1. 1

    not really a fault of the companies, but I’ve had my laptop password stop working twice. Once on a Mac and another time on a windows machine.

    The Mac one was bizarre. I would boot into recovery mode and run a sudo command in the terminal, which would prompt for my password. Putting that in would work. Would proceed to the login screen and enter my password and that wouldn’t work.

    Honestly it’s one of those issues where I would love to dig into the root cause but i don’t know how and I didn’t have the time :(

    (if anyone has any insight as to why it would happen, or some readings, please comment!)

    1. 4

      I’m not too knowledgeable about enterprise mac stuff, but it’s possible for your account local to the machine to have a different password than your account in some LDAP system, if the laptop is configured to authenticate that way. Maybe something like that happened.

    1. 19

      My team was using Elm in production for about a year, but have been gradually replacing it with Typescript + React.

      We started using it in version 0.18. We never bothered transitioning to 0.19 because there were a number of dependencies that weren’t being maintained, and we didn’t want to rewrite the functionality we were using from them.

      The inability to install packages from anything but the official repo is a real pain. It made it really hard to reuse and modularize code. We had the choice of open sourcing anything we wanted to reuse, or adding extra steps to our build to copy files around.

      There was also the problem of hiring and onboarding new team members. Like it or not, it’s far easier to hire someone to do front end work in Typescript than Elm. We developed some good tutorials for new team members to get started, but it still took more time to ramp up, since functional programming represents a big shift for a lot of people.

      I really want Elm to succeed because it’s a joy to write, and the type system is incredibly helpful. But it will be a while before I recommend it to anyone for anything but fun projects.

      1. 1

        Have you looked into Fable? Might have some of the benefits of Elm, but less restrictive and will interop beautifully with your TypeScript if you’re using Webpack.

        1. 1

          I did not know about Fable. I’ll check it out. Thanks.

      1. 5

        Sounds pretty good. Regarding Haskell not being ready for production-grade compilers: The Elm compiler is written in Haskell. It was always super reliable and a joy to work with, since Elm 0.19 it’s also pretty fast. So I would think that Haskell can be used even for production-grade compilers.

        1. 2

          This seems to rely on the premise that Elm and its compiler are “production-grade” … I’m not sure that can be established for any language without a 1.0.0 release.

          1. 4

            Well Elm is used in production at several companies and that for me is a better indicator of “production-readyness” than a version number. It depends very much on your company and your project if you can use pre-1.0 software. Pre-1.0 does not mean that a software may never under any circumstances be used in production. It’s a tradeoff.

            1. 1

              I’ve seen several dozen companies using the Flask development server for production websites despite it specifically saying in many, many places that it’s not a production-grade server and should never be deployed as such … a company’s willingness to shoot its own foot clean off with software the creators of which aren’t yet confident enough to label as a public release doth not a production-grade piece of software make.

              So sure, absolutely, if it works for you and your situation of course you can happily use it … but that doesn’t mean that use automatically establishes it as “production-grade”, hence it’s not a good counter argument to the notion that Haskell’s only suitable for “lab-grade” compilers.

              1. 1

                My team recently finished removing all Elm code from production. Based on our experience, it’s not production ready as of 0.18 or 0.19.

                I wrote a little more about that here: https://lobste.rs/s/brvwey/elm_why_it_s_not_quite_ready_yet#c_jivkmc

          1. 26

            The security issues outlined by this article are clear, so I won’t comment on them. I did want to comment on this peripheral point:

            This same vulnerability also allowed the attacker to DOS any user’s machine. By simply sending repeated GET requests for a bad number, Zoom app would constantly request ‘focus’ from the OS.

            I’ve long thought that OSes (or WMs, whatever) should pretty much never bring a window (or dialogue box, or any such UI element) into view, or take input focus (keyboard or mouse) without explicit user interaction (i.e. key press, mouse click or screen tap). Instead, they should indicate to the user that some application or widget “wants attention”, for example by making an application’s entry in the WM’s task bar blink/flash. Then, the user can choose to take explicit, manual action (e.g. in this example, click on the task bar) to bring the window or other UI element up to z-index 0 and allow it to take input focus.

