1. 10

    It sounds to me that now companies are more afraid of hiring bad candidates than they are excited about the opportunity to hire a great candidate.

    I currently work at a big tech company where I’ve talked to people involved in interviewing, and at some previous jobs at smaller companies I’ve been on the hiring side of the table myself. The dirty secret is that this is actually, literally, 100% true, and that this is also rational for most companies.

    The cost of hiring a bad person is way, way higher than the cost of missing out on a good candidate in almost all cases, because a bad hire can disrupt the work of the good people already working there. A bad enough employee can bring negative value to the company, and firing people is a rough, traumatic event that can lead to reduced morale among everyone involved, not to mention the fact that you then have to put in a bunch of effort to hire a more competent replacement.

    So the tech companies are explicitly aiming to minimize false positives, even at the expense of more false negatives, and that leads to articles like this being written by people that suffer as a result of it.

    1. 3

      This is so true and I am pretty surprised at how few articles like this one mention it. It is especially puzzling to me because it suggests that people haven’t been involved in the hiring process at past jobs. At literally every place I’ve worked in the 30+ years I’ve been a professional software developer, both big companies and small, I’ve interviewed people, but given the frequency of “interviewing is broken and I know everything about the hiring process because I’m a candidate” articles it seems like there must be places out there where you can work for years and never learn what it’s like on the other side of the table.

      I remember one candidate a couple years back who, when we asked if he had feedback on our interview process (which we often ask, whether candidates get an offer or not), said something like, “If you were faster at firing people, you wouldn’t have to be this careful about hiring them.” Which, if we hadn’t already known it, would have told us this was a super inexperienced candidate who (a) had never had the pleasure of being on a team with a bad hire who was a huge drag on the team, (b) didn’t appreciate the cost of getting to the point where you even know you want to fire someone, and (c) didn’t know much about what the process for firing someone looks like, and why it looks the way it does.

    1. 10

      @ddevault Would it be possible to get a clear “Terms of Service” clarifying these sorts of use cases? 1.1 Gb seems like an excessive file size, but having a crystal clear & mutually agreed upon set of rules for platform use is essential for trust (more so for a paid service), and right now users don’t know what does and does not constitute as a reasonable use of the service .

      1. 37

        No, they’re intentionally vague so that we can exercise discretion. There are some large repositories which we overlook, such as Linux trees, pkgsrc, nixpkgs, even mozbase is overlooked despite being huge and expensive to host.

        In this guy’s case, he had uploaded gigabytes of high-resolution personal photos (>1.1 Gb - it takes up more space and CPU time on our server than on your workstation because we generate clonebundles for large repos). It was the second largest repository on all of SourceHut. SourceHut is a code forge, not Instagram.

        1. 40

          No, they’re intentionally vague so that we can exercise discretion.

          I like to call this “mystery meat TOS”. You never know what you’ll get until you take a bite!

          1. 24

            I mean, honestly, a small fraction of our users hit problems. I’ve had to talk to <10 people, and this guy is the only one who felt slighted. It’s an alpha-quality service, maybe it’ll be easier to publish objective limits once things settle down and the limitations are well defined. On the whole, I think more users benefit from having a human being making judgement calls in the process than not, because usually we err on the side of letting things slide.

            Generally we also are less strict on paid accounts, but the conversation with this guy got hostile quick so there wasn’t really an opportunity to exercise discretion in his case.

            1. 30

              the conversation with this guy got hostile quick

              Here’s the conversation, for folks who want to know what “the conversation got hostile” means to Source Hut: https://paste.stevelosh.com/18ddf23cb15679ac1ddca458b4f26c48b6a53f11

              1. 31

                i’m not a native speaker, but have the feeling that you got defensive quickly:

                Okay. I guess I assumed a single 1.1 gigabyte repository wouldn’t be an unreasonable use of a $100/year service. I certainly didn’t see any mention of a ban on large binary files during the sign up or billing process, but I admit I may have missed it. I’ve deleted the repository. Feel free to delete any backups you’ve made of it to reclaim the space, I’ve backed it up myself.

                it’s a pay-what-you-like alpha service, not backed by venture capital. you got a rather friendly mail, noticing you that you please shouldn’t put large files into hg, not requesting that you delete it immediately.

                ddevaults reply was explaining the reasoning, not knowing that you are a mercurial contributor:

                Hg was not designed to store large blobs, and it puts an unreasonable strain on our servers that most users don’t burden us with. I’m sorry, but hg is not suitable for large blobs. Neither is git. It’s just not the right place to put these kinds of files.

                i’m not sure i’d label this as condescending. again I’m no native speaker, so maybe i’m missing nuances.

                after that you’ve cancelled your account.

                1. 13

                  As a native speaker, your analysis aligns with how I interpreted it.

                  1. 9

                    Native speaker here, I actually felt the conversation was fairly polite right up until the very end (Steve’s last message).

                  2. 27

                    On the whole, I think more users benefit from having a human being making judgement calls in the process than not, because usually we err on the side of letting things slide.

                    Judgement calls are great if you have a documented soft limit (X GB max repo size / Y MB max inner repo file size) and say “contact me about limit increases”. Your customers can decide ahead of time if they will meet the criteria, and you get the wiggle room you are interested in.

                    Judgement calls suck if they allow users to successfully use your platform until you decide it isn’t proper/valid.

                    1. 12

                      That’s a fair compromise, and I’ll eventually have something like this. But it’s important to remember that SourceHut is an alpha service. I don’t think these kinds of details are a reasonable expectation to place on the service at this point. Right now we just have to monitor things and try to preempt any issues that come up. This informal process also helps to identify good limits for formalizing later. But, even then, it’ll still be important that we have an escape hatch to deal with outliers - the following is already in our terms of use:

                      You must not deliberately use the services for the purpose of:

                      • impacting service availability for other users

                      It’s important that we make sure that any single user isn’t affecting service availability for everyone else.

