Threads for Stratus3D

  1. 1

    Can you do the same include matching based on repo URL? I may have to try that out.

    1. 21

      With git 2.37 you can use a remote - this example is taken directly from https://git-scm.com/docs/git-config:

      ; include only if a remote with the given URL exists (note
      ; that such a URL may be provided later in a file or in a
      ; file read after this file is read, as seen in this example)
      [includeIf "hasconfig:remote.*.url:https://example.com/**"]
      	path = foo.inc
      [remote "origin"]
      	url = https://example.com/git
      

      I use this to manage work vs. nonwork email addresses by repo remote. This is how I do it (edited to show a git@ remote URL rather than just https). In my ~/.gitconfig:

      ...
      [includeIf "hasconfig:remote.*.url:git@gitlab.com:myname/**"]
        path = ~/dotfiles/shared/gitconfigs/gitlab
      [includeIf "hasconfig:remote.*.url:git@github.com:myname/**"]
        path = ~/dotfiles/shared/gitconfigs/github
      [includeIf "hasconfig:remote.*.url:git@github.com:companyname/**"]
        path = ~/dotfiles/shared/gitconfigs/companyname
      ...
      

      Then, for example, ~/dotfiles/shared/gitconfigs/gitlab:

      ...
      [core]
        sshCommand = "ssh -i ~/.ssh/my-gitlab-specific-key -F /dev/null"
      
      [user]
        name       = My Name
        email      = gitlab@myname.domain
        signingkey = ...
      
      [commit]
        gpgsign = true
      
      [gpg]
        program = gpg
      ...
      
      1. 1

        Thank you so much for sharing! This is going to save me a lot of time.

        1. 1

          Right on, I’m glad to hear that!

        2. 1

          oh this would’ve saved me so much hassle

      1. 2

        I have mixed feelings on the “keep all changes under 400 lines total” rule. I don’t like thousand-line diff bombs any more than anyone else and I try not to lob them at others. But it really depends on what’s in all those lines. It’s pretty easy to blow past that number with low-review-effort changes such as automated refactors on a code base of any meaningful size. Tests can also sometimes have a high code-size : review-effort ratio, but a comprehensive set of tests can make a change easier to review, not harder.

        Or the degenerate case: replace 1000 lines of custom code with a small implementation that uses a new third-party library. With a hard-and-fast change size limit, you would have to whittle away the unused code a chunk at a time. That seems clearly ridiculous to me.

        When I’ve worked on projects where people took a hard line on this rule, it never got as bad as my previous paragraph, but it was annoying about as often as it was helpful. You’d frequently see people shatter a semantically atomic change into arbitrarily-bounded pieces each of which was under the limit but was impossible to meaningfully review on anything beyond a simple syntactic level without flipping back and forth between the pieces.

        I kind of follow Einstein’s philosophy on this: PRs should be as small as possible, but no smaller. If there is a good way to decompose a change into a sequence of self-contained smaller changes, I do that. If there isn’t, I don’t try to force the issue.

        One way I try to answer the “Could this be a separate PR?” question is to ask myself whether I could assign each piece of my change to a different reviewer and get useful feedback.

        1. 3

          I understand that this is a hypo, but “replace 1000 lines with another implementation” is 3 distinct things:

          1. Implement replacement
          2. Use replacement everywhere initial implementation was used
          3. Cleanup

          1 is where the meat of the review is necessary, 2 is fairly easy to review, and 3 should mostly just be deleting code and should effectively just be a noop.

          I personally (for Java) like to reduce this even further to 100-150 LoC in a single review. This doesn’t include tests though, which are usually 3-10x the size of the code, which puts this squarely in the 400-1000 total lines :)

          In the end, the best agile way to handle this is to have a rule. Ignore it when you need to. Notice when this ignoring becomes a burden (many comments on a single review, over many rounds). A good number might be 10 comments or going past 3 rounds of review.

          1. 2

            Yes, it’s truly rare that an arbitrary rule can’t be followed when it pertains to code that you as the programmer add, modify and remove. Things can always be broken down into small chunks, and according to the book, smaller chunks will result in better review feedback from your reviewers.

            I didn’t mention it in the blog post, but changes outside of your direct control (say those 20k changes to package-lock.json because you upgraded a single npm package) don’t need to count towards such a limit. Such files are generated automatically and thus safely be ignored most of the time by human reviewers.

            1. 1

              Also, the part that makes those three things work is the tests:

              1. tests only cover the new code
              2. tests only cover the code that uses the new code
              3. tests covering the old code are deleted

              Even better is that if the tests for 2 don’t exist then you get that as a 0. step (cover usage of existing code with characterization tests to ensure things don’t break) If you see any other pattern, then there’s somethings screwy going on…

          1. 11

            Some of this is really good advice, but I’ve never liked this in particular:

            Annotate the pull request with comments explaining why the decisions made and why each code change is necessary.

            I generally ask people who add comments to their pull requests explaining the “why” behind why the code in the PR is the way it is, to put those where comments where they belong: in the code. I shouldn’t have to do a git blame and then follow the breadcrumb trail all the way back to the original pull request to find an explanation for the business decisions that informed the code – the pull request is not a good forum for documentation that should outlive the current review cycle.

