1. 1
    1. 6

      I had no idea what this was about, and the tagline

      Loki: like Prometheus, but for logs.

      didn’t help, as I’m not familiar with Prometheus (the software) either.

      I will remark whoever that the branding is all over the place. Repo name is “grafana/loki”, the log spells it “Grafana loki”, but it’s referred to “Loki” in the running text.

      Also, the logo reminds me of a male phallus, but to remark on this fact would be puerile, so I will not.

      1. 3

        I agree with the branding. I’m not entirely sure what its purpose is either, but I’m a fan of both Prometheus and Grafana so I’ll continue digging into it.

        Looks like they’ve changed the logo already.

      1. 1

        YAM Management is hiring in Scottsdale, Arizona for a Node.js developer (using hapi.js) and an Angular developer (using AngularJS). We don’t do remote at this time.

        The team is doing business intelligence, reporting, and general development for the 15+ companies in the YAMily. Challenging work, respectful work hours, and great benefits. If you have any questions, feel free to PM me.

        1. 3

          Here’s a PDF of the slides - http://tinyclouds.org/jsconf2018.pdf

          1. 2

            Yeah, I had a play with this a while ago and it works pretty well: in a field trial among ~20 mostly non-tech friends, only one noticed that there was no way to set a password.

            1. 2

              One of your comments is that cookie security wasn’t taken seriously. Could it be the case that you can include in the cookie a per-browser fingerprint as well as a key, and then use a HMAC to hide this information and ensure the authenticity and integrity.

              If an attacker were to steal the cookie, the server could identify that even though the secret is valid, the browser has changed significantly enough (cookie theft in the positive case, a sufficiently serious upgrade in the negative case) and force a new login for the browser?

              1. 1

                I thought this way too until I started tracking our users’ browser fingerprints. Then I discovered that they changed way more than you’d expect; I never investigated why but saw that it was unreliable enough to not pursue.

                1. 1

                  Yeah, I think the very fast browser update cycle these days might stuff this idea up.

            1. -7

              “CommonMark compliant” … lol yeah, forget it.

              it’s a fake “standard.” They didn’t think of Markdown, invent it, or do anything to help it’s advance.

              No one needs to “comply” with “CommonMark. The CommonMark project has been trying to take ownership of Markdown for years. It’s ridiculous and annoying.

              1. 8

                They didn’t think of Markdown, invent it, or do anything to help it’s advance.

                You say “it”, when one of the reasons CommonMark exists, is that there is no single “it”, there are divergent implementations/extensions. The original implementation is not a specification, and it ‘has bugs’/is ambiguous.

                I am not too well-informed; who is better suited to “do anything to help it’s advance”? And what did CM do wrong?

                1. 5

                  I presume what leeflannery is referring to is that John Gruber is BDFL of Markdown and the only authority. Only he’s more like the Absent Dictator for Life, which resulted in a proliferation of implementations that sometimes conflicted with each other and Markdown and led Jeff Atwood (of StackOverflow) to establish CM.

                  Atwood’s story is here - https://blog.codinghorror.com/standard-markdown-is-now-common-markdown/

                  And here’s the Github issue with some more detail - https://github.com/commonmark/CommonMark/issues/19

                2. 6

                  it’s a fake “standard.” They didn’t think of Markdown, invent it, or do anything to help it’s advance.

                  Every standard is fake, if you want to be pedantic about it. No C compiler has to comply with the ANSI standard, no web server has to implement the HTTP spec. Nor are these standards set in stone (good ones at least), and they develop with trends, new needs and realization of previous shortcomings.

                  What the CommonMark project want to achieve isn’t to make up some unrelated markup language, or to feel special for themselves, but “propose a standard, unambiguous syntax specification for Markdown, along with a suite of comprehensive tests to validate Markdown implementations”. And as I’ve already mention in this thread, these people aren’t nobodies, but instead it was initiated by some of the more major figures in the “markdown scene”. Sure, they don’t “own” markdown (whatever that is supposed to mean), but they are proposing a common ground to strongly define the syntax and the semantics of a markdown parser, having have already published revisions, updating their specification.

                  If it’s a good standard, people will adopt it when doing something related to markdown, otherwise they won’t. This doesn’t look like something “stupid”, if you were to ask me, but rather an incentive to create a well defined, common sensical, sane specification, to improve the current state of markdown – and if one doesn’t like it, there’s absolutely no need to worry about it or pay any attention whatsoever to the project.