                      Edit: did a brief survey of competitor’s terms of service. They’re all equally vague, presumably for the same reasons


                      [under no circumstances will you] use our servers for any form of excessive automated bulk activity (for example, spamming or cryptocurrency mining), to place undue burden on our servers through automated means, or to relay any form of unsolicited advertising or solicitation through our servers, such as get-rich-quick schemes;

                      The Service’s bandwidth limitations vary based on the features you use. If we determine your bandwidth usage to be significantly excessive in relation to other users of similar features, we reserve the right to suspend your Account, throttle your file hosting, or otherwise limit your activity until you can reduce your bandwidth consumption


                      [you agree not to use] your account in a way that is harmful to others [such as] taxing resources with activities such as cryptocurrency mining.

                      At best they give examples, but always leave it open-ended. It would be irresponsible not to.

                      1. 17

                        The terms of service pages don’t mention the limits, but the limits are documented elsewhere.


                        We recommend repositories be kept under 1GB each. Repositories have a hard limit of 100GB. If you reach 75GB you’ll receive a warning from Git in your terminal when you push. This limit is easy to stay within if large files are kept out of the repository. If your repository exceeds 1GB, you might receive a polite email from GitHub Support requesting that you reduce the size of the repository to bring it back down.

                        In addition, we place a strict limit of files exceeding 100 MB in size. For more information, see “Working with large files.”

                        GitLab (unfortunately all I can find is a blog post):

                        we’ve permanently raised our storage limit per repository on GitLab.com from 5GB to 10GB


                        The repository size limit is 2GB for all plans, Free, Standard, or Premium.

                        1. 8

                          I see. This would be a nice model for a future SourceHut to implement, but it requries engineering effort and prioritization like everything else. Right now the procedure is:

                          1. High disk use alarm goes off
                          2. Manually do an audit for large repos
                          3. Send emails to their owners if they seem to qualify as excessive use

                          Then discuss the matter with each affected user. If there are no repos which constitute excessive use, then more hardware is provisioned.

                          1. 11

                            Maybe this is something you should put on your TOS/FAQ somewhere.

                        2. 8

                          This informal process also helps to identify good limits for formalizing later.

                          Sounds like you have some already:

                          • Gigabyte-scale repos get special attention
                          • Giant collections of source code, such as personal forks of large projects (Linux source, nix pkgtree) are usually okay
                          • Giant collections of non-source-code are usually not okay, especially binary/media files
                          • These guidelines are subject to judgement calls
                          • These guidelines may be changed or refined in the future

                          All you have to do is say this, then next time someone tries to do this (because there WILL be a next time) you can just point at the docs instead of having to take the time to explain the policy. That’s what the terms of service is for.

                      2. 8

                        Regardless of what this specific user was trying to do, I would exercise caution. There are valid use cases for large files in a code repository. For example: Game development, where you might have large textures, audio files, or 3D models. Or a repository for a static website that contains high-res images, audio, and perhaps video. The use of things like git-lfs as a way to solve these problems is common but not universal.

                        To say something like, “SourceHut is a code forge, not Instagram” is to pretend these use cases are invalid, or don’t exist, or that they’re not “code”, or something.

                        I’ve personally used competing services like GitHub for both the examples above and this whole discussion has completely put me off ever using Sourcehut despite my preference for Mercurial over Git.

                        1. 3

                          I agree that some use-cases like that are valid, but they require special consideration and engineering work that hg.sr.ht hasn’t received yet (namely largefiles, and in git’s case annex or git-lfs). For an alpha-quality service, sometimes we just can’t support those use-cases yet.

                          The instragram comparison doesn’t generalize, in this case this specific repo was just full of a bunch of personal photos, not assets necessary for some software to work. Our systems aren’t well equipped to handle game assets either, but the analogy doesn’t carry over.

                    2. 4

                      I don’t think the way you’re working is impossible to describe, I think it’s just hard and I think most people don’t understand the way you’re doing and building business. This means your clients may have an expectation that you will give a ToS or customer service level that you can not or will not provide

                      To strive towards a fair description that honours how you are actually defining things for yourself and tries to make that more transparent without having to have specific use cases, perhaps there is a direction with wording such as:

                      • To make a sustainable system we expect the distribution of computing resource usage and human work to follow a normal distribution. To preserve quality of service for all clients and to honour the sustainability of the business and wellbeing of our stuff and to attempt to provide a reasonably uniform and undestandable pricing model, we reserve the right to remove outliers who use an unusually large amount of any computing and/or human resource. If a client is identified as using a disproportionate amount of service, we will follow this process: (Describe fair process with notification, opportunity for communication/negotiation, fair time for resolution, clear actions if resolution is met or not).
                      • This system is provided for the purposes of XYZ and in order to be able to design/optimise/support this system well we expect all users to use it predominatly for this purpose. It may be the case that using our system for other things is possible, however in the case we detect this we reserve the right to (cancel service) to ensure that we do not arrive at a situation where an established client is using our service for another prupose which may perform poorly for them in the future because it is not supported, or may become disproportionately hard for us to provide computing resource or human time for because it is not part of XYZ. This will be decided at our discretion and the process we will follow if we identify a case like this is (1,2,3)
                      1. 1

                        No, they’re intentionally vague so that we can exercise discretion.

                        Funny way to say “so I can do whatever I want without having to explain myself”

                        1. 14

                          I think that’s unfair. He did in fact explain himself to the customer and it was the customer who decided to cancel the service. I’d agree if the data was deleted without sufficient warning, but that is not the case here.

                        2. 1

                          Would it be possible to get a clear “Terms of Service” clarifying these sorts of use cases?

                          No, they’re intentionally vague so that we can exercise discretion. There

                          May I suggest, perhaps: “ToS: regular repositories have a maximum file size X and repository size Y. We provide extra space to some projects that we consider important.”

                      1. 1

                        TIL there’s an F24 key code.

