1. 7

    This is not a .engineering problem. It is more of a problem with hardcoded fixed lists of what is a valid TLD (and sometimes a ccTLD). IANA maintains a list of valid TLDs and it is good practice to validate against it from time to time if you need to make sure that a submitted URL or email address points to at least something that is under a TLD.

    http://data.iana.org/TLD/tlds-alpha-by-domain.txt

    1. 2

      My guess would be regex validation with a maximum TLD length, considering the author said it accepted a shorter but invalid TLD.

    1. 14

      The Dell XPS13 laptops running linux are good - but I’d want an employer to pay for one :~)

      1. 6

        but I’d want an employer to pay for one

        This is how I feel about nearly any ultrabook-style laptop ? these things are so damn expensive

        1. 5

          Don’t those also have a version with a matte finish screen? I’ve been wanting to replace my 15" 2009 mbp (had a matte screen), and have looked at these a bit.

          1. 3

            The non-touch version comes with a matte screen, yep

          2. 4

            I’m happy with my XPS13 (3rd rev Developer Edition), after upgrading from the first rMBP15 (never buy 1st gen Apple products). It’s not without it’s problems, especially when it comes to hiDPI support in the ecosystem. Always worried about upgrading or changing distros because who knows what might break. Will it stop hibernating?

            Altogether I’m very content with finally making Linux my primary desktop OS, and hope the support, quality, and community will continue improving.

          1. 2

            A little small, isn’t it?

            1. 5

              It’s been noted in previous investigations of Red Star OS uses ip addresses, not domain names, for quite a few built ins - proxies, etc.

              1. 3

                From the same leak and posted around the same time as OP (Jan 2015) there was an investigative blog post about Naenara specifically digging into networking.

                On the HN discussion for that, I added that at a school I visited in 2013, end-users appear to navigate to private IPs directly (#1, #2) instead of utilizing domain names.

            1. 1

              If they’re not going to use a password manager then using lots of words is probably the best you’re going to do. You can mix it up a little by throwing some numbers or symbols in there and varying the capitalization.

              It also helps if they use some non-dictionary words in there. But nothing that’s easy to remember for humans is going to be as good as a bunch of random characters including non-alphanumeric.

              1. 1

                A potential attacker would have to assume that a 30 character password could contain any characters. If that’s true, having 30 lowercase letters is as secure as 30 mixed case or 30 with numbers and symbols?

                1. 2

                  I think the concern is dictionary based brute force attacks. People love talking about entropy with regards to password strength, but I think that ignores search space. A long passphrase has very high entropy on a per-character basis, but a memorable series of lowercase words chosen from common vocabulary (not a dictionary) is more likely to be attempted first before a similar length string with special characters. Another thing that I think complicates the discussion is whether you’re protecting against login attempts, hash cracking (from a credential db leak), or a targeted attack that may have already obtained a passphrase you use elsewhere. Different patterns and recommendations tend to focus on addressing one or more of these concerns, but any strategy requiring memorization (no password manager) will compromise on these. All that is to say a long passphrase is good, but a long passphrase with some special characters is even better at guarding against one type of attack.

                  1. 1

                    You should consider attack vectors. If you have a list of all known usernames like say a forum has a directory of users, then my first attack would be to try every known username against common passwords like password, password1, hunter2, Password, dog, etc.

                    Another attack vector is you know the user you want to compromise, so you try potential passwords like names of family, friends, significant things in their life. You can open it up to just all English words, then vary that by special characters trying some leet speak substitutions.

                    In summary, I’m just saying that an attacker knows the total solution space is gigantic, but could also assume some basic human nature that were lazy so we make passwords easy and memorable. An attacker might be able to exploit this and reduce their search space enough to have a feasible attack.

                    1. 1

                      Why would they have to assume that? Especially knowing that XKCD has made series of words passwords popular. Plus, you don’t know how long a password is based on its hash.

                      Seems like a totally reasonable attack vector nowadays to me to just randomly assemble the most common couple thousand words.

                  1. 2

                    Visiting some friends in SF who have a computer in the basement of their event space with twelve 4k displays and will be dabbling with software that can render to all those pixels (99.5 million of them) efficiently. Sadly, Java/Processing wasn’t up to the task, even with opengl or running a separate application on each display. My best results so far have been with pygame+opengl [1], but I’m probably going to struggle to make much as a python noob (not great with GL either).

