1. 2

    Hopefully, I’ll have a prototype of a habit tracking app for iOS. I just don’t like how most current ones work, so I decided to make my own.

    1. 2

      What language did you settle on for this? Are you comfortable with mobile dev in general or is this a growth challenge?

      1. 1

        I’m using Swift and SwiftUI. Never really done mobile dev, but SwiftUI has enough similarities to React that I feel at home.

        I did make a simpler crop calculator for Don’t Starve Together first, as practice.

    1. 3

      For the C# code, I went to SO and found the top answer to the “How to do FizzBuzz” question. That’s the fairest way I know how to handle this.

      I don’t think this is fair to C#-the-language, even if it might be fair to C#-the-ecosystem.

      Here’s an implementation that more closely matches the power of the F# version, although it’s certainly less expressive. I added one last function abstraction because I wanted to separate the FizzBuzzing itself and any side effects like printing.

      using System;
      using System.Collections.Generic;
      using System.Linq;
      		
      public static class Program
      {
      	public static bool divisibleBy(this int n, int by) => n%by == 0;
      	
      	public static string findMatch(this int n)
      	{
      		if (n.divisibleBy(3) && n.divisibleBy(5))
      			return "FizzBuzz";
      		else if (n.divisibleBy(3))
      			return "Fizz";
      		else if (n.divisibleBy(5))
      			return "Buzz";
      		else
      			return "";
      	}
      	
      	public static IEnumerable<string> fizzBuzz(int start, int end) =>
      		Enumerable.Range(start, end).Select(n => $"{n} {n.findMatch()}");
      		
      	public static void printFizzBuzz(int start, int end)
      	{
      		foreach (var x in fizzBuzz(start, end)) {
      			Console.WriteLine(x);
      		}
      	}
      	
      	public static void Main()
      	{
      		printFizzBuzz(0, 100);
      	}
      }
      
      1. 37

        Taking my sleep seriously, and pursuing a sleep apnea diagnosis.

        I went from being so constantly fatigued to to the point where I could fall asleep while driving, to feeling… well, normal I guess.

        Sleep has such a drastic effect on one’s executive function that almost every other aspect of my life has improved because of it.

        1. 9

          In that regard, being more careful with caffeine. Cutting my coffee with decaf in the afternoon or foregoing it entirely. On the days where I only have coffee once I am a little shocked at how tired I get by the afternoon.

          1. 7

            Yup, similar experience here! My dentist told me I have sleep apnea 3 years ago, which resulted in a deep journey into the topic of breathing, and a big improvement in my life. Even though I wasn’t sleepy! Most people don’t realize that tooth grinding and damage is often a sign of bad breathing at night. Also, many people are mouth breathers and unaware of it, and it is a sign of poor breathing and sleep apnea.

            A funny thing is that all these sleep, breathing, and teeth issues have been popping up on Hacker News over the last year or so. I’m not sure if there is a correlation between them and programming, or just general awareness, because a bunch of popular books have come out about sleep lately. Could be that the readership is aging :)

            Here’s a comment I wrote in response to one of these stories:

            https://news.ycombinator.com/item?id=25016745

            Here’s a surprising claim that has scientific concensus: Basically ALL humans have problems breathing. That is, apes and other mammals don’t have these problems.

            The two main reasons are the anatomical changes due to the evolution of speech, and the advent of agriculture, which completely changed our diets and thus the structure of our jaw.

            The agriculture bit hit us twice: ~10,000 years ago when we stopped being hunter-gatherers, and 50 years ago with the rise of industrial cooking. Remember that the average body weight for a man in the US increased from ~166 in the 1960’s to ~196 today [1]. This can push your bad breathing over the edge, although in my case I found that going back to a medically normal weight (which is 20-30th percentile now!) actually doesn’t fix the problem.

            I think that “sleep apnea” needs to be divided into several different afflictions, because the general tendency towards bad breathing manifests in different ways for different people. It sounds like a specific thing that certain people have, but it’s not really the case. It’s also common in young, thin women.

            Basically everyone’s airway is a little bit obstructed. But it’s not something a doctor will tell you about, because it may not cause an emergency. It’s more of a thing that unfolds over 20, 30, or 40 years. Doctors tend to give you point fixes for the SYMPTOMS, not the causes. For example, poor breathing causes high blood pressure, and lots of people are on blood pressure meds. And you will also find lots of dentists who will drill your teeth without telling you what the underlying cause of the damage is.

            Another way to think of sleep apnea is like cancer. 100 years ago, fewer people died of cancer, because they would die of something else first. Breathing it the same way… If you don’t die of something else, the accumulated wear of bad breathing may do you in (heart issues, dementia, etc.). Breathing naturally gets worse over time. Obviously, some people have this problem more than others, but if you’re educated and talk to 10 people you know, you’ll almost certainly see signs of it.

            I list a bunch of books in the HN comment if people are interested, and feel free to contact me about it, as I have an ongoing interest here.

            [1] https://www.washingtonpost.com/news/wonk/wp/2015/06/12/look-at-how-much-weight-weve-gained-since-the-1960s/

            1. 1

              Very interesting morning read thanks ! :) Did you try some Wim Hoff techniques for your breath ?

              1. 2

                I’ve heard about it, I think through Nestor’s book “Breath”, but haven’t tried it. Yup I just checked Amazon and there are many references to Wim Hof:

                https://www.amazon.com/Breath-New-Science-Lost-Art/dp/0735213615

                Nestor goes through many different traditions of breath work in his book. “Tummo” from Tibet is another one that stood out in my mind.

                What lends this a lot of credibility is that many people over the years, from different cultures, have rediscovered the same things, or at least overlapping things. I’m confident our understanding will grow in the near future!

              2. 1

                I am interested in this.

                I have a diagnosis of “Vasomotor Rhinitis” which to me sounds like “we don’t know why but your nose canals are a little smaller”. During your research did you come by any tips for that kind of problem?

                1. 2

                  Hm that’s interesting. I don’t recall seeing that term.

