1. 2

    Shameless reddit cross-post. In my defense, I find the first page hilarious.

    Hope you’re not reading this comment before the paper though.

    1. 5

      Excuse me, have you heard about our lord and savior nix?

      More seriously, the Haskell build environment is clearly a problem. I tried using a stackage nix overlay for a while, it was quite a long setup, and having to rebuild the entire package for each update was too much demanding for my 7-year-old computer. I saw some bazel-based setups but haven’t tried myself…

      Stackage is really great, but I agree the stack tool could be more user friendly. But in the end, I still use stack and have to delete randomly my .stack directory every once in a while.

      Rants are usually fun, but we could also talk what makes the racket build-system great and see how we could transpose that and slowly derive to a similar system.

      [Edit] BTW, cabal != cabal-install. “ I came to Stack to avoid Cabal.” => stack actually use cabal.

      1. 1

        I thought stack is invented to avoid cabal install, it’s the same as ruby’s gem install vs bundle (which uses gem internally). So i’m not sure what are use cases for stack install.

        Nix is the same bundler, but for system-level packages, which is great and unifying, but I don’t understand why use it if your project and its dependencies are mostly in haskell.

      1. 2

        The (original) title is misleading.

        I can’t help but imagine how different Android would be if various concepts from guix (or nix I guess) had predated Android 1.0.

        1. 10

          I can’t help but imagine how different Android would be if various concepts from guix (or nix I guess) had predated Android 1.0.

          They did! The original Nix paper came out in 2006:


          I’m always impressed that these ideas were explored 12 years ago. There’s been lots of thinking, and it’s paid off :)

          1. 3

            The project actually started at least three years before that: https://github.com/NixOS/nix/commit/75d788b0f24e8de033a22c0869032549d602d4f6

        1. 6

          I was thinking about how we also could transpose this to FOSS projects. Maybe instead of using bug solving as an excuse to go though a new code-base we could use code-review.

          I’ll give it a try.

          1. 3

            It’s a great way to start contributing to a codebase. Highly recommended.

          1. 8

            @NinjaTrappeur is there something specific you’d like to relate about Readline?

            1. 8

              Yes, this C library is actually used by a lot of CLI utilities (zsh, bash, …), making all the keybinding listed in this Wikipedia article available in a lot of programs.

              For example, the Ctrl-_, Alt-l are actually really useful in a shell context.

              It is maybe common knowledge, but I just discovered that recently. I though it may be useful for some other people. I was apparently wrong.

              I have trouble understanding why this is off-topic though.

              1. 13

                I was apparently wrong.

                I’m sure it is interesting to many people, I think it’s hard to understand your intention when you post a random wikipedia page though. Adding a description would probably help people appreciate the contribution more.

                1. 6

                  You are right, I’ll try to be more clear when I’ll share similar links in the future. Thanks for this helpful remark.

                2. 5

                  zsh does not use readline afaik, it’s mostly used by gtk and glib applications for providing line editing, and other applications that choose to use it. Most of the features readline offers either imitate behaviour specified by the POSIX terminal interface0 or are quality-of-life emacs bindings, so they’re often supported in other software and especially in shells.

                  1. 1

                    Aha, you’re right! Thanks for the clarification.

              1. 5

                This really hits home. Thanks for sharing!

                1. 3

                  none of which, I should add, support any open syndication standards.

                  Youtube is exposing its channels content through RSS

                  I agree with the idea of the article, but looks like an over-simplification to me. On the other hand, who really cares as long as the idea is clearly transmitted.

                  1. 1

                    If YouTube decides to remove RSS you can always use their API too.

                  1. 5

                    I just recently set up an MTA (OpenSMTPd) behind my Tor-ified network. Setting up an MTA behind Tor, especially when Tor is the authoritative DNS server on the network (as it should be in this setup), can be quite difficult to get right.

                    Tor’s built-in DNS server does not support MX record lookups and returns a zero-record DNS result with an rcode of 4 (NOTIMPL). This causes MTAs like Postfix and OpenSMTPd to freak out. If the DNS server returned an rcode of 0 (NOERROR), OpenSMTPd would have fallen back to a simple A/AAAA lookup.