            1. 5

              Completely agreed. The appropriate response to a very large percentage of “why” questions from code reviews is to revise the PR to answer them.

              I have never had a reviewer push back when I reply, “Oh, good question. I’ll add/update a comment to explain that.”

              follow the breadcrumb trail all the way back to the original pull request

              And this is another danger: I have worked on long-lived projects that switched version control systems and hosting services. It was sometimes literally impossible to follow the trail across those boundaries.

              1. 2

                I completely agree. However I think these are two different types of comments. Specifically:

                • Code comments: These explain the Why and How behind a module, function, or expression in the source code. They should live along with the source code as they will be helpful to future readers who find the code hard to understand.
                • Change comments: These explain the Why and How of PR changes themselves. They should be presented to the reviewer along with the changes that are being reviewed as they will be helpful in providing context for particular additions and deletions. A good example of these are comments explaining why a particular module, function or line of code was deleted. In such cases the only possible comments are change comments because subject of the comment is the expression that is has already been deleted from the source code in the PR. Change comments may also be suitable to be included in the commit message in version control.

                I agree there are many change comments that ought to be moved to code comments, but I think change comments are distinct and still serve a useful purpose.

              1. 10

                Vim’s Ale plugin supports vale out of the box. All I had to do was install and configure vale to get prose linting.

                Overall the linting so far has not been helpful.

                1. 3

                  I enjoyed this blog post, and it inspired me to update a page on website that lists the books I’ve read to indicate which ones I highly recommend - http://stratus3d.com/about/books-i-have-read/. Even though it’s been many years since I’ve read most of the books on that list it was surprisingly easy remember which ones were excellent and worth recommending.

                  1. 8

                    Really a shame they chose to support a new diagram language like Mermaid rather than one that has been around for 30 years, is widely used, and extremely flexible? Especially since is already a massive set of Graphviz files on Github. A simple search finds approximately 2,441,463 Graphviz files on Github (Source: https://github.com/search?q=extension%3Agv&type=Code&ref=advsearch&l=&l= and https://github.com/search?q=extension%3Adot&type=Code&ref=advsearch&l=&l=). A Github search for Mermaid on turns up only 7,846 files (https://github.com/search?q=extension%3Ammd&type=Code&ref=advsearch&l=&l=), making extremely unpopular by comparison. Why would Github ignore Graphviz and choose to support Mermaid instead?

                    Perhaps they looked at the number of Graphviz files in existence and realized that due to it’s popularity, they’d have to have a lot more infrastructure in place and the cost would be much greater? For example, if you figured rendering a diagram cost 1 cent (just as an example, I have no idea how much it costs). Rendering their library of Mermaid would only cost them about $78. Whereas Graphviz would end up costing them $24,414.63. Perhaps there are other technical constraints here I am not aware of? Maybe they’ve already got good infrastructure in place for JS libraries, and therefore Mermaid is an easier implementation.

                    1. 9

                      To be fair, mermaid seems to be more of a format to be used inline in a markdown file, so searching for dedicated .mmd files won’t be a good indicator of its popularity.

                      (I don’t know anything much about either mermaid or viz, and don’t care whichever github supports)

                      1. 4

                        Graphviz is more akin to SVG than Mermaid. It’s an image format, not a text description language.

                        1. 4

                          I assume by graphciz they mean the dot format, which is meant for hand authoring. Though it seems like a different use case than mermaid.

                        2. 2

                          I mean, no reason we can’t have both in the future?

                          I say this as someone who only uses Graphviz, but I don’t think “older language/more files of it exist” is a fair comparison of which is more popular today. And I certainly wouldn’t praise Graphviz for being extremely flexible – AFAIK you resolve positioning errors (which are common) by cleverly adding invisible edges, or partitioning cleverly into subgraphs, or even by specifying coordinates for every single node, which is hell.

                        1. 11

                          There’s no overhead compared to calling regular Erlang code, and the generated APIs are idiomatic Erlang.

                          Any Gleam packages published to Hex (the BEAM ecosystem package manager) now includes the project code compiled to Erlang. Once the various build tools of the other languages have been updated they will be able to depend on packages written in Gleam without having the Gleam compiler installed.

                          We want to fit into the wider ecosystem so smoothly that Erlang and Elixir programmers might not even know they’re using Gleam at all! All they need to know is that the library they are using is rock-solid and doesn’t fail on them.

                          This is awesome! It’s really a shame that Elixir never did this. All the Elixir libraries are really painful to use in Erlang projects. I intentionally use Erlang for the open source libraries I’ve created so they are usable from all languages built on the VM.

                          1. 5

                            You feel exactly the same way I do! There’s so much good stuff in Elixir I wish the other languages could use.

                            1. 1

                              What are some other notable languages on the BEAM runtime? I’m only aware of Elixir, Erlang, and Gleam.

                              1. 2

                                Elixir and Erlang are the big ones but the other ones that get used in production that I’m aware of are LFE, Purerl, Hamler, and Luerl

                                1. 1

                                  I’ll have to look into those languages. Thanks!