                  But if you have a mild chronic and/or congenital problem related to breathing, I would check out Nestor’s “Breath”. It is not a conclusive book, but it goes through many different traditions that have uncovered overlapping knowledge.

                  He says he has a narrow head, and he had a history of a lot of orthodontic work. And those 2 things are correlated with bad breathing.

                  What really stands out as a big lesson is that every thing in your head is related! Doctors tend to treat things in isolation, so they will often give you bad or conflicting advice on these topics.

                  Who knew that breathing can affect your teeth? And your diet also affects your breathing, etc.

                  Unfortunately I don’t have a specific answer, but I will say that doing research into this topic paid off for me. And if you ask your friends, you will start to notice that everyone has these chronic problems that they tend to ignore, but that reduce their quality of life. Sometimes they can’t travel as well because of the issue, so they avoid this or that, etc.

                  The analogy I’ve been using is that you can imagine hitting 100 pumpkins with a hammer. All of them will have some problem, but it won’t be the same problem!

                  That’s like humans and breathing. As a species, we’re predisposed to bad breathing. But everyone has a unique problem, and so unfortunately there is a lot of trial and error involved in finding solutions. I have had partial solutions for 3 years, like sleeping on my side and an oral appliance. But am looking at even more solutions, now that I FEEL the great improvements!


                  PS. I did hear of something called “Muller’s Maneuver” in a book to diagnose obstructions in the nose, but I don’t know more than that. The book “8 hour sleep paradox” by Burhenne recommends that you ask your doctor for this.

                  https://en.wikipedia.org/wiki/M%C3%BCller%27s_maneuver

                  I may start a blog … at the very least I should make a dump of all the books I’ve read. If you find anything interesting let me know!

              3. 3

                Can’t vote this up enough. If you snore or share a sleeping space with someone who snores, get a sleep test. Get a CPAP. Wow. An amazing change. It’s weird to get used to for a week or two then it’s nothing.

              1. 7

                We have considered OCaml but went for F# instead. I could not be happier. Great libraries, good tooling, in 2020 F# is a first class citizen in the cloud thanks to C# and .NET Core. You can develop on Linux, Windows, MacOS and without modification it works. Compilation times are great. Unless you want to deal with the low level nature and the C++ influence in Rust F# is a much more logical step to move from OCaml. There is dotnet fsi for REPL too. I really like OCaml, it was my first ML language but it is not great for cloud computing or anything where you do not want to write a ton of code that has nothing to do with your business problem, because there aren’t many libraries. F# has access to C# libraries and it is relatively easy to write a thin wrapper that convert nulls to Nones, so you are null safe or C# style functions to ML style functions so you can use |> or <| etc. Out frontend is in Elm and we follow elm-format style in F# (manually though) so our codebases look very similar.

                1. 3

                  What’s your problem domain? I will use F# at a new job, and I would love to hear which libraries & frameworks you love, and which resources are good for learning.

                  For context, I already know Elm very well, and Haskell at an intermediate level. I also plan to work through “domain modelling made functional”.

                  1. 3

                    SAAS, energy, finance.

                    I could collect some of the libraries for you.

                    1. 1

                      That would be awesome! I’m especially interested in what stands out, or strong opinions you have derived from your experience. I’m sure I can find the very basic stuff with a bit of research :)

                    2. 1

                      I will use F# at a new job

                      Mind sharing company’s name? Curious about places using functional programming languages.

                      1. 1

                        Sure, it’s called valora digital. It’s in the retail space, based in Switzerland. We’ll basically build self-serve stores and a bunch of ecommerce.

                    3. 2

                      My sole issue with F# is that dotnet has no support for the ppc64le architecture yet.

                      There is some progress on this front: [1] [2] [3]

                      1. 1

                        You can develop on Linux, Windows, MacOS and without modification it works.

                        AFAIK, F# programs need the .NET runtime being installed. How do you enforce this on the client side? Or is it possible to bundle the runtime with your program?

                        1. 4

                          Publishing your app as self-contained produces an application that includes the .NET Core runtime and libraries, and your application and its dependencies. Users of the application can run it on a machine that doesn’t have the .NET Core runtime installed.

                          https://docs.microsoft.com/en-us/dotnet/core/deploying/

                          1. 3

                            Thanks. Do you know much MBs this adds to an “hello world” application?

                            1. 4

                              A lot, in my experience. A simple program that uses nothing but the standard library will output a binary of about 90mb.

                              1. 1

                                Do you know if there are any efforts in the pipeline to modularize .NET, like JDK 9 did?

                          2. 0

                            And? How is this related to my comment about development?

                          3. 1

                            How good is F# for writing cross-platform GUI apps?

                            1. 2

                              fairly lousy in my experience. i try it every year or two, because it really does sound like a great language for it, and invariably end up giving up after a few days due to running into issues with linux as my development environment. that said, my last attempt was in 2018 so things might be better now; i would personally like to see a working, reasonably-sized gui app somewhere on github that i could use as a reference before trying again.

                              1. 1

                                Good question, I have no idea.

                                1. 1

                                  It’s okayish. Worst case you can use C# for UI which has better tooling. Check out Avalonia which supports Windows, MacOS, and Linux, with Android and iOS coming soon.

                              1. 5

                                What a great style of writing! I loved it, and I didn’t even understand the code.

                                1. 4

                                  Me too. I feel like I am getting all of the experience, not just the conclusion, like I lived through that deployment myself.

                                  1. 1

                                    It managed to provide both context / motivation for each evolution of the code, and some fun levity, while being incredibly concise.

                                    1. 1

                                      😁 I’m glad it entertained! 😔 Oh no, how could I have made the code more clear?

                                      1. 1

                                        I’m not the one you’re responding to, but I just assumed they were unfamiliar with Kotlin.

                                        1. 1

                                          Yep, the code was great I’m just not smart enough!

                                      1. 1

                                        ‘fixing’ rust by adding wasm does not seem like a smart idea. Now you just have two complicated problems.

