that trend?

                                                      There’s also the craze of making the TLD part of the name which so far has only given me headaches as I try to remember websites without asking to Google for them. (Lobst.er or Lobste.rs?)

                                                      A trend that works imo is when the gTLD is one full word of the name: tilde.club, teenage.engineering (zombocom?)

                                                      While I’m not advocating for long urls, I think originality is still #1 if you want a name that can be remembered, no matter the cost. I personally find it much easier to remember my absurd domain name (hyperbolic-mayonnaise-interceptor.ovh, never made any typo.. somehow) than the proper spelling of whatsapp.

                                                      Or why not try just random letters? It works for xkcd and SMBC!

                                                      1. 3

                                                        The article starts with “We are paid to solve problems, not write code” and ends with “I would never do such hacks for production environments”. Unless you’re being paid to work on hacky sideprojects, doesn’t that mean that not only we are paid to write code, but good, maintainable code nonetheless?

                                                        1. 6

                                                          I would say that no, we’re not paid to write good maintainable code. We’re paid to solve problems.

                                                          For example, I was part of a team that built the same product twice:

                                                          First, as proof of concept demoware (this was used to raise investment money, cause it showed we could actually do something no one else could, even if not well). It had no error handling, for example, and ran as command-line scripts driven by ssh.

                                                          Second, the product was rebuilt for actual users, with a different goal of being production-ready. And this time we used tests and a real distributed systems architecture and so on.

                                                          Same product, different goals, and therefore different means. Good code is code that solves a problem, and sometimes the problem is “show investors we can do this, ASAP before we run out of money.” And so speed of delivery is what matters. And sometimes the problem is “production-ready product for users”, and then you need maintainable, well-tested code.

                                                        1. 24

                                                          I wonder if Lenovo will also go retro on the spyware. Maybe Reader Rabbit or WeatherBug.

                                                          1. 6

                                                            I’d chip in a few satoshis to see a modern day BonsaiBuddy.

                                                            1. 6

                                                              Well, they probably ship with Windows, and that includes Cortana

                                                              1. 3

                                                                With HDR and lens flare.

                                                              2. 2

                                                                I simply insist on it being “Back Orifice”.

                                                              1. 1

                                                                Holy shitballs folks.

                                                                I think this is some good further evidence for anybody who cares (apparently not the web dev community) that things have gotten totally out-of-control.

                                                                1. 3

                                                                  I dunno. Seems to me like the sites that don’t work without JS are mostly the sites that I don’t care about, because they are the sites focused on advertising and visual gimmickry rather than providing meaningful, informative content.

                                                                  The bloated and buggy ad-driven web is indeed getting bigger and worse, but it’s not the only web. Maciej Cegłowski has written extensively on this. The Dillo browser project is built around it. Sites like indieweb.org help educate users who see the web as a place to provide meaningful content. The ‘good’ web is growing too, although maybe slower than the ‘bad’ web (for now).

                                                                  Somewhat ironically, the trend toward JS-heavy SPAs actually makes it easier to remove the crap, because these JS clients are served by JSON based APIs, against which one can often build unofficial clients.

                                                                  1. 2

                                                                    This! I use a JS whitelist, and all the websites that work amazingly without JS.. I have whitelisted, because there JS is just used to add some nice bits without putting tons of ads and bloat.

                                                                    Well, except for Bloomberg, which loads 3 to 4x faster without JS, has no ads or ad-blocker-blocker, no autoplaying videos.. but has a 50px~ tall, blank header. I will gladly take that tradeoff.

                                                                  2. 3

                                                                    Cares about what? There is no vague unified goal of people who care.

                                                                  1. 3

                                                                    Yes I’m sure Go is the best language for web development. Why not re-live all the hell JS devs went through with callback hell, only this time the Go maintainers have no reason to put promises and async because Go is not meant for single threaded environments.