                            2. 2

                              It’s really a shame that Elixir never did this. All the Elixir libraries are really painful to use in Erlang projects.

                              Aside from needing an Elixir compiler in all cases, and not being able to use Elixir macros (not Elixir’s fault!), where is the pain point? I am on the Elixir side 99.9% of the time so I don’t see it.

                              1. 6

                                There’s a few things:

                                • The Elixir compiler and standard library need to be installed, but they’re not on Hex unlike everything else, you don’t get declarative version resolution when installing them, and they increase the bytecode size quite a lot.
                                • The Elixir compilation process has a final step that needs to run last in order to optimise protocols, so you’ll need to wrap or modify your build tool in some way to do this.
                                • The Elixir module names and some function names use characters that require quoting in atoms so the function calls look rather strange 'Elixir.Project.Module':'active?'(X).
                                • Many APIs use macros when they could be functional, making them unsable from other languages.

                                These are not huge barriers, but if you use a library written in Erlang (or in future Gleam) you don’t have to worry about any of this. You add it to your list of deps and that’s it.

                                1. 4

                                  I think you missed my point. It’s troublesome when you want to use Elixir libraries from Erlang, or from any other language on the Erlang VM. The overhead and hassle of retrofitting an existing project with support for Elixir compilation makes it not worth the effort. Thus I stick with Erlang because I need to write code that can be used from any language on the VM.

                                  1. 3

                                    It could be (and probably is) pretty easy to use one of the existing rebar3 plugins for using Elixir from a Erlang project. Take https://github.com/barrel-db/rebar3_elixir_compile as an example integration. I haven’t used it, but it looks pretty straight forward. I still wonder how any configuration would be wired together, but that should be pretty reasonable to write if needed.

                                    Beyond the build system, I imagine Elixir code doesn’t feel ergonomic in other languages. It’s function argument ordering differs from a lot of functional languages, the pervasive use of structs in library APIs, the use of capitalization for modules doesn’t read well, and the constant prefix of 'Elixir.AppModue':some_function(). all make it less appealing.

                                    All together it’s just enough hassle to use outside of Elixir, and often that bit of work + usability issues isn’t worth it.

                                1. 7

                                  Seems like a whole lot of ceremony for something that is intended to be easy to deploy. And 2k for a template? At some point you’ve got to question whether you’ve selected the right architecture to begin with. You could put together a few docker containers and set everything up on K8s in a week and be done.

                                  No need to become a DevOps engineer: no need to SSH, make OS updates, configure proxy/webserver/load balancer/firewall, etc.

                                  You now have to become a AWS engineer though. I’d rather learn open source tools rather than proprietary services.

                                  1. 2

                                    Neato! It’s marked as archived (b/c Spawnfest, I presume), but where is the official fork living?

                                    1. 3

                                      Yes, it is archived until judging takes place.

                                      I forked it to https://github.com/Stratus3D/eflambe and I plan on continuing to maintain it and add formatters to it there.

                                    1. 3

                                      Spawnfest! https://spawnfest.org/ I’m doing a project in Erlang after working mostly in Elixir for the last couple years.

                                      1. 2

                                        Wow, another great plugin for rebar3! I’m really hoping I can spend some time in Erlang again soon. It seems like rebar3 is becoming comparable to Elixir Mix now. Excellent blog post as well!

                                        1. 1

                                          Well… we’re, in fact, looking for senior Erlang devs, if you’re interested.

                                        1. 36

                                          Pip pip! Time to get rev our coding engines to a high RPM! We’ll be sure to have a lot of snacks (yum!) to keep our spirits up. Of course, we’ll be apt to get some people who nix our great ideas, but I’m sure that’s just because of a desire to avoid cargo-cult programming.

                                          1. 24

                                            This seems like a tangled ball of yarn from the go get. It’s possible there will be some gems, but that’s assuming that nobody placed a hex on the conference. Regardless, I’m sure there will be a cabal of mavens in attendance ready to talk about their stack.

                                            1. 4

                                              Take it easy everyone. Go brew some coffee and watch some asdf videos.

                                              1. 3

                                                Nah, me and the Guix were hungry–and not for drinks or something chocolately–so we rock-paper-scissor’d, but I threw papers in luarocks so this little coding cabal’ll be getting some spago at the place with the foreign name, Leiningen’s.

                                            2. 8

                                              banned

                                              1. 3

                                                Or let’s just play some pac-man.

                                              1. 2

                                                OT: What terminal color scheme are you using? It looks a like gruvbox dark but with a little more contrast.

                                                1. 2

                                                  It is indeed gruvbox dark, I don’t think I’ve done anything special with it, at least not intentionally.

                                                  1. 2

                                                    It looks really sharp in your blog post. I need to start using it again.