                                        1. 2

                                          What does this comment even mean?

                                          1. 1

                                            It means you think you had one problem, rust being too large … To fix it you make it larger by dragging in the whole wasm ecosystem and making it mandatory. Now instead of just having compilers, you have JIT compilers, which are more complicated.

                                            1. 2

                                              “rust being too large” is about complexity in the language, not the toolchain.

                                              1. 1

                                                So a simpler language with a more complex toolchain is going to be better?

                                                1. 2

                                                  Your personal feelings about WASM are overall irrelevant to the topic of this submission.

                                                  1. 1

                                                    The submission specifically says removing support for anything that is not WASM in order to reduce scope. My comment is attempting to say I think this will have the opposite to the intended effect.

                                                    Consider a C compiler that just emits assembly code directly like https://github.com/rui314/chibicc. I would argue this has a smaller scope than a C compiler that emits WASM which must be passed to a runtime compiler which must then convert the result to assembly.

                                                    Feel free to disagree, but it is relevant to the post.

                                          2. 2

                                            The goal isn’t to fix Rust, it’s to make a language optimized for applications (where, for the sake of speed of development, we can accept some overhead and the compiler or runtime can make more choices about memory) where Rust is optimized for systems (precise control over memory with zero overhead), while carrying over some things about Rust the author sees as useful in both domains.

                                            Efficiently executing WASM is indeed a complicated problem, but it’s a problem for WASM runtime implementers. It’s similar to how many other new languages compile to JVM or CLR bytecode, LLVM IR, or JavaScript: it helps the language implementer(s) focus on what they’re doing new while deferring part of the work to pre-existing projects. Since it’s a lot of work to write a new competitive optimizing compiler these days, targeting a virtual platform like that is a common choice.

                                          1. 4

                                            I’d probably fix the kinda-broken Ord and Eq hierarchies that Rust inherited from Haskell. That would be an easy win.

                                            Simplicity-wise, it would probably make sense to move the decision of reference type vs. value type to the type definition site, and not make it a choice in e. g. method signatures.

                                            Syntactically, getting rid of the distinction between :: and . (by removing ::) and not using <> for generics gives probably the biggest gains there. Also, replacing -> with : in function result type signatures.

                                            Oh, forgot: Drop mandatory semicola – it’s 2020.


                                            Looks like I’ll be collecting lots of flags from Rust fans for this … ;-)

                                            1. 10

                                              Drop mandatory semicola – it’s 2020

                                              Except semicolons in Rust aren’t abritrary, they have semantic meaning. An expression followed by a semicolon behaves differently than one without.

                                              1. 5

                                                Agreed Semantic meaning aside it’s like writing sentences without periods I find it hard to parse “idiomatic” Python / JavaScript code when it doesn’t have any semicolons There are many languages where it’s valid to continue a statement/expression after newlines The semicolons guarantee that “this statement doesn’t continue past here, and you can stop reading” When I have to write code in semicolon-free style I always find myself wishing for a way for my IDE to insert “phantom” semicolons wherever they are valid.

                                                1. 1

                                                  I agree (and great illustration of your point!). I remember feeling a little bit disappointed when I learned that Swift allows semicolons at the ends of lines, but they’re not idiomatic :/

                                                  1. 1

                                                    When I have to write code in semicolon-free style I always find myself wishing for a way for my IDE to insert “phantom” semicolons wherever they are valid.

                                                    Yeah, that’s exactly what I’d expect from a modern IDE. I mean that’s what niche IDEs for niche languages already managed to do in the 2010s.

                                                    But that’s only possible if the placement of semicolons does not carry semantic meaning.

                                                  2. 3

                                                    Kotlin manages to handle this correctly though, doesn’t it?

                                                    1. 3

                                                      Kotlin and Swift both do. It’s a matter of defining your grammar carefully, unlike Javascript.

                                                    2. 3

                                                      Not only that, I don’t want to have to keep all the various edge cases and conditions for semicolon removal insertion in my head while I’m reading or writing code.

                                                      1. 3

                                                        Except semicolons in Rust aren’t abritrary, they have semantic meaning. An expression followed by a semicolon behaves differently than one without.

                                                        Yep. Which is rather ridiculous.

                                                        Thankfully, it’s an idea which almost all other language put promptly on the garbage pile of design ideas, where it rightfully belongs.

                                                        1. 6

                                                          Initially I thought so too, especially given experience with JS ASI mess, and uselessness of optional semicolons in Golang and Swift. But it’s a completely different thing in Rust, and it works surprisingly well.

                                                          The combination of strict syntax, strong typing, and helpful compiler with auto-fixes ensures that accidentally inserted or forgotten semicolon isn’t a problem.

                                                          Then it works beautifully with the “last expression in a block is the block’s value” rule. It makes the syntax so much more elegant and orthogonal: no need for ternary operators. let val = { block } makes immutable bindings practical.

                                                          CoffeScript tried having something like that, and it was neat when it worked, but CoffeeScript lacked the other ingredients that made it work well in Rust.

                                                          1. 6

                                                            This is a much more eloquent expression of exactly what I had in mind with my original comment. The way semicolons work in Rust means that, rather than being an arbitrary line ending marker that serves as a crutch for the parser, they’re just another piece of syntax that expresses a concept in the language. A semicolon at the end of a line means “this line as a whole should not resolve to a value”, whereas no semicolon means the opposite.

                                                            1. 3

                                                              ; is too nimble for a symbol to carry so much meaning.

                                                              I’d rather have something more visible like () for the uncommon case of discarding values than being “trained” by the language to put ; everywhere and then having to go back and fix the places where it was unintended.

                                                            2. 2

                                                              Maybe taking the absolute worst implementation of semicolon inference is a bad idea to base a general judgement on.

                                                              Semicolon inference works and any language that forces me to write them manually has to have a lot going for it elsewhere for me to look over this design mistake.

                                                              1. 1

                                                                Semicolons are useful for oneliners; that’s it.