                        1. 1

                          What, your keyboard doesn’t look like this?!

                        1. 7

                          From the “Your Last Computer” page:

                          Imagine that you can login from anywhere with one simple, memorable name and password. And when you do, an entire OS appears for you. Inside is your whole digital life. Every conversation you’ve ever had, all your biometric data — every step and heartbeat. Your personal mesh of devices: your doors, your car, your irrigation. All of your communities, every message you’ve shared with friends and family. Every connection you’ve made and every archival piece of data, in one place. Secure and private, forever.

                          Wow, no. Hell to the no.

                          (Am I understanding correctly that this vast quantity of sensitive information would be stored in a public blockchain, protected only by non-quantum-safe encryption?)

                          ETA: Also, from https://urbit.org/understanding-urbit/urbit-id/ it looks like they support only 4 billion Urbit IDs, which is already fewer than the number of people on the planet.

                          1. 23

                            To me it’s clear that the last 3 billion to sign up are considered non-people by the design of the system. They don’t deserve to participate as equals - they must act as servants or sharecroppers to the 4 billion “planet” addresses for access to Urbit.

                            Urbit seeks to stratify it’s users into classes. This document by founder Curtis Yarvin describes the system as “digital feudalism.” https://github.com/cgyarvin/urbit/blob/6ac688960687aa9c89d4da6fff49a3125c10aca1/Spec/urbit/3-intro.txt

                            The founder Curtis Yarvin wrote a “philosophy” blog for a while that describes his viewpoint as “neo-monarchism”.

                            I looked for a summary of this context and found this Verge article from 2017: https://www.theverge.com/2017/2/21/14671978/alt-right-mencius-moldbug-urbit-curtis-yarvin-tlon

                            1. 6

                              Currently the feudal lords of the internet are Zuck, Dorsey, etc. Urbit’s aim is to move users’ data from centralized servers at Facebook/Twitter datacenters into somewhere you personally control. The network governance is modeled after a republic, so it’s actually an improvement from what we have currently. And Yarvin is no longer part of the project, any of his philosophy has been stripped from Urbit (if it was ever there to begin with).

                              1. 9

                                I would assume, though, that Yarvin must be a Galaxy owner, giving him explicit power over what gets built and who gets added to the Urbit network.

                                The whole situation with Galaxies in general is problematic: it seems like they’re designed to lock in power over the network to 256 people, and there is no sanctioned way to transfer that power if the ruler does not want to give up their key. This is what people mean by “baking in” his philosophy into the design of Urbit.

                                1. 2

                                  Galaxies can change hands like any other cryptographic asset. It just hasn’t been tried yet (afaik). Galaxies have power like ISPs have power, that doesn’t stop you from switching ISPs or running stuff on your own computer.

                                  1. 8

                                    Yes, and most people dislike their ISP.

                                    More importantly, though, it’s not like there’s any hard reason you can’t have more ISPs. The internet is built to accommodate any number of them, it’s only the fact that it’s expensive that’s preventing competition.

                                    Same with social networks today: there’s not much reason you can’t operate your own, and many people do, through Mastodon and the like. It’s only market forces that keep people on the small number of dominant networks.

                                    Meanwhile in Urbit, it’s specifically designed such that a limited group of 256 people have dominion over everyone in the system. This group of people cannot be removed or competed against within the bounds of the system unless you convince them to sell their assets.

                                    For a system that’s aiming to replace all computing, that’s a scary prospect.

                                    And that’s only assuming that only one person will own each galaxy: we could easily see power consolidation via existing galaxy owners buying other galaxies.

                                    Much as this page is getting high and mighty about the MEGACORP, I don’t see it as a preferable alternative.

                                    1. 1

                                      Very fair.

                                      Except: are there 256 ISPs? I mean, nominally is one thing. Practically?

                                      (I don’t know the answer to this question.)

                                      1. 3

                                        In any one location, likely no. Across the entire world, though, I wouldn’t be surprised if the number greatly exceeds 256, especially if you count cell phone service providers.

                                        Urbit, in contrast, is intended to be a global system, and has a hard limit of 256 leaders for all people on their system.

                                2. 8

                                  And Yarvin is no longer part of the project, any of his philosophy has been stripped from Urbit (if it was ever there to begin with).

                                  The fundamental idea of Urbit (buried under the slick marketing, and the weird esoteric programming language) is digital scarcity - replicating the scarcity of physical land on this planet in cyberspace.[1] Once the system is up and running, those that control the land can extract rents, or exclude those under them from occupying land they control, or entering strategic partnerships with other land owners… this is where Yarvin/Moldbug’s ideals of “digital feudalism” are expressed.

                                  “Normal” ideals of cyberspace assume that scarcity has no place there - stuff like information and software can be replicated endlessly at very little marginal cost. Urbit explicitely rejects this.

                                  Now, I don’t have a problem with this concept intellectually. People have different ideals and projects for the future of digital governance. But hackers interested in contributing to Urbit should understand the trade-offs they would be making, as opposed to contributing to a more “mainstream” project.

                                  [1] this is anologous to Bitcoin being considered “digital gold”.

                                  1. 2

                                    So you must also be against ICANN and their limited TLD designations? And against Twitter/Facebook for limiting users (shadow banning)?

                                    1. 2

                                      Where in my comment did I say anything that made you assume I hold the opinions you ascribe to me?

                                      1. 2

                                        These are also artificially scarce resources

                                        1. 2

                                          ICANN is insufficiently regulated and holds an artificial monopoly. There’s no technical limitation to prevent everyone on earth having their own TLD Edit apparently there is a hard-coded character limit to the TLD. That said, I welcome competition in this space and would like to see ICANN lose its monopoly.

                                          Facebook and Twitter identities are not artificially limited de facto - the services are awash in bots.

                                          And in any case, I stated the following:

                                          […] I don’t have a problem with this concept intellectually. People have different ideals and projects for the future of digital governance.