                    I already had at my disposal a very special custom, modular DNS server that can perform any arbitrary action on a DNS request and on the corresponding response. I simply wrote a module for this DNS server that overwrote the response’s rcode to 0 if it was 4 prior to handing the response back to the originating client.

                    I set my resolv.conf to point to my custom DNS server. My custom DNS server was configured to point to Tor as its upstream resolver.

                    At that point, OpenSMTPd started working! I can now send emails to (almost) any domain, even other .onion servers. After sending some test emails, I found out that Google-hosted email services block MTAs behind Tor.

                    1. 1

                      Wow, that’s a great writeup, thanks. The more I read about PF, the more I want install a BSD on my router…

                      Are you still using this torified web access? Do you manage to keep your sanity despite the captchas? I find Cloudfare and google really annoying when accessed though Tor.

                      1. 3

                        I’ve been sitting 100% behind my Tor-ified setup both at work and at home for around a year now. I use the Privacy Pass extension to help with captchas.

                    1. 1

                      I’ve been collecting resources for automating verification and/or synthesis of programs. Although plenty exist for data, there’s a lot less for control flow. They usually need some clean or at least precise way to specify it that a mechanical translation handles from there. I’m surprised I haven’t seen recursion schemes before this post since it superficially looks like it would help there. Maybe it could be built on CakeML or something.

                      1. 3

                        Have you read Functional Programming with Bananas, Lenses, Envelopes and Barbed Wire? I guess you might be interested in a more lang-neutral formalism of this same concept.

                        1. 1

                          Thanks for the link. :)

                          1. 5

                            This may also be helpful while going through that paper: http://blog.ezyang.com/2010/05/bananas-lenses-envelopes-and-barbed-wire-a-translation-guide/

                            (Although, it brings it back into the Haskell domain, but still may be more comprehensible than some of the notation in that paper…)

                      1. 3

                        Does anyone know if there’s a simpler alternative to Google Analytics which only shows hit counts? For my site, all I’d love to know is which pages have been viewed how many times. I really don’t care about anything else.

                        I wish Netlify would provide some sort of basic log analysis of static sites, telling me the view count of each page.

                        1. 5

                          If you have access to your web-server logs, Goaccess may be a good candidate. It’s quite easy to use and not really intrusive.

                          1. 1

                            I actually don’t since I’m on Netlify. Otherwise this would be an ideal solution.

                            Most of the static websites are hosted on either Github Pages or Netlify and (as far as I know) neither of those allow you to see the access logs.

                            1. 4

                              You can host a 1x1 pixel on Amazon S3 and enable logging for the associated bucket. Add a query string to identify the current page. A simple transformation on the logs (to remove original URI, keeping only the one in query string) and you should be able to use GoAccess.

                          2. 1

                            Does anyone know if there’s a simpler alternative to Google Analytics which only shows hit counts?

                            I think what you’re looking for is a web counter from the 90’s :)

                            1. 1

                              I don’t! But this sounds like a good service for someone to provide. Something SUPER lightweight. Could even eventually show it on https://barnacl.es

                              1. 1

                                back in the days https://www.awstats.org/ was a thing

                                1. 1

                                  It still is. I know quite a few customers who still use awstats.

                              1. 1

                                Can anyone ELI5 how this works? Does the Fediverse get a new fork in Tor-space? Or will Onion only users still be follow-able by those of us in the DNS driven fediverse?

                                Also is each Onion instance a Tor hidden service with all the implied security challenges that brings?

                                1. 3

                                  Reading through the toots, it looks like HTTPS requests are being proxied into Tor and responses are being proxied out. The Pleroma author says they’ll have a blog post about this shortly.

                                    1. 1

                                      Ah interesting! So it’s definitely not an island. I’ll look forward to that post!

                                      I admire the Pleroma folks, that project’s existence is a sound refutation of folks dismissal of Mastodon just because it’s a Rails project.

                                      (Which, really, I mean Rails has its problems, and security issues are among them, but doesn’t every other web framework in existence?)

                                  1. 2

                                    Nice post.

                                    I was waiting for the author to publish the remaining part before submitting this.

                                    It’s been 2 months, looks like part 2 is not going to happen…

                                    1. 9

                                      If you don’t mind the tinfoil, this could well be a shakedown test to see how Russia might deal with partitioning of the network in a time of relative peace, before being surprised during some other time.