                                                            3. 2

                                                              “almost all other languages” don’t have proper expression blocks, outside the functional ones. The ; in rust makes a lot of sense if you realize it’s a separator, not a terminator. a; b is just evaluating a, discards its results, and evaluates the same as b. OCaml does the exact same thing. You’re allowed to write { … a; } as a shortcut for { …; a; () } but that’s just sugar.

                                                              1. 2

                                                                Having an expression-oriented language does not require semicolons.

                                                                1. 2

                                                                  I never said that. I said it made sense to consider ; as a separator in an expression language, in which blocks can (and often do) return values. It’s the case in at least Rust and OCaml, and works perfectly fine.

                                                          2. 3

                                                            What problems do you have with Ord and Eq? If it’s about how they work with floats, I for one appreciate how that works, due to the number of times I’ve caught folks using equality testing on floats in unit tests.

                                                            1. 1

                                                              What problems do you have with Ord and Eq? If it’s about how they work with floats […]

                                                              I prefer designs where collection operations work reliably, regardless of the type of the values I put into them.

                                                              So not this:

                                                              Scala:    List(Double.NaN).contains(Double.NaN)     // false
                                                              Rust:     &[0.0/0.0].contains(0.0/0.0)              // false
                                                              Haskell:  elem (0.0/0.0) [0.0/0.0]                  // false
                                                              

                                                              It’s easy to get right, and there is little excuse to get it wrong for languages designed in the 21st century.

                                                              […] I for one appreciate how that works, due to the number of times I’ve caught folks using equality testing on floats in unit tests.

                                                              Not sure what’s the connection here, could you expand?

                                                              1. 2

                                                                Ah, so you’d prefer that collection operations depend on Eq instead of PartialEq?

                                                                This is one of those things where 50% of the people expect it to work one way, and 50% expect the other. If you enforce correctness with Eq, then people will complain about the lengths they have to go through to check that there’s not a NaN somewhere. If you allow flexibility with PartialEq, then you get the confusing behavior your illustrated.

                                                                This is why I push back against the “principle of least astonishment”. And it’s why there’s no such thing as languages “getting [this] wrong”.


                                                                I assumed you disliked the separation between PartialEq and Eq, whereas I like having the distinction. So I wanted to provide a real-world use case where too many people fall back on strict equality checking on floats, instead of doing a comparison with an acceptable range. But it appears you do like the distinction. And not only that, rust’s == works on PartialEq, when I thought it was based on Eq. Whoops.

                                                                1. 2

                                                                  No, the problem is the way Haskell and Rust put partial and total orderings into a hierarchy, probably enticed by the extremely poor naming choices they made along with that.

                                                                  Instead of Rust’s/Haskell’s approach, have two different kind of traits/typeclasses that are completely separate.

                                                                  I named them Identity and Equality. Then you can provide two different methods that offer both suggested behaviors in the case of “is x in thing”?.

                                                                  1. 1

                                                                    Ah, I like that solution.

                                                                    1. 1

                                                                      If you are interested, here is an article series on this topic, and here is an example implementation of the concept.

                                                          1. 17

                                                            Rust has some nice quality-of-life improvements that make up for the toil of memory management. Even when I don’t strictly need a systems programming language, I still use Rust, because I like sum types, pattern matching, foolproof resource cleanup, and everything-is-an-expression so much.

                                                            So for glue code in GUI apps or CRUD webapps I’d love some Rustified TypeScript, Rustscript on the Golang runtime, or a Rust/Swift hybrid.

                                                            1. 10

                                                              Pretty much all of the ‘quality-of-life improvements’ you mention came to rust by way of ocaml, and are also present in other functional languages like haskell and scala. For webapps, try purescript or possibly elm.

                                                              1. 5

                                                                ocaml won’t be a “higher level rust” until multicore ocaml has matured.

                                                                1. 3

                                                                  To any other readers: I wouldn’t ignore the language based solely on this, especially since multicore parallelism wasn’t one of the criteria in the top comment. Lwt and async give you concurrency if you want it.

                                                                2. 5

                                                                  Pedantic nitpicking: resource cleanup (RAII) is a big one, and it‘s from C++. Everything else is indeed from ML.

                                                                  1. 4

                                                                    And traits are from haskell, and single ownership is from cyclone.

                                                                    But a large part of rust was directly inspired by ocaml.

                                                                    1. 5

                                                                      I was specifically referring to the list in the top comment. For fuller list, I would consult the reference.

                                                                      Cyclone doesn’t have single ownership/affine types. It has first-class support for arena-based memory management, which is a weaker form of rust‘s lifetimes, and is a different feature.

                                                                      See http://venge.net/graydon/talks/rust-2012.pdf for list of influences for both ownership and borrowing parts.

                                                                        1. 2

                                                                          I stand corrected, thanks a lot!

                                                                  2. 1

                                                                    Or reasonml since it is a front end for ocaml. Or bucklescript since it is ocaml that targets Javascript.

                                                                    Disclaimer: never used them myself.

                                                                  3. 3

                                                                    Rustified TypeScript

                                                                    I write a lot of TypeScript but have only written a few hundred lines of Rust. I’m curious, which features of Rust do you miss when using TypeScript? The obvious one is traits, but I’m curious if there’s anything else.

                                                                    1. 5

                                                                      Not the person you replied to, but true sum types, especially Option. It’s much cleaner than undefined, even with all of the nice chaining operators. And not having to worry about exceptions thanks to Result.

                                                                      1. 3

                                                                        Ah, I see your point. TypeScript discriminated unions are used frequently to overcome this limitation, but I agree it would be preferable to have proper sum types with pattern-matching.