                                                                    Honestly, JS is a bad language and no one will ever deny it, but what other language is putting as much effort in trying to become better? One thing I admire of JS more than any other language is how easy it is for them to get a new feature up and running: even if the VM will take years to implement it, the polyfill/babel module will be out in days. I’m having a blast using Async/Await, Fetch, Web workers etc.. in my projects, and just tweaking some Babel settings to decide which feature gets polyfilled and which don’t. Meanwhile in the C++ world “modules in the next version” is still a joke. Saying TC39 is doing nothing to change the language makes me even wonder if the guy knows about strict mode.

                                                                    1. 2

                                                                      Honestly, JS is a bad language and no one will ever deny it

                                                                      Lots of people denying it in this discussion.

                                                                      1. 2

                                                                        Why would you add callback driven libraries to Go, when it doesn’t really need them? Are you trying to make a sideways point about other language features?

                                                                        It would be quite possible to take the existing go features and use them to build promises, and some people do just that.

                                                                        1. 1

                                                                          Sorry, I misunderstood the article, I thought it was recommending Go as a full replacement for JS, not just node.js. If one was to hypothetically use Go via transpiler or WebASM target it would be constrained to an environment not suited for it IMO (since Go is heavily based on concurrency while the browser is single-thread event-based).

                                                                          1. 1

                                                                            It does recommend it as a possibility among many other, though I imagine that Gopher.JS handles async via some compilation smartness by turning Go-routines into Generators, akin to how ClojureScript does it.

                                                                            The thing about that is nice about Go is that it is fundamentally an async runtime in terms of IO and the like, and async runtimes on the JS stack are pretty well studied at this point.

                                                                      1. 8

                                                                        As a long time open source person, I’m increasingly frustrated by the partisan refrain that software which isn’t open source cannot be trusted to be non-malicious. This isn’t really true, there’s an entirely domain of expertise dedicated to reverse engineering what no-source-available code does, and folks who do this for a living are really good.

                                                                        There’s plenty of good reasons to prefer open source, even related to trustworthiness, source availability facilitates easier reviews from people with different expertises (e.g. a cryptographer who is not an expert reverser), however the idea that closed source is just a total black box is a political argument, not a technical one.

                                                                        1. 10

                                                                          there’s an entirely domain of expertise dedicated to reverse engineering what no-source-available code does

                                                                          OK, but the cost of determining whether something is malicious is incredibly high for closed-source software compared to open source. Prohibitively so, for the vast majority of users.

                                                                          Any technique you can use to audit closed source software, you can use to audit open source software, right? But you also have the source code, the commit history including who committed what, diffs between versions, code comments, etc.

                                                                          Plus there’s the social factor. If somebody at Microsoft adds a backdoor to Windows, outsiders might notice the unusual network traffic, but they have no chance to see the code. All the committers to Windows are under NDA and can be pressured to be quiet. Whereas adding a backdoor to Linux would mean sneaking it past a bunch of people whose only unifying motive is to produce a good OS, and keeping them all from noticing it indefinitely. It’s a much harder task.

                                                                          So open source makes it much harder to add back doors and much easier to find them. It’s not perfectly safe, but it sounds a heck of a lot safer.

                                                                          1. 8

                                                                            You are technically right in saying that there are domains of expertise dedicated to reverse engineering closed source, and these folk tend to be really good.

                                                                            Making this the argument towards trusting closed source is moot. There is plenty of closed source that isn’t actively reversed, and audited, which is used heavily. Tax software, Search engines, you name it …

                                                                            1. 3

                                                                              As Ken Thompson showed, this argument is also wrong in that even if you can see the source, the binary that’s actually running could have been diddled in some way. And it’s not even that hard to get backdoors into source without people noticing, as Heartbleed and the Underhanded C Contest and so on show.

                                                                              1. 3

                                                                                Still, you can’t really reverse engineer something as huge as Windows.

                                                                                EDIT: Even if you were able to reverse engineer it, you can’t really modify it, unless you break the EULA. Even then, it’s a play of cat and mouse - you hack Windows to change its behaviour and then Microsoft patches it, so you need to find another hack.

                                                                                1. 5

                                                                                  Neither you can audit a huge open source project: the OpenSSL fiasco showed that “since it’s open, someone would have noticed” doesn’t work.