                                      Then again, that’s the sort of idle speculation I’d give back in my HN days.

                                      1. 3

                                        Maybe not the intention, but I can’t imagine the data point would go unnoticed.

                                        1. 3

                                          According to the time line, it may seem related to telegram.

                                          Here’s my tinfoil take :)

                                          Russia banned the telegram app at the beginning of the month[1]. They basically blacklisted their domains.

                                          Telegram started to use the google app engine as a domain front [2].

                                          I guess Russia is trying to prevent domain fronting for future ban cases. I guess it is easier for them to send a takedown notice to a Russian cloud provider than sending that to a American one.

                                          [1]: https://www.nytimes.com/2018/04/13/world/europe/russia-telegram-encryption.html

                                          [2]: https://en.wikipedia.org/wiki/Domain_fronting

                                          1. 2

                                            Probably not the intention, because running the blocklist updates in that mode means that an external party can easily force a block of something critical inside Russia at the moment than neither the blocklist operators not ISPs have spare capacity to react sanely. People who are qualified to understand your point also know that Roskomnadzor is not qualified to prevent the risk I describe.

                                            But some note-taking about unexpected dependency chains will be done anyway.

                                            1. 1

                                              If you were to pile some more tinfoil on, what else might we expect to see from Russian authorities?

                                            1. 3

                                              Ocaml does this with GADTs, AFAIK.

                                              1. 5

                                                Nice, I really need to look at Ocaml: Haskell GADTs cannot express that. (Plus: I am french, looks like I should at least acknowledge INRIA’s great work, I miss patriotism here :) )

                                                Out of curiosity, what would be the Ocaml type signature for the interpFormat function?

                                                1. 4

                                                  I’m not sure exactly, but here is a slidedeck on how Printf works in Ocaml once it was moved to GADTs:


                                                  EDIT: Sorry that’s not a slide deck it’s a short paper. And I think the Ocaml versions still requires the compiler to do some preprocessing, but now it turns it into what you would have to write by hand for the GADTs to work rather than doing all of the formatting type check logic in the compiler.

                                                  1. 4

                                                    Thanks for the link.

                                                    The actual source code seems to be here: https://github.com/ocaml/ocaml/blob/trunk/stdlib/camlinternalFormat.ml#L57

                                                    Once again, I am a rookie using OCAML (I just used back when I was a student to be honest). I spent 20 minutes on it and still don’t fully understand this code. In conjunction with the paper you sent, this looks like more like a macro system looping-back to the type system right? I think the same kind of trick is used by the Haskell singletons library (for nick, here’s the associated papers :) ).

                                                    In this Idris example, the “computations on the type level” is performed out of the box without the need of any workaround. That’s the part I found very neat, looks like way more usable than what I saw so far.

                                                    But again, I’m not an expert on dependent types and never used them in the real world. Maybe @puffnfresh could confirm or infirm that.

                                                    1. 4

                                                      Yeah, that’s completely right. Idris doesn’t have anything in the compiler about printf, you can do meta programming because you can write types depending on values.

                                                      The point of the video is not to extend Idris with a type-safe printf, the point is that you don’t have to extend Idris.

                                                    2. 1

                                                      Thanks. I liked the paper form better since it had a detailed description of the problem, a few solutions with pro’s/con’s, and then the final one. Might come in handy when bootstrapping systems considering different ways to handle functions like printf.

                                                1. 3

                                                  Got this link from an article posted on this website. Sorry if you already seen that, but I think this is a great showcase for dependent types.

                                                  1. 7

                                                    Hi thanks but I’ve already seen it :)

                                                  1. 21

                                                    There’s no wey Slack will let this exist for very long. They are interested in closing their platform, as we’ve seen with the IRC/XMPP gateway déprécations.

                                                    1. 2

                                                      I don’t think so. Wee-slack exists for nearly 4 years now, and to my knowledge, they did not have any problem so far.

                                                      I guess the Streisand effect is on our side for things like this. Just look at popcorn time…

                                                      1. 11

                                                        (I was mostly posting for the wey pun. Sorry.)

                                                        1. 4

                                                          Goddammit, I totally missed it ><

                                                        2. 6

                                                          Wee-slack has an extremely niche appeal. They can afford to ignore things like that because the target market is tiny. I only hope that Wee-slack doesn’t get cut off when Slack does decide to kill this new one.