                                                                        type Square {
                                                                            type: "square";
                                                                            width: number;
                                                                            height: number;
                                                                        }
                                                                        
                                                                        type Circle {
                                                                            type: "circle";
                                                                            radius: number;
                                                                        }
                                                                        
                                                                        type Shape = Square | Circle;
                                                                        
                                                                        1. 2

                                                                          Oh god I miss TypeScript’s sum types so much when I’m writing Rust. When I context switch back to Rust after writing some TypeScript I with I could do

                                                                          type Foo = Bar | Baz;
                                                                          

                                                                          Eventually I get over it but I find TypeScript so much nicer for describing the types of my programs.

                                                                          1. 3

                                                                            Oh yes. I wish TypeScript had more Rust, but I also wish Rust had row-level polymorphism.

                                                                            1. 2

                                                                              Maybe someday https://github.com/tc39/proposal-pattern-matching will happen. That will be a great day.

                                                                            2. 1

                                                                              Yes, you can relax a function that returns Foo | undefined to return Foo only, but in most “maybe” systems you can’t return a naked Foo without the Maybe<Foo> box

                                                                              1. 1

                                                                                same here, but on the other hand, those cool union types without pattern matching makes the call site uglier, and almost removes the nicety of the union type declaration

                                                                          2. 1

                                                                            In that Rust/Swift hybrid, what parts of Rust would you want added to Swift to make the hybrid? I read this article thinking Swift wouldn’t be a bad start.

                                                                            1. 6

                                                                              In Swift I miss “everything is an expression”. I have mixed feelings about Swift’s special-casing of nullability and exceptions. Terser syntax is nice, but OTOH it’s more magical and less flexible/generalizable than Rust’s enums. Swift inherited from ObjC multiple different ways of handling errors (boolean, **NSError, exceptions) — that’d be an obvious candidate for unification if it could start from scratch.

                                                                              And if it was a “smaller Swift”, then I’d prefer a mark-and-sweep GC. With memory management Swift is neither here nor there: you need to be careful about reference cycles and understand lifetimes for bridging with FFI, but it doesn’t have a borrow checker to help.

                                                                          1. 5

                                                                            I would target WASM, and only WASM, for this language.

                                                                            I was onboard until I got here. I didn’t want a Web Browser to be an application requirement when Electron did it, and I don’t want it now.

                                                                            1. 9

                                                                              You don’t need a web browser to use WebAssembly as a virtual machine though

                                                                              1. 3

                                                                                Are you talking about feeding a WASM blob into Node or something? Does a “JRE” exist for WASM? If so I would be interested in that. I just assumed a browser was required.

                                                                                1. 6

                                                                                  There’s a few implementations out there. Here are two that I know of:

                                                                                  https://wasmtime.dev/

                                                                                  https://wasmer.io/

                                                                                  Here’s a fun thought: if you have a program that wants to allow scripting, what if it embedded a wasm runtime, and hooked up the WASI bindings for the script integration points? Then instead of dictating a single language, you can allow scripting from any language that can compile to WASM.

                                                                                    1. 2

                                                                                      Looks like golang support for wasm is only for tinygo - with the runtime (the “libc”) only available as a Javascript implementation?

                                                                                      At any rate, yet another option would be: https://github.com/bytecodealliance/wasm-micro-runtime

                                                                                      But I expect it would fail in the same way (for golang).

                                                                                      Ed: i guess the canonical “not web browser” wasm runtime/vm for go is node:

                                                                                      https://github.com/golang/go/wiki/WebAssembly#executing-webassembly-with-node-js

                                                                                      Ed2: but should also work with deno, which provides some sandboxing: https://dev.to/taterbase/running-a-go-program-in-deno-via-wasm-2l08

                                                                                      1. 2

                                                                                        Looks like golang upstream is considering wasi (ed: https://wasi.dev/) support:

                                                                                        https://github.com/golang/go/issues/31105

                                                                                        There’s also this: https://github.com/go-wasm-adapter/go-wasm/issues/5

                                                                                        Found via: https://github.com/wasmerio/wasmer-go/pull/95

                                                                                        And: https://github.com/wasmerio/wasmer-go/issues/18

                                                                                        (also see my sibling comment)

                                                                                        1. 2

                                                                                          WASM is sandboxed to maximally hermetic paranoid level. It doesn’t support any communication with the outside world, except callbacks exposed by the interpreter. You can’t write WASM for your operating system. There is an emerging abstraction layer called WASI, which is like a very basic tiny abstract operating system.

                                                                                          In practice that means you can’t use use your language’s standard library, not even printf, unless it’s been rewritten for the WASI “operating system”.

                                                                                          1. 1

                                                                                            Thanks. That was exactly my reservation about using WASM, and you confirmed it. Thats the same reason I dont use JavaScript, because my understanding is the language specification itself has those same limitations. It is only the runtimes (Node, Deno) that have developed workarounds for file system access, but I think those are still not defined in the spec.

                                                                                            So for Cadey or whoever to say that a browser is not required for WASM - yeah, thats technically true, but it still doesnt solve the problem of WASM programs being crippled in what they can do versus a language like Go or Rust.

                                                                                            1. 4

                                                                                              WASM shouldn’t be any different than Lua in this regard. Theoretically nothing stops you from adding an escape hatch to your WASM interpreter, like ability to make an arbitrary syscall or FFI call.

                                                                                              If it hasn’t been done already, it’s probably only because WASM created a niche for itself among people who want the sandboxing (e.g. running untrusted code on a CDN edge, or portable plugins for programs).

                                                                                            2. 1

                                                                                              You can’t write WASM for your operating system.

                                                                                              https://github.com/wasmerio/kernel-wasm

                                                                                              I realize this is somewhat beside what you probably meant - but one possible benefit of a sandboxed spec is that things can run sort of safely in ring 0.

                                                                                          2. 2

                                                                                            Other good ones: life and lucet

                                                                                          3. 1

                                                                                            I’ve actually had multiple projects to do that and even did a talk on it.

                                                                                      1. 4

                                                                                        I have never understood the complaint of “yes/no are true/false is surprising!”. Do people not learn the tools they use before they use them?