                                          I just wish that people pushing Urbit would be honest about the project’s ultimate goals.

                                3. 6

                                  The most entertaining read about Curtis Yarvin is Neoreaction a Basilisk, by Elizabeth Sandifer. I found a good review of it, though I read it over a year ago.

                                  1. 1

                                    I backed this on Kickstarter, but I don’t think I’ve actually read it… thanks for the reminder!

                                  2. 3

                                    After seeing everyone start to gush over this for the past couple days I was legitimate wondering if this was the same project as the one I remember being described as ‘digital feudalism’.

                                    This is a plain attempt for a few people to solidify their power over the next iteration of web technologies so I think it is absolutely legitimate to call out their philosophy (which, again some people in this thread are saying isn’t relevant). This is a power structure we can still opt-out of, and I’m inclined to do so.

                                  3. 4

                                    You are misunderstanding. Urbit does not store data on a blockchain. It uses a file system like Unix.

                                    1. 4

                                      So when they say « you can login from anywhere with one simple, memorable name and password », where is the « one place » that data is streaming down from?

                                      1. 1

                                        An Urbit server running wherever you have it running

                                        1. 4

                                          Wait, this implies that if your server is destroyed, you lose data. That’s incorrect, right? Everything in your server (node) is also stored across other nodes, and your node helps store other people’s data, right? Did I get this wrong?

                                          1. 1

                                            Afaik there is no replication currently, but you could certainly create an Urbit app that does the replication across certain machines. It would be a lot easier to make in Urbit than Linux because the network stack is tightly integrated with the rest of the programming environment.

                                          2. 3

                                            That seems like an extremely important thing to have mentioned in the first page or two, floating at least somewhere in all the Glorious Future marketing talk. -.-

                                      2. 2

                                        Regarding the 4B IDs, an ID is analogous to a phone number. There are about 4B active mobile phone numbers, and mobile phones seem to work ok, so it’ll probably work out https://www.statista.com/statistics/274774/forecast-of-mobile-phone-users-worldwide/

                                        1. 4

                                          From the way they talk about all this, it seems like they want it to last for an incredibly long time, they make it sound like they want it to last literally thousands+ years.

                                          Sounds like the 4B limit isn’t really up to the task of lasting thousands of years and becoming an extremely widespread standard for computing.

                                          1. 2

                                            Let’s start with this decade first… increasing the 4B limit will be a good problem to have.

                                      1. 1

                                        There’s a shocking number of people who have their OS language set to English even when it isn’t their first language.

                                        In India, for example, English is the “prestige language”, so people often keep their phones in English despite not being able to speak or read it very well, because of the social consequences.

                                        Other people don’t know how to change their OS’s language settings. Still others prefer a consistent, solid English translation on every website, because they’ve seen enough bad translations done by US-based companies that they don’t trust translations done by US-based companies, or because most tutorials, documentation, and troubleshooting websites are done in English.

                                        So this is Google’s way of pushing people to trust their translation for better usability, even if things are misconfigured accidentally or deliberately. It’s not great, but it’s likely the best choice for them in the current circumstances.

                                        1. 2

                                          Considering the state of Microsoft’s, Apple’s and Google’s Swedish translations I’m happy to keep my phone and computer defaults to (US) English.

                                          Error messages in English are also a lingua franca. Trying to decipher a .Net stacktrace in Russian is not my idea of fun….

                                        1. 6

                                          Agreed wth everyone else: this is way worse.

                                          The previous page failed because it didn’t succinctly explain what Tree Notation for, why it’s useful, nor how it does that job better than existing systems and languages in the field of computing (e.g. S-expressions), instead making vague allusions to how it’s “like binary” and has “no syntax” (which doesn’t appear to be true) or how it was intended to be a universal standard. (For what? I still don’t know.)

                                          This current page takes a huge step backwards. In the previous one, you can at least glean some information from the text. This, here, has no information other than the scribbly, child-like drawings, and a bunch of links that look like they take you to more information but don’t.

                                          1. 2

                                            Great feedback, thanks! Will improve the UX, add more information to each drawing (and I agree, hopefully someone with better artistic ability will find this and volunteer at some point to redo those SVGs in a clear way), and will iterate on the previous page too (now incorporated into the FAQ) to keep improving the text explanations.

                                          1. 1

                                            I didn’t read the whole thing, but I noticed several errors just within the second example. “One or more bs” is wrong, since then it wouldn’t match “aaa”. Asterisk means “zero or more”. “if you replace the regex ab* with x then abba becomes ax.”? No, it would become “xa”. And even just within that paragraph there are several grammatical errors.

                                            My verdict: this really needs an editing pass.

                                            1. 1

                                              Hi Kronopath, thanks for the feedback. I am super embarrassed. I do read my articles many times before sharing, and I just missed this every time. I test all the JS out in JSFiddle, but I just should have done that for all of the standalone regex too. The mistakes you found are now corrected.

                                              1. 1

                                                Glad to hear it, thanks for being responsive and sorry if I came across as grumpy earlier. A big part of why I didn’t read the article was because I already know regexes, so the article is less valuable to me. Seems fine for a newbie once the mistakes were fixed.

                                                1. 2

                                                  No problem, I didn’t take offense. I am glad to have someone point it out so I could fix it. Yep my articles are mostly for newbies. I am new to writing about programming so I am starting off there before I write on more advanced topics.

                                              1. 18

                                                Max 3 collaborators on free private repos.

                                                1. 29

                                                  You have to use GitHub.

                                                  1. 4

                                                    I think it is OK as long as you don’t use their “value add” features like issues and just use it as a git remote.

                                                    Edit: Unlimited free repositories are limited to three collaborators.

                                                    GitHub Free gives you unlimited private repositories with up to three collaborators per repository at no cost—and continued access to unlimited public repositories with unlimited collaborators.