                                                          1. 4

                                                            Remember that a lot of companies didn’t have problems making compatible products until companies like Microsoft and Oracle were hitting them with copyright suits claiming API ownership or patent suits over core functionality. Any group is at risk in known and unknown ways if their work builds on proprietary work by a profit-motivated, selfish company. Double true on average if it’s public like Slack intends to be.

                                                            1. 2

                                                              Just set wee-slack up, it really seems to work pretty well, I had a bit of trouble with the tokens, but besides that it’s pretty sweet.

                                                            2. 1

                                                              And even if, then the best case scenario is still to be tolerated by the owners of a proprietary product while donating them free labor to play cat and mouse with their protocol.

                                                              This reminds me an awful lot at the times when I used GAIM (nowadays called pidgin) because that allowed me to chat with my school friends on ICQ even though I was on Linux which wasn’t supported by ICQ itself. GAIMs was really nice, but broke from time to time when ICQ modified the OSCAR protocol, until the developers catched up.

                                                            1. 5

                                                              I’m a bit disappointed, the title is misleading.

                                                              They did not reverse the WhatsApp communication protocol, they reversed the WhatsApp Web websocket protocol.

                                                              If you want to use this, you still need to install whatsapp on your phone and scan a QR code generated by the python backend.

                                                              [EDIT]: Actually the github repository title do mention the web part. @Yogthos, maybe you could align this submission’s title with the repository one. Maybe “Reverse engineering WhatsApp Web”?

                                                              1. 2

                                                                This is perfect.

                                                                Maybe we could also think about creating an official lobsters widget.

                                                                1. 8

                                                                  I’m a little perplexed that salary is an afterthought here–in a field where what we do is so directly tied to outsized profits, it’s weird we aren’t pushing harder to get a cut of the pie.

                                                                  1. 3

                                                                    I unholstered my sarcasm gun, paused to think about it, and put it away again. I fully agree with you. I recently read this book which touches on the matter. I love the stability of being an employee and I hate dealing with clients for a reason or another. I also hate very many things about corporate life, and I wanna break out of that at some point, although it ain’t possible nor practical right now. Anyway I digress, it was a good read.

                                                                    1. 1

                                                                      Because a higher salary won’t make you happier.

                                                                      A good example of this is the amount of people unhappy at work, asking for a raison to justify their stay.

                                                                      Anyway, what you seem to want is a better distribution of income in a company, no specifically higher salary, so the question would be, is income equality a factor of hapiness? Maybe.

                                                                      1. 5

                                                                        No, I specifically want a better cut of the value that I produce.

                                                                        If I grow sales by 5x by implementing a feature, there are some options, right?

                                                                        • Others who failed to grow sales are penalized
                                                                        • Others who failed to grow sales are penalized and their rewards given to me instead
                                                                        • Everybody gets a cut of the sales, even Frank the sales guy who sucks and Ann the janitor who does the same amount of work day in and day out cleaning toilets
                                                                        • I get no compensation (compared to base case of not succeeding)
                                                                        • I get compensated by small bonus
                                                                        • I get a percent of the sales increase

                                                                        Only two of those aren’t terrible. Only one of them is fair.

                                                                        If you want to see a developer act do work that can bring in 10 million, cut them in for 5%. I can’t think of any dev who wouldn’t move heaven and earth to make 500K in a year.

                                                                        Of course, the current system is more a deal of “You’re lucky to have a job here, here’s the salary, management/shareholders will skim off the profits that, by construction, they themselves could not have realized had you (or devs like you) agreed to it.”

                                                                        And honestly, while I respect the problems of folks who aren’t in our industry making our wages, I also work very hard not to have those problems. I have no desire to be holding the bag when market trends correct themselves and we’re paid the same as non-devs while the people we let fleece us are fucking off in their Teslas to Moneyland.

                                                                        1. 2

                                                                          This sounds like a great idea in principle, but how do you attribute whose work produced what value? This seems like a hard question to answer in general (i.e. not just for engineering roles), with maybe the exception of direct sales roles (where a commission based on deal size is often the norm). Even in sales roles, I think attribution is a hard question to answer: are your sales great because your salespeople are great or your application engineer is great or the intern you hired produced a ton of value by fixing a bunch of stuff that nobody had bothered to?