                1. 3

                  I found this to be a reasonable comparison between the two ecosystems.

                  1. 4

                    I really liked this blog entry because I’ve had one or two of those epiphanies in my lifetime. They led to some of the most fruitful periods of development, when I finally “got” something. I liked his sharing of some of the resources that helped him to grok the subjects.

                    I’m curious if anyone else has any resources like that. (I’ll try to think of some myself and share them here.)

                    1. 3

                      Thank you for this! I tried to move my Wordpress blog to Jekyll but stalled because I really didn’t want to learn the Ruby to do some customizations. (This was basically the same problem I had with Movable Type back in the day.)

                      1. 2

                        I’m happy this article was helpful to you.

                      1. 3

                        It’s early in its life and I’m not sure what I think about its prospects or even its raison d’être.

                        On the latter, there are better languages and runtimes to handle concurrency. Many, in fact. One of JavaScript’s appeals, to me, was its singlethreadedness—just one less thing to think about, one constraint to keep things simpler. (Especially with all the foot-guns JS gives you!) But if you’re coding JS all over the place, it’s also simpler to just stay in that space when you need to parallelize something. Generally, the better performance of those other languages is dwarfed by the I/O waiting.

                        On the former, all of the npm modules out there were built without any awareness of multiple threads and most Node projects are a morass of dependencies (including all of mine, of course). Switching to this runtime is fraught with difficult-to-discern bugs in your code as well as in the code you didn’t write. That’s going to hamper uptake, as will having to trust that Microsoft is going to embrace this project and keep developing on it.

                        1. 4

                          I think that’s a little bit of FUD there, though–from a cursory look at the API, they just seem to be creating isolated V8 contexts (effectively) and adding a bit of glue to help with farming out things to worker pools. The API isn’t completely compatible yet, but it seems like memory sharing bugs and concerns aren’t quite valid.

                          1. 1

                            What’s a little bit of FUD? The fears about dependency incompatibility making debugging more difficult or that Microsoft might abandon the project at some point?

                            1. 2

                              Dependency incompatibility is plausibly overstated.

                              I would expect switching to multiple V8s running inside one process to not be a big problem for pure JS code. async Node JS doesn’t usually want to do anything which depends on process wide mutable state (like changing cwd then changing it back) because that will usually be race-ey even with a single threaded implementation (because some other code could muck with it while the first one is waiting for a callback).

                              I wouldn’t expect this to make your existing code share data structures between threads at all, except for code that is explicitly using postMessage or using SharedArrayBuffer (whenever that becomes a thing).

                              Libraries that extend Node in C or C++ may care. It’s 2017 though, libraries should be threadsafe! Don’t write bindings if they aren’t. :/

                              1. 1

                                On the former, all of the npm modules out there were built without any awareness of multiple threads and most Node projects are a morass of dependencies (including all of mine, of course). Switching to this runtime is fraught with difficult-to-discern bugs in your code as well as in the code you didn’t write.

                                My reading here was that you were implying that single-threaded code running in a multi-threaded environment might explode and that there were difficult bugs that plagued this runtime.

                                The former I don’t think is actually a problem because of the memory model Node and this use, and the latter I assume is FUD unless you have links.

                                1. 2

                                  That’s a fair point, in that I just made an assertion. And even that isn’t based on any tangible work with the project.

                                  If there are no side effects of inter-thread communication and sharing in the dependencies, then, sure, there will be no problems. If there are, then it’s likely that it’ll happen in the myriad of packages that your project includes or the dependency tree from those packages. In my experience with multithreading (not JS), it can get very gnarly to figure out if it’s your code, the dependencies, or the runtime itself.

                                  That’s what I meant. I’ll accept that it’s a “little bit” of FUD because it doesn’t arise from actual experience. (And JS’s natural asynchronous model probably negates my real experiences with multithreading.)

                          1. 15

                            I liked his idea of using framework delay as a measure that he tracks between releases—it’s not particularly significant but you want to keep an eye on the direction.