                                                1. 3

                                                  Cool stuff, and I like the idea of spurring discussion about academic papers. But… is it intended for computer science papers? It looks like the vast majority of the submissions are in the field of medicine, minus a few more recent submissions. The two fields are different enough, and have a different enough audience, that I’m skeptical that a single site can usefully serve both.

                                                  At very least you’d have to use some very heavy tag filtering.

                                                  1. 2

                                                    It’s intended for any discipline as long as the community is there. That’s why I started with tags that I thought it can start discussions.

                                                  1. 2

                                                    After reading through to the full PDF, I’m unconvinced that the argument it’s making is a good one.

                                                    The context of this is in automated grading of student code projects. If you went through a CS degree, you know the kind: you’re given a function to implement, and your function is graded against a test suite. The instructors have a reference implementation that was presumably used to develop that test suite, and whose outputs are taken as the ground truth reference output.

                                                    Typically, what instructors do is they try to make really thorough test suites based on the assignment spec, and grade students based on whether or not they pass it. This is what the authors call the “axiomatic” method, and it’s the standard for most automated testing in schools. They seem to argue that it’s too kind to the students and that it lets some students pass when they shouldn’t, an assertion that I already find skeptical. (If you want stricter grading, make more thorough and stricter tests.)

                                                    So they say, “Hey, what if we asked the students to make their own test cases, and then added our students’ test cases to our test set? To see whether the tests are viable, we’ll just compare them to our reference implementation, and if the students’ expected test output agrees with our reference implementation, we’ll grade based on that too!” They called this “AlgSing”.

                                                    The problem, and they acknowledge this in the paper, is that the assignment spec might not be 100% complete, and when it comes to an ambiguous case, just because your reference implementation does something doesn’t mean it’s the only possible correct implementation. For example, if you’re creating a binary search tree from a list of numbers, when you find a duplicate number you can always put it in either the left or the right subtree, and it makes no sense to penalize students for making a different arbitrary choice than you. If you blithely incorporate student tests into your test set, you’ll end up being way overzealous in failing student implementations.

                                                    So what they suggest instead, is that in your reference implementation, every time you encounter an ambiguous case, you do both things, and create multiple different reference implementations. Then you can accept only student test cases where all your reference implementations agree with the expected output. They called this “AlgMult”.

                                                    Except that I don’t think this helps much. You’re still potentially grading students on things that were never in the assignment spec, and all you’ve done is to shift the work from writing thorough test cases to writing a thorough set of reference implementations, which is arguably even more work.

                                                    And all for what? For the sake of grading your students harder? That isn’t even a theoretical concern: they tested this on real student assignments, and on every assignment AlgMult failed an equal or greater number of students. In one case it went from labeling 28% of student assignments as faulty to 57%. Nearly double.

                                                    So I don’t see the value in this. It doesn’t look like it saves work for the instructor, and it could easily still end up with students being penalized for bullshit reasons that you never explicitly communicated. There are better ways to fail students.

                                                    1. 7

                                                      Beautiful. I’m a little sad that this is only a spec and not an implementation.

                                                      1. 5

                                                        Looks like there is one in the works.. https://github.com/wolfgang42/rockstar-js

                                                      1. 1

                                                        Could the causality not be in the opposite direction, i.e. more music leading to lower profits, instead of the other way around?

                                                        1. 3

                                                          That demo song is a pretty bad rendition of the Donkey Kong intro theme; it doesn’t even follow a proper beat. Here’s a much better version:

                                                          [:piano {:tempo 130}
                                                           1/8 :c :c 5/8 :a 1/8 :f :g :f
                                                           3/4 :d 1/8 :d :d 5/8 :a# 1/8 :g :a :g
                                                           3/4 :e 1/8 :e :e 5/8 :+c 1/8 :a :a# :+c
                                                           3/4 :+d 1/8 :f :g 5/8 :a 1/8 :e :f :g 3/4 :f]
                                                          1. 5

                                                            It’s interesting that this article goes on and on about “needless breach notifications”, but never once touches on the privacy implications of such a feature existing.

                                                            Granted, it’s for business email, where the expectation of privacy is much lower, but still.

                                                            1. 1

                                                              Does anyone know what broken.net used to be? Right now it’s oddly enough just a simple website with the word “hello” and nothing else.

                                                              1. 1

                                                                Maybe that’s the entire point. It’s a broken implementation of a web server.

                                                                EDIT: well, after some sleuthing I’ve found that it runs on nginx/1.13.6

                                                                1. 2

                                                                  But the server works fine, spits out a valid page, HTTP 200 and everything. It’s just that the page is nothing more than literally “hello” in plaintext (not even HTML).

                                                                  1. 4

                                                                    I assume that it’s so reliable that when it breaks, probably the network is broken.

                                                              1. 3

                                                                For a good laugh, look here at this PR.

                                                                1. 18

                                                                  It’s both easier and more polite to ignore someone you think is being weird in a harmless way. Pointing and laughing at a person/community is the start of brigading. Lobsters isn’t big enough to be competent at this kind of evil, but it’s still a bad thing to try.

                                                                  1. 6


                                                                    What other project has its lead calmly explaining the difference between horse_ebooks and actual horses to clarify a pull request?

                                                                    1. 3

                                                                      And yet, he manages to offend someone.

                                                                      1. 4

                                                                        Can someone explain the controversy here? I legitimately do not understand. Is the individual claiming to be a computer and a person? Or do they just believe that someday some people will be computers and desire to future-proof the messages (as it alluded to in another comment)?

                                                                        1. 7

                                                                          This person is claiming they think of themselves as a robot, and is insulted at the insinuation that robots are not people.

                                                                          Posts like this remind me of just how strange things can get when you connect most of the people on the planet.

                                                                          1. 6

                                                                            So, I tried contacting the author:


                                                                            Looks like she believes she’s a robot in the transhumanist sense. I thought transhumanists thought they would be robots some day, not that they already are robots now.