                                                1. 10

                                                  There is one more, huge difference. Adding new field to record is breaking change while adding new field to struct is not. This is quite important in situations like:

                                                  • Process state update, with record you need to do it in 2 steps - create new record, migrate the old record to new one, rename new record. With maps it is not a problem, as old pattern matching will still apply to the new map.
                                                  • You need to know the record structure before you can match on it. It adds additional compilation dependency as well as forces you to recompile all modules that were using given record on each update. Map-backed structures do not have that issue.
                                                  1. 1

                                                    No. Adding a new field to a record or struct requires re-compiling code. Struct definitions cannot be changed at runtime. You can get around this limitation by manually adding keys to the map at runtime, but this won’t work if you then try to use the struct to access the new field. Take for example this struct from the blog post:

                                                    defmodule Person do
                                                      defstruct [
                                                        :name,
                                                        # This expression is evaluated at compile time
                                                        created_at: DateTime.now!("Etc/UTC")
                                                        ]
                                                    end
                                                    
                                                    # in iex
                                                    iex(1)> %Person{foo: "test"}
                                                    ** (KeyError) key :foo not found
                                                        expanding struct: Person.__struct__/1
                                                        iex:2: (file)
                                                    
                                                    iex(2)> person = Map.put(%Person{}, :foo, :baz)
                                                    %{
                                                      __struct__: Person,
                                                      created_at: {:ok, ~U[2021-07-06 23:38:24.658023Z]},
                                                      foo: :baz,
                                                      name: nil
                                                    }
                                                    iex(3)> %Person{foo: binding} = person
                                                    ** (CompileError) iex:5: unknown key :foo for struct Person
                                                    
                                                    # See more examples from this page https://elixir-lang.org/getting-started/structs.html
                                                    

                                                    By manually adding a field to the map, you are bypassing some of the things that make record/structs valuable. After adding injecting a new key and value like this, the map no longer matches the struct definition, and any typespecs or types that reference the struct are now wrong.

                                                    Process state update, with record you need to do it in 2 steps - create new record, migrate the old record to new one, rename new record. With maps it is not a problem, as old pattern matching will still apply to the new map.

                                                    If you want to add/change/remove fields from a record or struct at runtime you should migrate your data. OTP behaviors have callbacks for upgrading internal state not only because it’s needed but because you should be explicit about it.

                                                    You need to know the record structure before you can match on it. It adds additional compilation dependency as well as forces you to recompile all modules that were using given record on each update. Map-backed structures do not have that issue.

                                                    Only if you treat them as maps. If you treat them as structs recompilation will always be needed.

                                                  1. 18

                                                    TLDR: Instead of using length(list) > 0 - which traverses the whole list - use list.is_empty() which in Erlang you can implement using pattern matching with [_|_] which looks like a robot butt.

                                                    1. 2

                                                      With help from Filipe Varjão in Twitter, I now added a TL;DR directly into the article.

                                                      Nobody can say that I don’t listen to my readers :P

                                                      1. 1

                                                        I read the article thinking I was going to learn some obscure new fact only to find that it was explaining a simple concept I knew in a far more complicated way. This TLDR comment is better explanation.

                                                        Also, why, in a blog post, are single letter variables used? I can understand using them in the shell for experimentation but in a blog post they only make the Erlang syntax more obscure and hard to understand. We should be trying to make Erlang syntax as readable as possibly by using VeryDescriptiveVariableNames.

                                                        1. 3

                                                          I read the article thinking I was going to learn some obscure new fact only to find that it was explaining a simple concept I knew in a far more complicated way.

                                                          I think you put too much trust in my blog writing… and I appreciate that :)

                                                          This TLDR comment is better explanation.

                                                          Of course, since the article is not just an explanation. It’s also a joke and a funny story and a rumbling… or a combination of all that.

                                                          Also, why, in a blog post, are single letter variables used? […] VeryDescriptiveVariableNames.

                                                          Because I’m super-lazy and the variable names were not the point of the article. But don’t worry, I went in and extended the variable names now, they are NotSuperVeryClearYet, but it doesn’t really matter… Nobody looks at the variables when there is a super-sexy robot butt in front of them ;)

                                                        2. 1

                                                          I don’t think you can use a user-defined list.is_empty in guards, though.

                                                          1. 1

                                                            You can’t, you can match against [], tho.

                                                            1. 1

                                                              I’m a little disappointed erlang doesn’t have is_nonempty_list/1 which would play nicely with dialyzer, too.

                                                              You can build such a guard in elixir:

                                                              defguard is_nonempty_list(l) when is_list(l) and l != []
                                                              

                                                              Likewise disappointed it’s not in the Kernel module

                                                          2. 1

                                                            Why does Erlang not carry this information as a class attribute?

                                                            1. 7

                                                              Because lists are not a class, in Erlang. As a matter of fact, lists are just a human construct in Erlang. The language only provides a basic element with no particular meaning ([]) and a way to link two things together: The cons operator ( […|…]). The standard library (OTP) provides a module to use that cons operator to build lists by always putting a list on the second element of it and understanding [] as the empty list. So… if you use the functions in the lists module, it’s assumed that you will pass lists (i.e. things constructed by applying cons 0-N times over []), but in reality… nothing prevents you from using lists functions on things that are not actually lists…

                                                              1> lists:sublist([a | [b | [c | []]]], 1, 2).
                                                              [a,b]
                                                              2> lists:sublist([a, b | [c]], 1, 2).
                                                              [a,b]
                                                              3> lists:sublist([a,b,c], 1, 2).
                                                              [a,b]
                                                              4> lists:sublist([a,b|{something, that, is, "not a list"}], 1, 2).
                                                              [a,b]
                                                              

                                                              In a nutshell: [] and […|…] are basic building blocks of Erlang. Everything else (e.g. […, …, … | …], […, …, …], etc.) is just syntactic sugar.