                                                                          When I worked in adtech, we had similar difficulty trying to attribute clicks to specific ads. The honest truth seems to be that, in both ads and work, it’s hard to do attribution “fairly” when you have a high-touch process involving many people.

                                                                          1. 4

                                                                            So, there’s a few different parts of that, but the one I’ll poke at is attribution.

                                                                            A lot of sales folks work on commission: and yeah, that has pathologies, but it’s the case more often than not that a salesperson that puts in the work to seal a deal is pretty unquestionably the one that deserves a cut of the sale.

                                                                            The idea that we can’t do basic accountability in engineering is something I disagree with. Some solutions:

                                                                            • The entire engineering team gets a cut of engineering-related success that year split evenly, if for no other reason than they failed to fuck up growth.
                                                                            • Individual contributors that actually lay hands on a feature and implement it get a cut of sales that touch that feature, or cost savings if it’s an efficiency improvement. If the company can’t track what features lead to sales or what features boost efficiencies, even in some rough way, I posit the company is poorly managed.
                                                                            • At perhaps the most asinine solution, do a trace on what functions/features get called (same as we do for code coverage!), multiply it by uses/users/revenue, and do a weighted payout to the folks that wrote the code.

                                                                            At least in some fields, say e-commerce, it’s pretty obvious how to break things down. If an engineer builds the product page, builds the order logic, and builds the persistence, they’re pretty obviously the ones that deserve the credit. If one team builds, say, product search, it’s pretty easy to track what generated a sale and how the customer got there (they’re tracking the customers, right?) and give them a cut.

                                                                            And one immediate objection to this is “but how do engineers that don’t do customer-facing stuff get rewarded?” And my answer to that is basically: if an engineer doesn’t directly do stuff that puts money in the hands of the business, they don’t actually generate value for the company and as such shouldn’t be rewarded a cut of the spoils. From a business standpoint, a bad engineer that ships continuously and drives sales is worth infinitely more than a great engineer that refactors in pursuit of perfection.

                                                                            I’m still debating internally how hard I believe this line of reasoning, but it’s opening up some interesting tangents in my head so I don’t think it should be dismissed outright.

                                                                            1. 4

                                                                              I am an SRE for an online retailer (I am not, but the sake of the argument I am).

                                                                              If I screw up big time, I completely halt all the sales. On the other hand, if I do decently my job, my work goes unnoticed.

                                                                              So, according to your model, should I earn the entire company profit or should I earn nothing?

                                                                              1. 1

                                                                                Well, as I wrote, you don’t drive sales or make savings, you have rated new value…you’ve acted to preserve existing value.

                                                                                You should still be well compensated for your work! Just not with a cut of the growth.

                                                                                1. 3

                                                                                  I disagree, a bit. A decent SRE is going to prevent an incredible amount of screwing ups that would potentially cost any given company a lot of money. In a way, their presence is a form of risk mitigation; there’s definitely value in that, but it’s less obvious. For example: At some point in my career I was asked to implement in emergency a feature that essentially mitigated a risk that, should it realize, would have cost them in the tens of millions. Once mitigated, the risk didn’t exist anymore, and I’d bet that there’s SOME value in that risk having been permanently mitigated. Probably less than tens of millions, but probably more than a pat on the back.

                                                                                  [edit:] I mean, it’s less obvious as opposed to “See, since I tweaked this endpoint last week sales have increased by 20k per day, where’s my cut?”

                                                                              2. 1

                                                                                Individual contributors that actually lay hands on a feature and implement it get a cut of sales that touch that feature, or cost savings if it’s an efficiency improvement.

                                                                                This might be combined with “competitive coder” schemes to get even more results if they themselves are getting the results they claim.

                                                                      1. 8

                                                                        We definitely need a similar place in western Europe…

                                                                        1. 4

                                                                          Oh yes, definitely. I bet a ton of people would be interested in signing up for something like that.

                                                                          1. 3

                                                                            Go to your local hacking space?

                                                                            I have a bit of trouble to understand the point of going through 3 application rounds to take time off, not get paid and meet other people taking time off and not getting paid.