                                                                                        1. 29

                                                                                          No? People don’t read the words you put in front of them, why would you expect someone using yaml for the first time to write a country code to know that “no” is one of the accepted booleans

                                                                                          There’s so many rules of yaml, it was impossible to read all of them concisely for years

                                                                                          1. 5

                                                                                            “I’m writing Python|Java|JavaScript|Go|InsertLangHere, I know my job. Why do I need to learn YAML first, it’s just like JSON”

                                                                                            1. 20

                                                                                              That’s just a snarky way of admitting it was a confusing mistake to make “yes” and “no” booleans. It was confusing enough that YAML 1.2 backtracked and booleans are now just “true” or “false”: https://yaml.org/spec/1.2/spec.html#id2803629

                                                                                              I also just generally disagree with the idea that everybody should learn every detail about every tool they use. Especially ridiculous for YAML when it claims to be a “human friendly data serialization standard”. Sorry, but having to memorize a 100 page spec first or getting bit by confusing, counterintuitive errors isn’t “human friendly”.

                                                                                              1. 3

                                                                                                People want a JSON replacement, but the YAML spec is as big as the XML spec.

                                                                                                They are not prepared to spend that much effort on it, rightfully so in my opinion.

                                                                                              2. 1

                                                                                                I’m just confused why “people don’t read the words you put in front of them” leads to an indictment of YAML, and not the people who refuse to read.

                                                                                                1. 8

                                                                                                  Because, in practice, people not reading (or remembering) stuff is an unavoidable property of the environment in which technologies like YAML must operate.

                                                                                                2. 1

                                                                                                  s/No/false

                                                                                                3. 9

                                                                                                  Sure, most people do. But then a year later, somebody (who’s not thinking about quirks of YAML) comes along and sees the country code list, adds a couple of entries, and somewhere else completely disconnected there’s an explosion because there’s a false in their list of strings, and the error message will almost certainly have nothing at all to do with “you need to quote ‘no’ in your yaml config”.

                                                                                                  1. 7

                                                                                                    Do people not learn the tools they use before they use them?

                                                                                                    Good designs are intuitive and can be used without a lot of understanding.
                                                                                                    Users should fall into the pit of success; it should be easy to succeed and hard for them to fail.
                                                                                                    If a technology requires a lot of study there are a few possible explanations:

                                                                                                    • It uses a completely different model, e.g. APL, Prolog, or Haskell.
                                                                                                    • The domain is essentially complex.
                                                                                                    • The design has some rough edges.
                                                                                                      Every design has a few issues but they shouldn’t be a regular occurrence.

                                                                                                    I’d say YAML falls into the last category.

                                                                                                    1. 3

                                                                                                      What would be the best document to learn YAML? Something more thorough than a tutorial but less comprehensive than a spec?

                                                                                                      1. 3

                                                                                                        https://learnxinyminutes.com/docs/yaml/

                                                                                                        Edit: Hmm, it doesn’t point out the yes/no thing. Disappointing.

                                                                                                    1. 10

                                                                                                      I am a firm believer that all tech tools need a cute mascot. I’m glad this meets that standard.

                                                                                                      1. 1

                                                                                                        I hadn’t heard of std::exchange before now, but it scratches an itch I’ve had in other languages.

                                                                                                        I’ve been tempted to do something like this:

                                                                                                        class SomeContainer<T>(var something: T) {
                                                                                                            fun exchange(modifier: (T) -> T): T {
                                                                                                                try {
                                                                                                                   return something
                                                                                                                } finally {
                                                                                                                    something = modifier(something)
                                                                                                                }
                                                                                                            }
                                                                                                        }
                                                                                                        

                                                                                                        But I never have because I know it’s confusing.

                                                                                                        1. 5

                                                                                                          I’m a big fan of the shared language of “MuSCoW” (pronounced Moscow typically).

                                                                                                          In order of decreasing priority, you decide what you Must, what you Should, what you Could, and what you Won’t.

                                                                                                          I’ve only seen it used in discussions relating to time-bound planning, so you could attach an implicit “… right now” to each of those.

                                                                                                          1. 2

                                                                                                            Thanks for the pointer. Now I found a paper about buffered Moscow, which sounds useful: https://mse.isri.cmu.edu/facstaff/faculty1/faculty-publications/miranda/mirandabufferedmoscowrules.pdf

                                                                                                          1. 4

                                                                                                            Non-privileged ports can still be restricted to root via SELinux.

                                                                                                            No, I can’t tell you how.

                                                                                                            1. 16

                                                                                                              Not sure who told the author of this piece that security by obscurity is bad, but what I have always heard is that security through obscurity is simply not to be relied upon. It’s not that you shouldn’t do it, but you should assume it will be defeated.

                                                                                                              So if you want to change your SSH port, fine, but don’t leave password authentication enabled and go thinking you’re safe

                                                                                                              1. 5

                                                                                                                “Security by obscurity is bad” is the line that is parroted by many who don’t understand.

                                                                                                                1. 1

                                                                                                                  There seems to be a consensus that “6!x8GWqufk-EL6tv_A4.E” is a stronger password than “letmein”. The only significant difference I see between these passwords is obscurity.

                                                                                                                  I wonder if this can be considered an example of “security by obscurity” that is widely considered neither “bad” nor likely to be defeated?

                                                                                                                  1. 19

                                                                                                                    There’s a long history of distinguishing obscure information like passwords or cryptographic keys from obscure methods like encryption algorithms. The key difference, I think, is that the only purpose of the secret information is to be secret, and you can measure its properties in that respect; that’s not true of code that’s meant to be secret, and competing requirements like “needs to run on someone else’s machine” make obscurity an unreliable crutch in many situations.

                                                                                                                    EDIT: Another key difference is that “obscurity” can be taken as “the information is still present in whatever the adversary can access, it’s just harder to read”, e.g. obfuscated source code in a JavaScript file. That’s also different from a secret like a password, which should be protected by not exposing it at all.

                                                                                                                    Like most maxims, “Security through obscurity is bad” is an oversimplification, but in my opinion it’s a good rule of thumb to be disregarded only when you know what you’re doing.