                                                          1. 1

                                                            I’m not sure what happened, but the link was changed to my private gist instead of the public post. My private gist has been deleted so this should be linking to the public post - https://blog.rentpathcode.com/running-dialyzer-for-elixir-projects-in-github-actions-e0594220b272

                                                            1. 35

                                                              e-mail has a lot of legacy cruft. Regardless of the technical merits of e-mail or Telegram or Delta Chat, Signal, matrix.org or whatever, what people need to be hearing today is “WhatsApp and Facebook Messenger are unnecessarily invasive. Everyone is moving to X.” If there isn’t a clear message on what X is, then people will just keep on using WhatsApp and Facebook Messenger.

                                                              It seems clear to me that e-mail is not the frontrunner for X, so by presenting it as a candidate for replacing WhatsApp and Facebook Messenger, I think the author is actually decreasing the likelihood that most people will migrate to a better messaging platform.

                                                              My vote is for Signal. It has good clients for Android and iOS and it’s secure. It’s also simple enough that non-technical people can use it comfortably.

                                                              1. 26

                                                                Signal is a silo and I dislike silos. That’s why I post on my blog instead of Twitter. What happens when someone buys Signal, the US government forces Signal to implement backdoors or Signal runs out of donation money?

                                                                1. 10

                                                                  Signal isn’t perfect. My point is that Signal is better than WhatsApp and that presenting many alternatives to WhatsApp is harmful to Signal adoption. If Signal can’t reach critical mass like WhatsApp has it will fizzle out and we will be using WhatsApp again.

                                                                  1. 12

                                                                    If Signal can’t reach critical mass like WhatsApp has it will fizzle out

                                                                    Great! We don’t need more silos.

                                                                    and we will be using WhatsApp again.

                                                                    What about XMPP or Matrix? They can (and should!) be improved so that they are viable alternatives.

                                                                    1. 13

                                                                      (Majority of) People don’t care about technology (how), they care about goal (why).

                                                                      They don’t care if it’s Facebook, Whatsapp, Signal, Email, XMPP, they want to communicate.

                                                                      1. 14

                                                                        Yeah, I think the point of the previous poster was that these systems should be improved to a point where they’re just really good alternatives, which includes branding and the like. Element (formerly riot.im) has the right idea on this IMHO, instead of talking about all sorts of tech details and presenting 500 clients like xmpp.org, it just says “here are the features element has, here’s how you can use it”.

                                                                        Of course, die-hard decentralisation advocates don’t like this. But this is pretty much the only way you will get any serious mainstream adoption as far as I can see. Certainly none of the other approaches that have been tried over the last ~15 years worked.

                                                                        1. 7

                                                                          …instead of talking about all sorts of tech details and presenting 500 clients like xmpp.org, it just says “here are the features element has, here’s how you can use it”.

                                                                          Same problem with all the decentralized social networks and microblogging services. I was on Mastodon for a bit. I didn’t log in very often because I only followed a handful of privacy advocate types since none of my friends or other random people I followed on Twitter were on it. It was fine, though. But then they shut down the server I was on and apparently I missed whatever notification was sent out.

                                                                          People always say crap like “What will you do if Twitter shuts down?”. Well, so far 100% of the federated / distributed social networks I’ve tried (I also tried that Facebook clone from way back when and then Identi.ca at some point) have shut down in one way or another and none of the conventional ones I’ve used have done so. I realize it’s a potential problem, but in my experience it just doesn’t matter.

                                                                          1. 4

                                                                            The main feature that cannot be listed in good faith and which is the one that everybody cares about is: “It has all my friend and family on it”.

                                                                            I know it’s just a matter of critical mass and if nobody switches this will never happen.

                                                                          2. 1

                                                                            Sure, but we’re not the majority of people.. and we shouldn’t be choosing yet another silo to promote.

                                                                          3. 5

                                                                            XMPP and (to a lesser extent) Matrix do need to be improved before they are viable alternatives, though. Signal is already there. You may feel that ideological advantages make up for the UI shortcomings, but very few nontechnical users feel the same way.

                                                                            1. 1

                                                                              Have you tried joining a busy Matrix channel from a federated homeserver? It can take an hour. I think it needs some improvement too.

                                                                              1. 2

                                                                                Oh, definitely. At least in the case of Matrix it’s clear that (1) the developers regard usability as an actual goal, (2) they know their usability could be improved, and (3) they’re working on improving it. I admit I don’t follow the XMPP ecosystem as closely, so the same could be the same there, but… XMPP has been around for 20 years, so what’s going to change now to make it more approachable?