                                                                            I tried reading through her toots as she suggested, but it was making me feel unhappy, because she herself seems very unhappy. She seems to be going through personal stuff like breaking up from a bad relationship or something.

                                                                            I still don’t understand what is going on and what exactly does she mean by saying she’s a robot. Whatever the reason, though, mocking her is counterproductive and all around a dick thing to do. Her request in the PR was denied, which I think is reasonable. So “no” was said to something, contrary to what zpojqwfejwfhiunz said elsewhere.

                                                                            1. 6

                                                                              As someone who’s loosely in touch with some of the transhumanist scene, her answer makes no sense and was honestly kind of flippant and rude to you.

                                                                              That said, it sounds like she’s been dealing with a lot of abuse lately from the fact that this Github thread went viral. I’m not surprised, because there are certain people who will jump on any opportunity to mock someone like her in an attempt to score points with people who share their politics. In this case she’s being used as a proxy to discredit the social justice movement, because that’s what she uses to justify her identity.

                                                                              Abuse is never okay and cases like this require some pretty heavy moderation so that they don’t spiral out of control. But they also require a pretty firm hand so that you don’t end up getting pulled into every crazy ideascape that the internet comes up with. If I was the moderator of this GitHub thread, I would have told her, “Whatever it is you’re trying to express when you say ‘I am a robot,’ the Mastodon [BOT] flag is not the right way to do it.” End of discussion, and if anyone comes around to try to harass her, use the moderator powers liberally so as not to veer off-topic.

                                                                              Then you could get into the actual meat of the discussion at hand, which was things like “If I have a bot that reposts my Twitter onto Mastodon, could that really be said to ‘not represent a person’? Maybe another wording would be better.”

                                                                              In the end she’s just a girl who likes to say she’s a robot on the internet. If that bugs you or confuses you, the nicest thing you can do is just take it like that and just ignore her.

                                                                              1. 8

                                                                                I don’t think she was rude to me. She’s just busy with other things and has no obligation to respond to every rando who asks her stuff. I’m thankful she answered me at all. It’s a bit of effort, however slight, to formulate a response for anyone.

                                                                                1. 3

                                                                                  I mean, I can kind of see where you’re coming from, but I’d still argue that starting with “You should develop your software in accordance to my unusual worldview”, followed by flippantly refusing to actually explain that worldview when politely asked, is at least not nice.

                                                                                  Regardless, that might justify a firm hand, but not harassment, because nothing justifies harassment.

                                                                                  1. 2

                                                                                    I see this point of view too. But I’m also just some rando on the internet. She doesn’t owe me anything, If someone needed to hear her reasons, that would have been the Mastodon devs. They handled it in a different way, and I think they handled it well, overall.

                                                                                    1. 1

                                                                                      I’m inclined to agree on that last point, though it’s hard to say for sure given all the deleted comments.

                                                                                      And I do hope she can work through whatever she’s going through.

                                                                              2. 4

                                                                                I don’t know, personally, anyone who identifies as a robot, but I do know a bunch of people who identify as cyborgs. Some of it’s transhumanist stuff – embedding sensors under the skin, that sort of thing. But much of it is reframing of stuff we don’t think of that way: artificial limbs, pacemakers, etc, but also reliance on smartphones, google glass or similar, and other devices.

                                                                                From that standpoint, robot doesn’t seem a stretch at all.

                                                                                That said, I agree that the feature wasn’t intended to be (and shouldn’t be) a badge. But someone did submit a PR to make the wording more neutral and inclusive, and that was accepted (#7507), and I think that’s a positive thing.

                                                                                1. 2

                                                                                  Actually, that rewording even seems clearer to me regardless of whether someone calls themself a robot or not. “Not a person” sounds a bit ambiguous; because you can totally mechanically turk any bot account at any time, or the account could be a mirror of a real person’s tweets or something.

                                                                                2. 1

                                                                                  That’s unfortunate. It’s always difficult to deal with these things. I, too, understood transhumanism to be more of a future thing, but apparently at least some people interpret it differently. Thanks for following up where I was too lazy!

                                                                                3. -6

                                                                                  American ‘snowflake’ phenomenon. The offendee believes that the rest of the world must fully and immediately capitulate to whatever pronoun they decided to apply to themselves that week, and anything other than complete and unquestioning deference is blatant whatever-ism.

                                                                                  1. 16

                                                                                    Person in question is Brazilian, but don’t let easily checked facts get in the way of your narrative.

                                                                                    1. -5

                                                                                      Thanks for the clarification. Ugh, the phenomenon is spreading. I hope it’s not contagious. Should we shut down Madagascar? :-D

                                                                                      1. 3

                                                                                        TBH I think it’s just what happens when you connect a lot of people who speak your language to the internet, and the USA had more people connected than elsewhere.

                                                                                        1. 0

                                                                                          It definitely takes a lot of people to make a world. To paraphrase Garcia, “what a long strange trip it will be”.

                                                                                    2. 3

                                                                                      She says “she” is a fine pronoun for her.

                                                                                4. 1

                                                                                  It’s wonderful. :)

                                                                                5. 3

                                                                                  What is happening there? I can’t tell if this is satire or reality

                                                                                  1. 2

                                                                                    That’s pretty common with Mastodon; there’s an acrid effluence that tinges the air for hours after it leaves the room. That smell’s name? Never saying no to anyone.

                                                                                    1. 12

                                                                                      Seems “never saying no to anyone” has also been happening to lobster’s invite system :(

                                                                                      People here on lobsters used to post links to content they endorse and learn something from and want to share in a positive way. Whatever your motivation was to submit this story, it apparently wasn’t that…

                                                                                      1. 4

                                                                                        The person who shared the “good laugh” has been here twice as long as you have.

                                                                                        1. 1

                                                                                          I’m absolutely not saying you’re wrong, but I’m pretty confident there’s something to be learned here. I may not necessarily know what the lesson is yet, but this is not the first or the last situation of this kind to present itself in software development writ large.