            Time and again, all through the years, we experience the UX pain of happily and intentionally typing (or clicking) in one UI element, and something pops up, takes input focus, and we unintentionally send keystrokes or mouse clicks into that surprise UI party crasher. How many decades of UI and UX research have come and gone since the earliest GUIs came on the scene? This kind of thing should never happen – yet, it does, and I find that just a little ridiculous.

            I welcome any counterexamples showing a case where it would be a good thing for a new UI element to steal input focus without the user first performing an input.

            1. 14

              If you peruse Raymond Chen’s blog at Microsoft, there are multiple entries about customers who want to make sure that their window is placed front and center and grabs all input. It’s easy for even a non-malicious application developer to convince themselves that their product is so good that this behavior will actually be welcomed by users.

              Chen does not agree, by the way.

                1. 1

                  Thanks!

                  It does look like both items link to the same post, though.

                  1. 3

                    Oops, copy/paste failure. Sorry about that! I’ve fixed the second one.

              1. 5

                I recently switched back to a Linux laptop, and a feature I love over OSX is that when an app wants focus, instead of just taking focus, PopOS (probably gnome?) displays a toast saying “NeedyApp is ready”. I can switch to it when I’m ready too.

                1. 3

                  When my terminal opens a system dialog to unlock my password manager. I’ve hardcoded that as the only exception to “no stealing focus” in my i3 config.

                  1. 3

                    What does your “no stealing focus” config entry(-ies?) look like?

                    1. 2

                      I see your point, and can accept that others have different preferences, but if it were me, I’d let such a thing remain not an exception, and just stay unfocused and flashing in the task bar. But then, I reboot scarcely 5 times a year, so unlocking like this is something I rarely do.

                    2. 1

                      Indeed – I’ve been thinking lately that UIs should be given much of the same consideration we give to APIs regarding things like race conditions (as in your example) and backwards compatibility. The user, after all, is ultimately another component interacting with other components of the overall system…

                      1. 1

                        Reminds me of the javascript popup-bombs from the early 2000s. A never ending stream of popup windows and dialogues, close one and three appear.

                      1. 3

                        Couldn’t agree with this article more. I hear a ton of podcasters talk about how they mostly attend the “Hallway track” and watch the talks on Youtube.

                        Reminds me of Real Genius where the kids start just having tape recorders tape classes and ultimately the professor just has a tape player running rather than attending himself!

                        1. 2

                          That scene is from Real Genius :)

                          Great article. I hadn’t heard much of people doing the “hallway track” before, but I can understand how it could be a problem.

                          1. 1

                            Ah right good catch :)

                            The emphasis may be a meme that got amplified in the Python community in particular.

                        1. 12

                          GPS also has a field for storing the number of leap seconds (so receivers can compute UTC from atomic time). This is currently at 37, and has been incrementing pretty steadily since the system was created.

                          There’s a plot here: https://www.e-education.psu.edu/geog862/node/1875

                          If you were making a GPS receiver, and wanted to give it better odds of working from a cold start with no idea of the current date, you could use the leap second number to make a guess at how many times the week counter has overflowed.

                          This page has some more details about the GPS signal, and talks briefly about using leap seconds deal with the rollover: https://web.archive.org/web/20180922192530/https://www.colorado.edu/geography/gcraft/notes/gps/gpseow.htm

                          1. 13

                            Both managers are at fault here. A managers’ responsibility is communication, not sneaking around looking for culprits and cracking the whip.

                            What’s wrong with correcting the issue up front and talking openly about it? (Question for both the author and their manager).

                            1. 6

                              Yeah. It sounds like the manager does not communicate to the team that little fixes are appreciated, and does not recognize team members that do it. So how would anyone else on the team know that it’s something they should be doing, too?