                                                                                  1. 6

                                                                                    Still, being open source, it allows anyone to fork it (see LibreSSL) and use it instead.

                                                                                2. 1

                                                                                  I suggest mentioning 3rd party evaluations instead of RE. People or organizations you trust get the source, vet it, and sign its hash. That was how security evaluations at government have been done since 90’s. It can be pretty cheap if software isnt humongous.

                                                                                  Interestingly, still necessary for FOSS since that gets so little review. Like in closed-source, most users just trust a 3rd party saying it’s good.

                                                                                  1. 0

                                                                                    This isn’t really true, there’s an entirely domain of expertise dedicated to reverse engineering what no-source-available code does, and folks who do this for a living are really good.

                                                                                    This is like saying terrorism is okay because there’s an entire domain of expertise dedicated to stop people from blowing up a schoolbus with a martyr vest and these experts (at least some of them) are quite good at it.

                                                                                    Open source and free software are superior to closed source proprietary software. All else being equal, there is no reason to use a closed software over an open one.

                                                                                    Just because you can mitigate the awfulness does not make something good.

                                                                                    1. 3

                                                                                      This is like saying terrorism is okay because there’s an entire domain of expertise dedicated to stop people from blowing up a schoolbus

                                                                                      That is ridiculous. The only point of terrorism is destruction to cause some reaction. Whereas, the point of proprietary software is to solve an actual or perceived problem for users in a way that works well enough. It usually does. Problems are usually recoverable. It almost never kills someone. Shady companies may optionally do a bunch of evil like lock-in on top of that. Don’t do business with shady companies & make sure you have an exit strategy if the supplier becomes one. Meanwhile, enjoy the software.

                                                                                      “Open source and free software are superior to closed source proprietary software.”

                                                                                      Like hell. You said all else being equal but it rarely is. In average case, it’s easily proven false in a lot of categories where at best open source has knockoffs of some proprietary app that suck in a lot of ways. In many other cases, there’s no open-source app available. Should be decided on a case by case basis which are better. Far as security, it was mostly proprietary in high-assurance sector steadily produced highly-robust solutions because they had money to put the necessary QA and security work into it. It’s basically unheard of in open-source unless paid pro’s or CompSci people are doing it with the open-sourcing being incidental. GEMSOS, VAX VMM, KeyKOS, Kesterel Institute’s stuff, OKL4, seL4, Caernarvon, MULTOS, CertiKOS, Eiffel SCOOP, SPARK Ada, CompCert, Astree Analyzer… all cathedral model by people who knew what they were doing being paid for it.

                                                                                      Closest thing in FOSS w/ communal development is OpenBSD with a mix of root-cause fixes and probabilistic mitigations whose effectiveness is unknown since top talent don’t focus on small, market share unless paid to. That vs competition using some of their methods plus formal proof, static analysis, exhaustive testing, covert-channel analysis, ensuring object code maintains source’s properties, SCM security, and 3rd-party pentesting. Open-source security is a joke on the high-end in comparison. Although NSA pentesting failed to break a few above, they certainly have many of those FOSS apps and FOSS-using services in the Snowden leaks with full “SIGINT-enabling.” They strongly encourage many of these FOSS apps to be used while making it illegal for companies to sell me Type 1-certified crypto or TEMPEST-certified devices. Kind of weird if FOSS quality is so good. ;)

                                                                                      Enough myths. Neither side is better by default. What matters are benefits for user at what cost. Sometimes it’s proprietary, sometimes not. Look for FOSS by default for many, good reasons. It’s not always the best, though. Just ask any hardware developer if we high-assurance people seem too fringe. Ask the hardware people to tell you which FOSS software is good enough to produce the chip you wrote that comment on. Which is “superior to closed-source proprietary software.”

                                                                                  1. 2

                                                                                    you probably have a few desktop apps that you use daily without even realizing they’re built using web technology.

                                                                                    No, I notice, they’re huge, bulky, and if my computer is doing anything else, slow.

                                                                                    I run several chat clients based on web technologies: My IRC client is a chrome extension, at work we use Mattermost and occasionally I use Whatsapp web.