                                                                                  1. 7

                                                                                    So I’m generally in favour of GDPR, but I didn’t know about this requirement:

                                                                                    If you have a business outside of the EU and you collect data on EU citizens, you should assign a representative in one of the member states for your business. This person should handle all issues related to processing. In particular, a local authority should be able to contact this person.

                                                                                    I get where this clause is coming from (it’s hard to enforce laws on people who aren’t in the EU), but this arguably seems like the most difficult part of the law to comply with for small projects, startups, and businesses.

                                                                                    If you even do so much as record IP addresses for traffic monitoring, you’re beholden to GDPR. Many of the other parts of that law (such as having a privacy policy, requiring consent, and allowing for deletion of data on request) are feasible to handle and automate. But this? If I’m reading this right this means that even a small side project or nascent startup hosted in the United States is going to have to hire or contract with someone in the EU for the purposes of satisfying this checkbox.

                                                                                    Am I reading this right?

                                                                                    1. 7

                                                                                      The linked full text of Article 27 does narrow that requirement beyond the general conditions for being subject to GDPR. The narrowing provision is in 2(a).

                                                                                      Rephrased to remove the double-negative and following up references to other articles, my read (as a non-expert, mind you!) is that the mandatory designation of a contact person in the EU only applies if, first of all, your processing of EU citizen data is “on a large scale” (vs. “occasional”), and furthermore includes one of the following three types of sensitive data:

                                                                                      1. “[S]pecial categories of data as referred to in Article 9(1)”. These are defined as “personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership” as well as “the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation”. Article 9 places more stringent requirements on processing this kind of data than the normal GDPR requirements.

                                                                                      2. “[P]ersonal data relating to criminal convictions and offences referred to in Article 10”. Fairly self-explanatory.

                                                                                      3. Data that is otherwise “[likely] to result in a risk to the rights and freedoms of natural persons”. The vaguest of the three, but in context seems likely to mean data that is similar to the kinds of data in #1 and #2. I would guess someone just logging IP addresses wouldn’t fall under this, since the whole provision is about personally sensitive data—stuff along the lines of race, religion, health conditions, criminal convictions, etc.

                                                                                      1. 2

                                                                                        Cool, thanks for the explanation. It’s still a bit vague, but it sounds like this only applies if you’re doing large-scale processing of those more sensitive categories of data, which makes sense.

                                                                                        In general it looks like this was thought through pretty well. Still, I wouldn’t be surprised if you started to see “GDPR contact as a service” companies springing up around Europe in the coming years, for small businesses who accept EU customers but don’t have offices there.

                                                                                    1. 3

                                                                                      I don’t want to stop anyone creating or signing any oath they like, but if I were to sign one with an “honest and moral work” clause then I’d want to be sure that my fellow signers agreed with my view on what comprises moral work.I’m pretty sure that most people here would disagree on which of the following fall under that banner:

                                                                                      • Creating an ad server that uses supercookies
                                                                                      • Building a mashup of airbnb, uber and tinder data
                                                                                      • Writing robocall software for the GOP
                                                                                      • Writing a cryptocoin miner in javascript
                                                                                      • Creating a website to hook Ohmibod users up with patrons
                                                                                      • Writing firmware that misreports emissions data when a car undergoes regulatory testing
                                                                                      • Writing an Android app to teach bump stock modifications
                                                                                      • Adding password decrypt into your service to allow SRE to diagnose user account problems
                                                                                      • Creating a query interface for a database of racial profiles
                                                                                      • Writing a “find my nearest abortion clinic” app
                                                                                      • Employing machine learning during hiring to predict amount of time candidates will take off from work for medical reasons
                                                                                      1. 1

                                                                                        Well said, this is the biggest problem with the oath as it stands. Oaths like these aren’t supposed to just say, “Hey, be Good,” but are supposed to help define what Good looks like. This is especially true when you have a profession like ours where the creation of a software artifact is so far removed from the circumstances in which it might be used.

                                                                                      1. 18

                                                                                        Semi-random side note: Jackson said on twitter that he was really annoyed with this headline: https://twitter.com/ummjackson/status/949313665139802112

                                                                                        1. 3

                                                                                          Thanks. It’s far better to read the original source with all its nuance than to bother with an article that cherry-picks it and presents it as news. This is especially true when the original source is nothing more than three short paragraphs.

                                                                                        1. 30

                                                                                          All of them:

                                                                                          The fact that they exist at all. The build spec should be part of the language, so you get a real programming language and anyone with a compiler can build any library.

                                                                                          All of them:

                                                                                          The fact that they waste so much effort on incremental builds when the compilers should really be so fast that you don’t need them. You should never have to make clean because it miscompiled, and the easiest way to achieve that is to build everything every time. But our compilers are way too slow for that.

                                                                                          Virtually all of them:

                                                                                          The build systems that do incremental builds almost universally get them wrong.

                                                                                          If I start on branch A, check out branch B, then switch back to branch A, none of my files have changed, so none of them should be rebuilt. Most build systems look at file modified times and rebuild half the codebase at this point.

                                                                                          Codebases easily fit in RAM and we have hash functions that can saturate memory bandwidth, just hash everything and use that figure out what needs rebuilding. Hash all the headers and source files, all the command line arguments, compiler binaries, everything. It takes less than 1 second.

                                                                                          Virtually all of them:

                                                                                          Making me write a build spec in something that isn’t a normal good programming language. The build logic for my game looks like this:

                                                                                          if we're on Windows, build the server and all the libraries it needs
                                                                                          if we're on OpenBSD, don't build anything else
                                                                                          build the game and all the libraries it needs
                                                                                          if this is a release build, exit
                                                                                          build experimental binaries and the asset compiler
                                                                                          if this PC has the release signing key, build the sign tool

                                                                                          with debug/asan/optdebug/release builds all going in separate folders. Most build systems need insane contortions to express something like that, if they can do it at all,

                                                                                          My build system is a Lua script that outputs a Makefile (and could easily output a ninja/vcxproj/etc). The control flow looks exactly like what I just described.