                              I’m not sure what the author could have done in the situation when management isn’t communicating that, though.

                              1. 9

                                Leave.

                                Patrick McKenzie had a nice thread about the topic. You have a limited ability to make change, and might want to spend it somewhere you think will be more receptive.

                                And to forestall one question: this does assume you can easily leave and find someplace good to go. I suspect that’s true of Rachel at this point in her career, and has been for awhile. But it is possible it wasn’t when the story happened. In that case, you’re in a rough spot.

                                1. 2

                                  It sounds like the manager does not communicate to the team that little fixes are appreciated,

                                  To me that’s my job, to fix things when they break. I don’t understand why someone would expect their manager to tell them they need to fix things when it’s probably part of their job description / duties anyways.

                                  1. 2

                                    Not everyone is as conscientious as you. There are plenty of “not my problem” people in this world.

                                    If “it’s probably part of their job description / duties anyways”, why is the author the only one doing it? And why is the boss not criticizing the rest of the team for not fixing things?

                                    1. 2

                                      Is it author the only one doing it or is that just how they feel? Maybe there is other duties the author isn’t covering as much as other workers. The main problem I see here is that the author doesn’t see the team’s objective, only their own.

                                  2. 1

                                    Communicated it themselves!

                                    1. 11

                                      It sounds like her team was really into the idea of just silently letting her do all the work:

                                      Next, I asked an honest question: even then, why was it automatically up to me to get these things to work? There was no division of duties on the team. Everyone was responsible for the system as a whole. Even when you weren’t on call, there were things to check on and adjust from time to time. This was one of them.

                                      Basically, I asked why he didn’t take care of it. His response floored me.

                                      “Oh, well, you always take care of it.”

                                      Eventually, she got fed up and left, which is the right thing to do if it’s possible.

                                      1. 4

                                        But that “Next, …” happened after this “experiment.”

                                        From the information given, it’s possible that nobody else on the team even knew this task bothered her because she had never communicated it before.

                                        1. 2

                                          This article would be heavily biased in the authors favor.

                                          1. 1

                                            Do you need to point out that someone’s account of their own experience is “biased” in their own favor? Why?

                                            1. 1

                                              Because of your comments:

                                              It sounds like her team was really into the idea of just silently letting her do all the work. Eventually, she got fed up and left, which is the right thing to do if it’s possible.

                                              I don’t find those conclusions as self evident as you did, the team is made up of people who might see the situation completely differently, and her article is smearing them in a way where they can’t defend themselves.

                                              1. 1

                                                Every single tale of a toxic work environment is amenable to the same obvious objection. I find her perspective credible, given that her manager fully knew of her experiment, and then used that against her in her review.

                                                But regardless, the whole thesis of the article is that you shouldn’t try this unless you have rock solid cover from your manager or lead. “The story is biased toward its author,” is a non-sequitur, and contributes nothing constructive.

                                                What is your point, and why do you think the genius of your voice needs to be heard making it?

                                                1. 1

                                                  Excuse me while I go write a blog post about how nebkor hurt my feelings … I am a genius and my voice needs to be heard, I need the support of all those bleeding hearts too.

                                  1. 2

                                    If on quick reflection you thought “more or less equally”, you are not alone. I asked 5 super-smart PhDs this question and they all had the same initial intuition.

                                    I wonder if any of these had their degrees in Physics or Physical Chemistry. The problem sounds conceptually similar to a thermodynamics problem, where you don’t get uniform distributions. For example, the Maxwell-Boltzmann distribution arises from ideal gas molecules exchanging energy and momentum in random collisions, and it’s far from uniform.

                                    This also demonstrates why I prefer simulations when thinking about these kinds of things. With the thermodynamics analogy, one might be able to work out some analog of the partition function and calculate the theoretical distribution. But running a simulation directly works out to be much easier.