                                                                            2. 4

                                                                              […] it will fizzle out

                                                                              Great! We don’t need more silos.

                                                                              Do you realize you’re cheering for keeping the WhatsApp silo?

                                                                              Chat platforms have a strong network effect. We’re going to be stuck with Facebook’s network for as long as other networks are fragmented due to people disagreeing which one is the perfect one to end all other ones, and keep waiting for a pie in the sky, while all of them keep failing to reach the critical mass.

                                                                              1. 1

                                                                                Do you realize you’re cheering for keeping the WhatsApp silo?

                                                                                Uh, not sure how you pulled that out of what I said, but I’m actually cheering for the downfall of all silos.

                                                                                1. 2

                                                                                  I mean that by opposing the shift to the less-bad silo you’re not actually advancing the no-silo case, but keeping the status quo of the worst-silo.

                                                                                  There is currently no decentralized option that is secure, practical, and popular enough to be adopted by mainstream consumers in numbers that could beat WhatsApp.

                                                                                  If the choice is between WhatsApp and “just wait until we make one that is”, it means keeping WhatsApp.

                                                                              2. 3

                                                                                They can be improved so that they are viable alternatives.

                                                                                Debatable.

                                                                                Great! We don’t need more silos.

                                                                                Domain-name federation is a half-assed solution to data portability. Domain names basically need to be backed by always-on servers, not everybody can have one, and not everybody should. Either make it really P2P (Scuttlebutt?) or don’t bother.

                                                                                1. 2

                                                                                  I sadly agree, which is why logically I always end up recommend signal as ‘the best of a bad bunch’.

                                                                                  I like XMPP, but for true silo-avoidance you need you run your own server (or at least have someone run it under your domain, so you can move away). This sucks. It’s sort of the same with matrix.

                                                                                  The only way around this is real p2p as you say. So far I haven’t seen anything that I could recommend to former whatsapp users on this front however. I love scuttlebutt but I can’t see it as a good mobile solution.

                                                                              3. 8

                                                                                Signal really needs a “web.signal.com”; typing on phones suck, and the destop app is ugh. I can’t write my own app either so I’m stuck with two bad options.

                                                                                This is actually a big reason I like Telegram: the web client is pretty good.

                                                                                1. 3

                                                                                  I can’t write my own app either so I’m stuck with two bad options.

                                                                                  FWIW I’m involved with Whisperfish, the Signal client for Sailfish OS. There has been a constant worry about 3rd party clients, but it does seem like OWS has loosened its policy.

                                                                                  The current Whisperfish is written in Rust, with separate libraries for the protocol and service. OWS is also putting work into their own Rust library, which we may switch to.

                                                                                  Technically you can, and the risk should be quite minimal. At the end of the, as OWS doesn’t support these efforts, and if you don’t make a fool of them, availability and use increases their brand value.

                                                                                  Don’t want to know what happens if someone writes a horrible client and steps on their brand, so let’s be careful out there.

                                                                                  1. 2

                                                                                    Oh right; that’s good to know. I just searched for “Signal API” a while ago and nothing really obvious turned up so I assumed it’s either impossible or hard/hackish. To be honest I didn’t look very deeply at it, since I don’t really care all that much about Signal that much 😅 It’s just a single not-very-active chatgroup.

                                                                                    1. 1

                                                                                      Fair enough, sure. An API might sound too much like some raw web thing - it is based on HTTPS after all - but I don’t think all of it would be that simple ;)

                                                                                      The work gone into the libraries has not been trivial, so if you do ever find yourself caring, I hope it’ll be a happy surprise!

                                                                                  2. 2

                                                                                    The Telegram desktop client is even better than the web client.

                                                                                    1. 3

                                                                                      I don’t like desktop clients.

                                                                                      1. 4

                                                                                        Is there a specific reason why? The desktop version of Telegram is butter smooth and has the same capabilities as the phone version (I’m pretty sure they’re built from the same source as well).

                                                                                        1. 3

                                                                                          Security is the biggest reason for me. Every other week, you hear about a fiasco where a desktop client for some communication service had some sort of remote code execution vulnerability. But there can be other reasons as well, like them being sloppy with their .deb packages and messing up with my update manager etc. As a potential user, I see no benefit in installing a desktop client over a web client.

                                                                                          1. 4

                                                                                            Security is the reason that you can’t easily have a web-based Signal client. Signal is end-to-end encrypted. In a web app, it’s impossible to isolate the keying material from whoever provides the service so it would be trivial for Signal to intercept all of your messages (even if they did the decryption client-side, they could push an update that uploads the plaintext after decryption).

                                                                                            It also makes targeted attacks trivial: with the mobile and desktop apps, it’s possible to publish the hash that you get for the download and compare it against the versions other people run, so that you can see if you’re running a malicious version (I hope a future version of Signal will integrate that and use it to validate updates before it installs them by checking that other users in your network see the same series of updates). With a web app, you have no way of verifying that you’re running the same code that you were one page refresh ago, let alone the same code as someone else.