                            1. 21

                              In that blog post, Mozilla describes RiseUp as “a coordination platform used by activists across the political spectrum”, which I think is disingenuous. They are specifically far-left, and describe themselves as such: “The Riseup Collective is an autonomous body based in Seattle with collective members world wide. Our purpose is to aid in the creation of a free society, a world with freedom from want and freedom of expression, a world without oppression or hierarchy, where power is shared equally. We do this by providing communication and computer resources to allies engaged in struggles against capitalism and other forms of oppression.” (from RiseUp’s about page)

                              My own politics are that free societies, freedom from want and freedom of expression are not actually protected particularly well by far-left political structures, even though proponents of these structures claim otherwise, and far-left political structures with real-world power are very capable of oppressing people by means of claiming that certain groups of people are oppressors and therefore deserve violence and repression. So I’m not particularly happy to see Mozilla donating to a group with politics like those of RiseUp.

                              That said, I do think “create[ing] revolution and a free society in the here and now by building alternative communication infrastructure designed to oppose and replace the dominant system.” is a good thing, at least with respect to certain definitions of “revolution” and “free society” (ones that I think far left political organizations like RiseUp would disapprove of). But I wish that Mozilla had chosen to support a more politically-neutral organization building alternative communication infrastructure (perhaps the Tor project or OpenWhisper?) to do so.

                              1. 12

                                I, personally, find a system which would prevent people from being capitalist if they chose to be morally repugnant, and deeply coercive. I similarly find revolution, meaning violent revolution, to be inherently coercive, by definition.

                                Finally, non-hierarchical systems are simply systems which do not acknowledge their hierarchies, and are therefore politically incapable of fixing them or preventing them from being abusive. In a system with no acknowledged hierarchies, the despised minorities, the minority groups the majority wants to marginalize and, possibly, destroy, have no recourse when they’re being oppressed. The two options open to them, fight back or leave, are hardly options; the first leads to destructive, genocidal reprisals, the second, to dispossessed refugees. An acknowledged hierarchy, with a rule-based code of laws and accountability, at least has a chance at preventing those things.

                                1. 7

                                  They are seriously leftist.

                                  1. 4

                                    Regardless of how RiseUp describes itself, it is a platform used by activists across the political spectrum. So regardless if you/me agree with RiseUp politics they do maintain a platform for people who are potential surveillance and censorship targets. Since you self-identify as pro-freedom I’m sure you agree on how much important is this and why we need more platforms like RiseUp.

                                    1. 4

                                      Does RiseUp police the people who are allowed to use it? Can certain groups be banned from RiseUp?

                                      1. 12

                                        Termination: Your account may be deleted without warning if you: send unsolicited bulk commercial or activist email (spam); or fail to log in for an extended period of time; or use your account to contribute to the harm and abuse of other people.

                                        I’m going to go out on a limb and say that if you’re a pro-free market group using their platform (assuming you can get an invitation code from a current organizer) then this clause will be used to close your account.

                                        1. 6

                                          That’s a really good question! I would definitely feel a lot better about the donation if RiseUp was technologically incapable of banning from their platform political activism organizations with political goals contradictory to those of the far left. As far as I can tell though, it’s just an ordinary webmail/VPN service run by volunteers with a stated political objective. If it was widely known that anti-leftist political actors were using RiseUp email addresses or RiseUp VPNs, I don’t know what would prevent the volunteers running the service from banning those accounts.

                                    1. 1

                                      The best part of the article is getting to see into the mind of a DBA looking at the query plan. This sort of optimization can have tremendous impact of performance, but there’s no great resource I’ve found about how to do it. (I suspect it’s just hard-won experience.)

                                      1. 4

                                        Eran Hammer, if you weren’t aware, is the originator of the popular Node.js Web framework hapi. He’s pretty abrasive but he’s not wrong.

                                        1. 2

                                          I like the simplicity of it, but a dot changing color seems like too subtle of a visual indicator of something. It’d be nice if the act of changing color was accompanied by a push notification.

                                          1. 1

                                            I think notifications are outside of the scope of this tool. Instead, you should create notifications by calling a different tool from your daemon or script, right after you set the color. For example, you can run this command, which uses AppleScript, in your shell:

                                            osascript -e 'display notification "The color changed from green to red." with title "Color Change"'

                                            Or you can install the command-line tool terminal-notifier, which lets you customize the click action, icon, and more:

                                            terminal-notifier -title 'Your site is down' -message 'See for yourself.' \
                                                              -open 'http://example.com/your/site/'

                                            By the way, you can run text-to-speech with ‘say’:

                                            say "Warning! The frobnicator is about to overload!"