                                                                                                                    1. 3

                                                                                                                      I think the “security by obscurity is bad” aphorism is quite a bit narrower than the original meaning: security by algorithmic obscurity is bad because one has to presume that a motivated attacker will be able to identify or acquire the algorithm. Therefore, any additional security from algorithmic obscurity is ephemeral, and sacrifices the very real benefit of allowing the cryptographic community to examine the algorithm for weakness (since weaknesses are often non-obvious, especially to the creator). As such, one could say that it’s a corollary to one of Kerchoff’s principles (rephrased by Shannon as simply [assume that] “the enemy knows the system”).

                                                                                                                      The aphorism has been adopted by those lacking the technical knowledge to understand the full meaning and generalized further than it should be.

                                                                                                                      The artificial distinction between “secrecy” (which is necessary to protect the key) and “obscurity” (which is generally used to apply to the system) is most important to understanding the aphorism and unfortunately the distinction appears non-obvious to the layman and leads to confusion.

                                                                                                                      Edit: Ugh, just realized that this is essentially paraphrasing an old Robert Graham blog post: https://blog.erratasec.com/2016/10/cliche-security-through-obscurity-again.html. Also corrected a sentence in which I nonsensically used “security” in place of “obscurity.”

                                                                                                                      1. 2

                                                                                                                        That definition makes sense and clears up something I had been wondering about for a long time. Thanks!

                                                                                                                      2. 3

                                                                                                                        I think to rectify these definitions you need to have an idea of the system under test. The system expects, takes in, comments on the quality of its inputs and is required, when assumptions are satisfied, to produce trusted output.

                                                                                                                        Security by obscurity says that the system is more difficult to break if the adversary doesn’t know what it is. This is generally true, it at least adds research costs to the adversary and may even substantially increase the effort required to make an attack.

                                                                                                                        The general maxim is that security by obscurity should not be relied upon. In other words, you should have confidence that your system is still reliable even in the circumstance where your adversary knows everything about it.

                                                                                                                        So, ultimately, the quality of the password isn’t really about the system. The system could, for instance, choose to reject bad passwords and improve its quality. The adversary knowing about the system now knows not to test a certain subset of weak passwords (no chance of success) but the system is still defensible.

                                                                                                                        1. 2

                                                                                                                          The difference is not only obscurity; it’s (quantifiable) cryptographic strength.

                                                                                                                          Your website uses 256-bit AES, because it’s impossible to brute-force without using more energy than is contained in our solar system. You wouldn’t use 64-bit AES, though. Is the difference that the former algorithm’s key is more obscure?

                                                                                                                          1. 1

                                                                                                                            An obscure system will be understood, and therefore cracked if its only advantage was obscurity. Passphrase-protected crypto systems are not obscure. Their operation is laid open for all to see, including what they do with passwords. If you can go from that to cracking specific cryptexts, that’s a flaw everyone will admit. However, if you must skip the system entirely and beat a passphrase out of someone in order to break the cryptext, that’s no flaw of the system under discussion. It might be a flaw of some larger system, but I believe it is universally acknowledged that, if you’re beating a passphrase out of someone and will only stop when you get the information you’re looking for or you kill the person you’re beating, the person will almost certainly give the passphrase before they die.

                                                                                                                        1. 6

                                                                                                                          I kind of agree with the author, but he used a terrible example. This is the kind of example that gives security through obscurity a bad name. Sure, by running sshd on a different port, you make it a little bit harder for a hacker to find you, but what you’ve actually done is disabled all of the standard UNIX network security stuff that ensures only root can open ports below 1024. Now, anyone with any user access to the box can watch that port and if they notice it’s not responding, they can start up an ssh daemon of their own that can do all kinds of nefarious things.

                                                                                                                          Congratulations! By running sshd on an untrusted port and using “Security through obscurity”, you’ve just made your server less secure.

                                                                                                                          1. 3

                                                                                                                            What might be better would be running it on 22, but using some firewall trickery to protect 22 and just point like, port 42069 to your port 22 sshd. Best of both worlds.

                                                                                                                            1. 1

                                                                                                                              Yep, or run it on port 222, or 1022, or redirect it at your firewall, there are a number of ways to reduce the log spam that is produced by running sshd on port 22. I’m sure there are valid ways of enhancing your security through making it harder for a random person to find your service (though I can’t think of any off the top of my head), but this is not one of them.

                                                                                                                            2. 1

                                                                                                                              You can reserve that port for root running sshd via SELinux.

                                                                                                                            1. 12

                                                                                                                              friendlysock, for the amount that i see you complain about keeping lobste.rs purely technical, and not including other things, it seems like this submission might show that that’s not your primary concern there. is there a good reason you linked to this page (with no technical content and autoplaying audio), rather that, say, the github repo?

                                                                                                                              1. 9

                                                                                                                                It’s art and is whimsical, and it links directly to its source, which has kind of a neat minimalist way of handling things like animation.

                                                                                                                                You might have missed the Github link in the menu. :)

                                                                                                                                1. 6

                                                                                                                                  my understanding is that the usual sort of protocol for this sort of thing is to link directly to source code, rather than the product itself.

                                                                                                                                  would you consider whimsical art generally on topic for lobste.rs?

                                                                                                                                  1. 8

                                                                                                                                    We have a tag for art, and this is art that relies on computers to draw and has source. If it fails to spark sufficient joy it gets flagkilled.

                                                                                                                                    I don’t feel that art is really the cancerous plague that marketing or politics can be…if you feel so moved, start a meta thread. :)

                                                                                                                                    1. 5

                                                                                                                                      Every time someone links directly to source code, there’s comments complaining that they don’t understand what something is.

                                                                                                                                1. 4

                                                                                                                                  I am sorry, but if you still do not know about multi-byte characters in 2020, you should really not be writing software. The 1990ies have long passed in which you could assume 1 byte == 1 char.