                                                                                            1. 1

                                                                                              A web based client has no advantages with regards to security. They are discrete topics. As a web developer, I would argue that a web based client has a significantly larger surface area for attacks.

                                                                                              1. 1

                                                                                                When I say security, I don’t mean the security of my communications over that particular application. That’s important too, but it’s nothing compared to my personal computer getting hacked, which means my entire digital life getting compromised. Now you could say a web site could also hijack my entire computer by exploiting weaknesses in the browser, which is definitely a possibility, but that’s not what we hear every other week. We hear stupid zoom or slack desktop client containing a critical remote code execution vulnerability that allows a completely unrelated third party complete access to your computer.

                                                                                            2. 1

                                                                                              I just don’t like opening a new window/application. Almost all of my work is done with one terminal window (in tmux, on workspace 1) and a browser (workspace 2). This works very well for me as I hate dealing with window management. Obviously I do open other applications for specific purposes (GIMP, Geeqie, etc) but I find having an extra window just to chat occasionally is annoying. Much easier to open a tab in my browser, send my message, and close it again.

                                                                                    2. 3

                                                                                      The same thing that’s happening now with whatsapp - users move.

                                                                                      1. 2

                                                                                        A fraction of users is moving, the technically literate ones. Everyone else stays where their contacts are, or which is often the case, installs another messenger and then uses n+1.

                                                                                        1. 2

                                                                                          A fraction of users is moving, the technically literate ones

                                                                                          I don’t think that’s what’s happening now. There have been a lot of mainstream press articles about WhatsApp. The technical users moved to Signal when Facebook bought WhatsApp, I’m now hearing non-technical folks ask what they should migrate to from WhatsApp. For example, one of our administrators recently asked about Signal because some of her family want to move their family chat there from WhatsApp.

                                                                                          1. 1

                                                                                            Yeah these last two days I have been asked a few times about chat apps. I have also noticed my signal contacts list expand by quite a few contacts, and there are lots of friends/family who I would not have expected to make the switch in there. I asked one family member, a doctor, what brought her in and she said that her group of doctors on whatsapp became concerned after the recent announcements.

                                                                                            I wish I could recommend xmpp/OMEMO, but it’s just not as easy to set up. You can use conversations.im, and it’s a great service, but if you are worried about silos you are back to square one if you use their domain. They make using a custom domain as friction-free as possible but it still involves DNS settings.

                                                                                            I feel the same way about matrix etc. Most people won’t run their own instance, so you end up in a silo again.

                                                                                            For the closest thing to whatsapp, I have to recommend Signal. It’s not perfect, but it’s good. I wish you didn’t have to use a phone number…

                                                                                      2. 2

                                                                                        What happens when someone buys Signal, the US government forces Signal to implement backdoors or Signal runs out of donation money?

                                                                                        Not supporting signal in any way, but how would your preferred solution actually mitigate those risks?

                                                                                        1. 1

                                                                                          Many different email providers all over the world and multiple clients based on the same standards.

                                                                                          1. 6

                                                                                            Anyone who has written email software used at scale by the general public can tell you that you will spend a lot of time working around servers and clients which do all sorts of weird things. Sometimes with good reasons, often times with … not so good reasons. This sucks but there’s nothing I can change about that, so I’ll need to deal with it.

                                                                                            Getting something basic working is pretty easy. Getting all emails handled correctly is much harder. Actually displaying all emails well even harder still. There’s tons of edge cases.

                                                                                            The entire system is incredibly messy, and we’re actually a few steps up from 20 years ago when it was even worse.

                                                                                            And we still haven’t solved the damn line wrapping problem 30 years after we identified it…

                                                                                            Email both proves Postel’s law correct and wrong: it’s correct in the sense that it does work, it’s wrong because it takes far more time and effort than it really needs to.

                                                                                            1. 2

                                                                                              I hear you (spent a few years at an ESP). It’s still better than some siloed walled garden proprietary thing that looks pretty but could disappear for any reason in a moment. The worst of all worlds except all others.

                                                                                              1. 2

                                                                                                could disappear for any reason in a moment

                                                                                                I’m not so worried about this; all of these services have been around for ages and I’m not seeing them disappear from one day to the next in the foreseeable future. And even if it does happen: okay, just move somewhere else. It’s not even that big of a deal.

                                                                                                1. 1

                                                                                                  Especially with chat services. There’s not that much to lose. Your contacts are almost always backed up elsewhere. I guess people value their chat history more than I do, however.

                                                                                      3. 11

                                                                                        My vote is for Signal. It has good clients for Android and iOS and it’s secure. It’s also simple enough that non-technical people can use it comfortably.

                                                                                        I’ve recently started using it, and while it’s fine, I’m no fan. As @jlelse, it is another closed-off platform that you have to use, making me depend on someone else.

                                                                                        They seem to (as of writing) prioritize “security” over “user freedom”, which I don’t agree with. There’s the famous thread, where they reject the notion of distributing Signal over F-Droid (instead having their own special updater, in their Google-less APK). What also annoys me is that their desktop client is based on Electron, which would have been very hard for me to use before upgrading my desktop last year.