                                                                            Sounds a bit like doing Erasmus…

                                                                            1. 6

                                                                              People have been doing write-ups about the benefits if you’re wondering about them. The mains ones I’m seeing across the write-ups are:

                                                                              1. A break from mentally-taxing work to only do the work they want. People tend to do one or more fun projects there instead of those they’re usually forced to by work. It’s also common to do both concentrated learning and building activities.

                                                                              2. Improved focus since they’ve left environments with a lot of distractions. Obviously, they might need a gameplan for email, phone notifications, etc. Based on prior data, I’ll also add their focus at RC might improve by the mental and financial commitment they made by going there. Many who might get distracted doing random stuff on the Internet at home will try harder to complete their project to avoid walking away with nothing. Double true if they lost pay like you indicated. That makes the trip more like an investment.

                                                                              3. A crowd of people to learn from or help. They usually like listening to interesting projects others are doing there. Face-to-face provides a different experience than just Googling summaries on their Githubs or something. Regardless, I speculate that these connections with others can be a mental break from or boost for the focused projects people are doing at RC. Kind of a pause for them to let stuff process with extroverts benefting directly having people to talk to on top of that.

                                                                              4. You might get a job. RC is run by recruiters. People with not-so-great employment doing 1-3 might have some job skills or portfolio additions to show off. That they keep funding it is either some serious charity or the fact that they’re getting enough people jobs to keep funding it. Probably a mix of both. So, there could be job-seekers visiting who would rather not be doing 20-30 sessions of whiteboard coding in front of non-coders assessing their skill. RC might be a better experience.

                                                                              Of course, this assessment is based on just a handful of posts I’ve read written by people who visited. Anyone who visited or works there feel free to correct anything that seems off.

                                                                              1. 7

                                                                                I would say these are all pretty spot on! I keep meaning to write a “Why RC?” page for our website that clearly and directly answers the question of why you might want to come, but for now you can get a pretty good idea by reading our about page and the things linked from it under “Further Reading”

                                                                                I think the only thing missing from is that RC is about more than just the time you spend at the retreat—you’re also joining a tight-knit community of peers dedicated to teaching and learning from each other. The value of this is tremedous, but hard to capture in words. If any other RC alums want to jump in here and try to explain it I think that would be great :)

                                                                                On point 4—all of RC’s operations, including our living expense grants for people underrepresented in programming, are funded by our recruiting revenue! You can read more about the career benefits of RC on our page about this and in our manual.

                                                                                1. 3

                                                                                  I’m one of many alums. Here are a couple thoughts on my experience, which I found very positive and better than regular unemployment:

                                                                                  1. I learned a lot about myself and improved a lot as a learner at RC - much more so, I think, than I would have if I had just been unemployed for a few months on my own.

                                                                                  2. I am not as involved in the alum community as I’d like to be but it sure seems fun. It’s nice to feel like you share a connection with some pretty interesting and accomplished people. It’s a diverse crew and I like seeing what different people are thinking and learning about. I also like that, collectively, the community knows a lot and will help you with your problems if you need them.

                                                                                2. 0

                                                                                  Sounds like a hacker space to me. My city has two, and if I hop onto a train I can get to another 5 in less than an hour.

                                                                                  The whole concept of having application rounds asking someone for permission to spend your own, free, unpaid time on the things you want to do … that sounds very foreign to me, maybe it’s just some concept that’s more widely understood in the US.

                                                                                  If grown-up people are unable to make an independent, autonomous decision on how to spend their time, this looks like a parenting/education failure to me.

                                                                                  1. 2

                                                                                    It is not a hacker space, any more than a blank wall beneath a bridge where you can spray paint is an artist’s colony.

                                                                                    It’s a focused retreat for programmers to gather in one space for a period of time with other programmers, who are all there, as @jamesjporter says, to teach and learn from each other about how to be a better programmer, including theory, hardware, new models and techniques, etc.

                                                                                    I don’t know what else you’re misunderstanding about it, but I suggest you withhold public judgement until you learn more.

                                                                                3. 4

                                                                                  The social signal is different - “hacking on stuff” vs. “hacking on stuff, as a result of passing 3 application rounds”. Beyond that, the application filter presumably also has some sort of effect on who’s there, compared to regular “open” hacking spaces.