                                                                                          1. 16

                                                                                            The fact that they exist at all. The build spec should be part of the language, so you get a real programming language and anyone with a compiler can build any library.

                                                                                            I disagree. Making the build system part of the language takes away too much flexibility. Consider the build systems in XCode, plain Makefiles, CMake, MSVC++, etc. Which one is the correct one to standardize on? None of them because they’re all targeting different use cases.

                                                                                            Keeping the build system separate also decouples it from the language, and allows projects using multiple languages to be built with a single build system. It also allows the build system to be swapped out for a better one.

                                                                                            Codebases easily fit in RAM …

                                                                                            Yours might, but many don’t and even if most do now, there’s a very good chance they didn’t when the projects started years and years ago.

                                                                                            Making me write a build spec in something that isn’t a normal good programming language.

                                                                                            It depends on what you mean by “normal good programming language”. Scons uses Python, and there’s nothing stopping you from using it. I personally don’t mind the syntax of Makefiles, but it really boils down to personal preference.

                                                                                            1. 2

                                                                                              Minor comment is that the codebase doesn’t need to fit into ram for you to hash it. You only need to store the current state of the hash function and can handle files X bytes at a time.

                                                                                            2. 14

                                                                                              When I looked at this thread, I promised myself “don’t talk about Nix” but here I am, talking about Nix.

                                                                                              Nix puts no effort in to incremental builds. In fact, it doesn’t support them at all! Nix uses the hashing mechanism you described and a not terrible language to describe build steps.

                                                                                              1. 11

                                                                                                The build spec should be part of the language, so you get a real programming language and anyone with a compiler can build any library.

                                                                                                I’m not sure if I would agree with this. Wouldn’t it just make compilers more complex, bigger and error prone (“anti-unix”, if one may)? I mean, in some cases I do appriciate it, like with go’s model of go build, go get, go fmt, … but I wouldn’t mind if I had to use a build system either. My main issue is the apparent nonstandard-ness between for example go’s build system and rust’s via cargo (it might be similar, I haven’t really ever used rust). I would want to be able to expect similar, if not the same structure, for the same commands, but this isn’t necessarily given if every compiler reimplements the same stuff all over again.

                                                                                                Who knows, maybe you’re right and the actual goal should be create a common compiler system, that interfaces to particular language definitions (isn’t LLVM something like this?), so that one can type compile prog.go, compile prog.c and compile prog.rs and know to expect the same structure. Would certainly make it easier to create new languages…

                                                                                                1. 2

                                                                                                  I can’t say what the parent meant, but my thought is that a blessed way to lay things out and build should ship with the primary tooling for the language, but should be implemented and designed with extensibility/reusability in mind, so that you can build new tools on top of it.

                                                                                                  The idea that compilation shouldn’t be a special snowflake process for each language is also good. It’s a big problem space, and there may well not be one solution that works for every language (compare javascript to just about anything else out there), but the amount of duplication is staggering.

                                                                                                  1. 1

                                                                                                    Considering how big compilers/stdlibs are already, adding a build system on top would not make that much of a difference.

                                                                                                    The big win is that you can download any piece of software and build it, or download a library and just add it to your codebase. Compare with C/C++ where adding a library is often more difficult than writing the code yourself, because you have to figure out their (often insane) build system and integrate it with your own, or figure it out then ditch it and replace it with yours

                                                                                                  2. 8

                                                                                                    +1 to all of these, but especially the point about the annoyance of having to learn and use another, usually ad-hoc programming language, to define the build system. That’s the thing I dislike the most about things like CMake: anything even mildly complex ends up becoming a disaster of having to deal with the messy, poorly-documented CMake language.

                                                                                                    1. 3

                                                                                                      Incremental build support goes hand in hand with things like caching type information, extremely useful for IDE support.

                                                                                                      I still think we can get way better at speeding up compilation times (even if there’s always the edge cases), but incremental builds are a decent target to making compilation a bit more durable in my opinion.

                                                                                                      Function hashing is also just part of the story, since you have things like inlining in C and languages like Python allow for order-dependent behavior that goes beyond code equality. Though I really think we can do way better on this point.

                                                                                                      A bit ironically, a sort of unified incremental build protocol would let compilers avoid incremental builds and allow for build systems to handle it instead.

                                                                                                      1. 2

                                                                                                        I have been compiling Chromium a lot lately. That’s 77000 mostly C++ (and a few C) files. I can’t imagine going through all those files and hashing them would be fast. Recompiling everything any time anything changes would probably also be way too slow, even if Clang was fast and didn’t compile three files per second average.

                                                                                                        1. 4

                                                                                                          Hashing file contents should be disk-io-bound; a couple of seconds, at most.

                                                                                                          1. 3

                                                                                                            You could always do a hybrid approach: do the hash check only for files that have a more-recent modified timestamp.

                                                                                                          2. 1

                                                                                                            Do you use xmake or something else? It definitely has a lot of these if cascades.

                                                                                                            1. 1

                                                                                                              It’s a plain Lua script that does host detection and converts lines like bin( "asdf", { "obj1", "obj2", ... }, { "lib1", "lib2", ... } ) into make rules.

                                                                                                            2. 1

                                                                                                              Codebases easily fit in RAM and we have hash functions that can saturate memory bandwidth, just hash everything and use that figure out what needs rebuilding. Hash all the headers and source files, all the command line arguments, compiler binaries, everything. It takes less than 1 second.

                                                                                                              Unless your build system is a daemon, it’d have to traverse the entire tree and hash every relevant file on every build. Coming back to a non-trivial codebase after the kernel stopped caching files in your codebase will waste a lot of file reads, which are typically slow on an HDD. Assuming everything is on an SSD is questionable.