                                                                                        1. 6

                                                                                          My vote is for Signal. It has good clients for Android and iOS and it’s secure. It’s also simple enough that non-technical people can use it comfortably.

                                                                                          What I hate about signal is that it requires a mobile phone and an associated phone number. That makes it essentially useless - I loathe mobile phones - and very suspect to me. Why can’t the desktop client actually work?

                                                                                          1. 2

                                                                                            I completely agree. At the beginning of 2020 I gave up my smartphone and haven’t looked back. I’ve got a great dumb phone for voice and SMS, and the occasional photo. But now I can’t use Signal as I don’t have a mobile device to sign in to. In a word where Windows, Mac OS, Linux, Android, and iOS all exist as widely used operating systems, Signal is untenable as it only as full featured clients for two of these operating systems.

                                                                                            Signal isn’t perfect.

                                                                                            This isn’t about being perfect, this is about being accessible to everyone. It doesn’t matter how popular it becomes, I can’t use it.

                                                                                            1. 1

                                                                                              They’ve been planning on fixing that for a while, I don’t know what the status is. The advantage of using mobile phone numbers is bootstrapping. My address book is already full of phone numbers for my contacts. When I installed Signal, it told me which of them are already using it. When other folks joined, I got a notification. While I agree that it’s not a great long-term strategy, it worked very well for both WhatsApp and Signal to quickly bootstrap a large connected userbase.

                                                                                              In contrast, most folks XMPP addresses were not the same as their email addresses and I don’t have a lot of email addresses in my address book anyway because my mail clients are all good at autocompleting them from people who have sent me mail before, so I don’t bother adding them. As a result, my Signal contact list was instantly as big as my Jabber Roster became after about six months of trying to get folks to use Jabber. The only reason Jabber was useable at all for me initially was that it was easy to run an ICQ bridge so I could bring my ICQ contacts across.

                                                                                              1. 1

                                                                                                Support for using it without a phone number remains a work in progress. The introduction of PINs was a stepping stone towards that.

                                                                                              2. 1

                                                                                                What I hate about signal is that it requires a mobile phone and an associated phone number.

                                                                                                On the bright side, Signal’s started to use UUIDs as well, so this may change. Some people may think it’s gonna be too late whenever it happens, if it does, but at least the protocols aren’t stagnant!

                                                                                            1. 6

                                                                                              I haven’t used it myself, but https://www.opalstack.com/ was founded by one former employee of WebFaction (source: https://www.opalstack.com/2019/03/13/its-time-to-switch-to-an-independently-owned-hosting-company/ ) and from a cursory look at their pages they should match your requirements.

                                                                                              1. 1

                                                                                                Wow! Thanks for sharing. I had not heard about OpalStack, I think I am going to give it a try.

                                                                                              1. 8

                                                                                                I can see this causing trouble in certain environments. And article mentioned 90 env variables is even not that many. For example in a quite busy Kubernetes namespace I right now have pods that have not disabled enableServiceLinks in PodSpec and have ~700 env variables set (each Service gets bunch of env vars automatically set for every exposed port).

                                                                                                1. 5

                                                                                                  This is exactly what happened to the application I mentioned in the post. Prior to migrating to Kubernetes I think this app was run in an environment with only a couple dozen variables. And after the move to Kubernetes I think we had around ~1200 set.

                                                                                                  1. 3

                                                                                                    I have been unamused with Elixir apps on Kubernetes and Docker, but here we are. :(

                                                                                                1. 5

                                                                                                  you added code that isn’t relevant in the happy path, you caught exceptions that had no possible remedy other than exiting, you wrote more code, did more work, did not reduce coupling, did not improve performance.

                                                                                                  you also used set -u, and then explicitly tried to check whether $HASTEBIN_URL was set, which is the opposite of reducing coupling, and it doesn’t even work because of set -u. you even decided to handle cat returning nonzero, which is largely unnecessary.

                                                                                                  i don’t understand, isn’t this just the opposite of let it crash?

                                                                                                  1. 3

                                                                                                    Thank you for pointing out that my manual check doesn’t fit with Let It Crash. You are correct. I’m not sure why I left in the code that manually checks for the presence of $HASTEBIN_URL as that is just not needed with set -u. I have removed that from the improved Bash script.

                                                                                                    As to why the final Bash script contains more code than the original, negating one of my earlier points, is because Bash is notorious for ignoring commands that fail, and happily continuing even though things have gone wrong. Those extra flags makes Bash a little stricter, so that when something does go wrong it will crash. Bash is hard language to apply Let It Crash in, but I chose it to show that it can be applied in Bash and result in better Bash scripts.

                                                                                                    1. 9

                                                                                                      Also the Let it Crash philosophy comes from working under a supervisor, which automatically restarts relevant processes after a crash. Just crashing out of a stand-alone script seems to be a world away from this.

                                                                                                      1. 3

                                                                                                        I think this part of let-it-crash is usually called fail-early and that’s what is being applied here. Very well, imho. I have a similar preamble in all my bash scripts.

                                                                                                        1. 3

                                                                                                          It’s just a different concept: Stopping vs restarting.