                                                                                    Mattermost, since it uses Electron, is the slowest of the bunch, everything else starts superfast since it’s based on the already running Chrome instance rather than spinning up their own subsystem.

                                                                                    Then there’s Telegram, the desktop client has a custom chrome and beautiful animations just like everyone nowadays (I dislike the recent revamp to a Material Design-style UI, but it’s not that bad) and I always wondered why it’s so snappy and never skips a beat, a brief look at the source told me: it’s C++ / Qt.

                                                                                    And let’s not even start on the other fields: I try to use VS Code at work, but the constant slowdowns and chocking is not making me regret spending money on Sublime Text one bit.

                                                                                    1. 17

                                                                                      The article could have been summed up by just linking to one of the many NIST guidelines recap such as the one he himself links to in the article.

                                                                                      The blogpost itself is just yet another subset of those guidelines anyway:

                                                                                      • 1. Password rules are bullshit - 800-63-3 specifies “Verifiers SHOULD NOT impose other composition rules (e.g., mixtures of different character types)”
                                                                                      • 2. Enforce a minimum Unicode password length - “Verifiers SHALL require subscriber-chosen memorized secrets to be at least 8 characters in length. […] Unicode [ISO/ISC 10646:2014] characters SHOULD be accepted as well.”
                                                                                      • 3, 4 and 5 - “verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised. For example, the list MAY include (but is not limited to): Passwords obtained from previous breach corpuses, Dictionary words, Repetitive or sequential characters (e.g. ‘aaaaaa’, ‘1234abcd’), Context specific words, such as the name of the service, the username, and derivatives thereof.”

                                                                                      In addition to that, 800-63-3 also suggests not forcing the password to be changed periodically and forces proper storage on the backend (using a large number of iterations of hash+salt and suggesting HMAC), among many other things (it also has its own chapter on TFA, which is something more services should offer)

                                                                                      1. 2

                                                                                        Indeed. The NIST standards are quite good, and should be used unless there is a very good reason not to use them.

                                                                                      1. 2

                                                                                        I think the best solution would be to allow users to maintain their own website blacklist—I know I’ve wanted this feature in the past. Perhaps a PR is in order?

                                                                                        1. 1

                                                                                          The last time this came up I posted a userscript that can block sites by domain or users by name. It’s trivially adapted to block as many domains or users as you like.

                                                                                          I agree with this post that The Register has been reduced to snarky rewording of actual journalists and can be totally ignored, but I’m not volunteering to add a domain-blocking feature to the codebase. I’d rather just see every story linking to The Register merged into the real source of the story - we’ve had sources for both Cloudpets and AWS on the homepage, too.

                                                                                          1. 1

                                                                                            I think that could lead to some problems:

                                                                                            • Less content for everyone: If you blacklist a source on a global basis, users will be forced to look for other sources (or just don’t bother and leave, depends on the user) to post the same news: The amount of content everyone gets is the same. However if everyone just starts having their own blacklists it doesn’t mean they magically get the same content from other sources, they just get less. Not very different from just hiding posts imo.

                                                                                            • “Double posting” probably not the correct term, but the first that came to mind, basically:

                                                                                              1. User A posts news about X from website A
                                                                                              2. User B has blacklisted website A, doesn’t see a post about X, so they post their own source
                                                                                              3. User C sees 2 (and potentially more) posts related to the same thing

                                                                                            But indeed, it would be the less intrusive option if people is really annoyed from one particular source.

                                                                                          1. 4

                                                                                            Reminds me of pleaserobme.com, exploiting people’s habit to overshare (from obvious things like Foursquare’s checkouts to more obscure ones like geotagging informations in photos from public services like Twitter) to show where people lived and when they were not there.

                                                                                            1. 4

                                                                                              Was a bit puzzled the first minute because my default is JS disabled and with all the CSS frameworks I didn’t realize this was a JS thing.

                                                                                              I genuinely wow’d at the fact that the JS snippet in the page is the actual <script>! I was like “wait where is that in the page” then noticed the classes on the script tag.