                                                                                                                                  1. 28

                                                                                                                                    https://jvns.ca/blog/2017/04/27/no-feigning-surprise/

                                                                                                                                    Nobody was born knowing about multi-byte characters. There’s always new people just learning about it, and probably lots of programmers that never got the memo.

                                                                                                                                    1. 5

                                                                                                                                      The famous joel article on unicode is almost old enough to vote in most countries (17 years). There is really no excuse to be oblivious to this: https://www.joelonsoftware.com/2003/10/08/the-absolute-minimum-every-software-developer-absolutely-positively-must-know-about-unicode-and-character-sets-no-excuses/

                                                                                                                                      This is esp. problematic if you read the last paragraph where the author gives encryption/decryption as an example. If somebody really is messing with low level crypto apis, they have to know this. There is no excuse. Really.

                                                                                                                                      1. 10

                                                                                                                                        Junior Programmers aren’t born having read a Joel Spolsky blog post. There are, forever, people just being exposed to the idea of multibyte characters for the first time. Particularly if, like a lot of juniors are, they’re steered towards something like the K&R C book as a “good” learning resource.

                                                                                                                                        Whether or not this blog post in particular is a good introduction to the topic is kind of a side-point. What was being pointed out to you was that everyone in 2020 is supposed to have learned this topic at some point in the past is beyond silly. There are always new learners.

                                                                                                                                        1. 4

                                                                                                                                          You are aware that there are new programmers born every day, right?

                                                                                                                                        2. 4

                                                                                                                                          Right, but this author is purporting to be able to guide others through this stuff. If they haven’t worked with it enough to see the low-hanging edge cases, they should qualify their article with “I just started working on this stuff, I’m not an expert and you shouldn’t take this as a definitive guide.” That’s a standard I apply to myself as well.

                                                                                                                                          1. 2

                                                                                                                                            We should perhaps not expect newcomers to know about encoding issues, but we should expect the tools they (and the rest of us) use to handle it with a minimum of bad surprises.

                                                                                                                                          2. 8

                                                                                                                                            That’s a little harsh, everyone has to learn sometime. I didn’t learn about character encoding on my first day of writing code, it took getting bitten in the ass by multibyte encoding a few times before I got the hang of it.

                                                                                                                                            Here is another good intro to multibyte encoding for anyone who wants to learn more: https://betterexplained.com/articles/unicode/

                                                                                                                                            1. 2

                                                                                                                                              I didn’t learn about character encoding on my first day of writing code, it took getting bitten in the ass by multibyte encoding a few times before I got the hang of it.

                                                                                                                                              Right, but you’re not the one writing and publishing an article that you intend for people to use as a reference for this type of stuff. People are responsible for what they publish, and I hold this author responsible to supply their writing with the caveat that their advice is incomplete, out-of-date, or hobby-level—based, I presume, on limited reading & experience with this stuff in the field.

                                                                                                                                            2. 8

                                                                                                                                              I’m sure that if I knew you well enough, I could find three things you didn’t know that respected developers would say means “you should really not be writing software”.

                                                                                                                                              1. 3

                                                                                                                                                Yes it’s 2020, but also, yes, people still get this wrong. 90% of packages addressed to me mangle my city (Zürich) visibly on the delivery slip, so do many local(!) food delivery services.

                                                                                                                                                Every time I make a payment with Apple Pay, the local(!) App messes up my city name in a notification (the wallet app gets it right).

                                                                                                                                                Every week I’m handling support issues with vendors delivering data to our platform with encoding issues.

                                                                                                                                                Every week somebody in my team comes to me with questions about encoding issues (even though by now they should know better)

                                                                                                                                                This is a hard problem. This is also a surprising problem (after all „it’s just strings“).

                                                                                                                                                It’s good when people learn about this. It’s good when they communicate about this. The more people write about this, the more will get it right in the future.

                                                                                                                                                We are SO far removed from these issues being consistently solved all throughout

                                                                                                                                                1. 2

                                                                                                                                                  I know all that. My first name has an accented character in it. I get broken emails all the time. That still does NOT make it okay. People that write software have to know some fundamental things and character encodings is one of them. I consider it as fundamental as understanding how floats work in a computer and that they are not precise and what problems that causes.

                                                                                                                                                  The article being discussed is not good and factually wrong in a few places. It is also not written in a style that makes it sound like somebody is documenting their learnings. It is written as stating facts. The tone makes a big difference.

                                                                                                                                                2. 2

                                                                                                                                                  There’s a difference between knowing there’s a difference, which I suspect is reasonably common knowledge, and knowing what the difference is.

                                                                                                                                                  1. 2

                                                                                                                                                    There are very few things that every software developer needs to know–fewer than most lists suggest, at least. Multi-byte encodings and unicode have are about as good a candidate as exists for being included in that list.

                                                                                                                                                    However, people come to software through all different paths. There’s no credential or exam you have to pass. Some people just start scripting, or writing mathematical/statistical code, and wander into doing things. Many of them will be capable of doing useful and interesting things, but are missing this very important piece of knowledge.

                                                                                                                                                    What does getting cranky in the comments do to improve that situation? Absolutely nothing.

                                                                                                                                                    1. 3

                                                                                                                                                      There’s no credential or exam you have to pass.

                                                                                                                                                      I think that this is one of the problems with our industry. People with zero proof of knowledge are fuzzing around with things they do not understand. I am not talking about hobbyists here, but about people writing software that is being used by people to run critical infrastructure. There is no other technical profession where that is okay.

                                                                                                                                                      1. 2

                                                                                                                                                        I think our field is big and fast enough that dealing with things we don’t understand don’t yet understand has just become part of the job description.

                                                                                                                                                  1. 2

                                                                                                                                                    The acme editor, but for photo management. I’m still dreaming up what it looks like.

                                                                                                                                                    1. 1

                                                                                                                                                      This, the Ergodox, the Kinesis Freestyle– all great.

                                                                                                                                                      But I need one that I can actually travel with (well, once/if travel is a reality again). Can anyone recommend?