                    [1] https://www.dropbox.com/s/1x8nxnmrhv9hpi2/nebula.mp4

                    1. 3

                      Torn about pursuing my side project in 2016. I took a few months off from client work to focus on it, and accomplished quite a bit (nodejs+docker app with almost 60 proof-of-concept plug-ins; a total of something like 26k lines of coffeescript). It would be a long road to make it productized, user-friendly, documented, reliable, etc. to the point where anyone would use it, nonetheless contribute to it. I’m confident showing it to the world as it is would yield zero users, zero contributors, and countless criticisms of my choice of language, runtime, container technology, plug-in api, coding style, or goals. It was a neat thought experiment and prototype, but I’m ill-equipped to make it much more than that.

                      Instead I’m settling back into client work, which is challenging, fun, and lucrative (enough). Starting this year in Santiago, Chile, and just passed the 8 year mark of traveling while working. I haven’t spent more than 3 consecutive weeks in any one city since 2007 and might as well keep that streak going this year.

                      1. 4

                        Today I realized I misused the word “sabbatical” a few times this month—apparently it implies you’re on paid leave. I’m one month into a 3-6 month unpaid break from client work.

                        I wish I could concisely summarize the project and the type of guidance I would like to get, but it’s all pretty overwhelming (what I’ve done, what I need to do, what I could do, fear of everyone hating it, etc).

                        1. 1

                          +1 for “fear of everyone hating it”

                        1. 3

                          I can relate to this in more ways than the post lays out. I feel like I’m being talked down to, as if the solution is trivial (it often isn’t). The just-sayers often don’t have a complete picture of the problem and prescribe the obvious solution without taking a minute to understand more about the context.

                          It seems to be a certain personality type that tends to just-ify advice, as if to posture themselves as superior.

                          Of course, one of them might respond to this whole topic as, “Why don’t you just ignore them?”

                          1. 4

                            The just-sayers often don’t have a complete picture of the problem and prescribe the obvious solution without taking a minute to understand more about the context.

                            The flip side of this is that sometimes people are very resistant to simpler solutions because they are so wedded to existing context or patterns, even when the cost of changing those patterns is much lower than the cost of a complex bespoke solution.

                            None of which contradicts the author’s point about the word “just,” which I’ve been catching myself using too often lately.

                            1. 1

                              In only 140 characters, I doubt either the problem or the solution can easily be described, nevermind understood.

                            1. 4

                              With well-named functions/variables and a logical flow, comments can end up being pretty redundant. If it’s not clear what is happening and why, consider refactoring so it’s more clear (Granted, clarity may come at a cost of performance. Prioritize appropriately). If for whatever reason you cannot refactor it to be more straightforward, add comments. A common rule of thumb is to explain not what the code is doing, but why it is doing it.

                              I personally don’t think it’s helpful to think of it as one side is right or wrong, or even more important. Comments and self-documenting code are both essential, but not necessarily at the cost of the other in all cases.

                              1. 14

                                Granted, clarity may come at a cost of performance. Prioritize appropriately

                                To this point: unless you, your team, your boss and Knuth himself have all profiled the code in question and agree that performance is more important than clarity, pick clarity.

                                99% of the time future you won’t be thinking “gee, I’m glad I squeezed those few extra cycles out here” - you’ll be saying “what in the fuck did I do that for?!”

                              1. 1

                                This series is really great! It hits a sweet spot between high level overview and exhaustive detail, written approachably in plain English, and includes a bunch of examples.

                                1. 2

                                  I’m exploring using a graph db (neo4j) to map out what my friends and what they’re sharing online. At the moment, I’m pulling in my friends' github activity. It’s a silly use-case, but it does kind of bother me that all this interesting and relevant data is out there and all GitHub does is show me a few recent actions friends have taken.

                                  Last week I set up a foundation for multiple instances of my app to connect and share graph data by querying friends' or friends of friends' graphs, with a few reduction methods and some privacy controls. I’d like to figure out a way for a user to maintain an accurate graph of people, things, and activity between those people and those things, but only for about one degree of separation (what we have access to via APIs). Then, to get a broader picture, query n degrees out. e.g. What repos have people in my extended network recently starred/watched, or depended upon within their projects? What places near me have people in my extended network reviewed on fourswarm, yelp, etc.?

                                  1. 5

                                    I’ve pretty much finished the Java IPFS api. Also just got right-click to share working in Peergos. Peergos is getting close to us starting to roll out the private alpha, a few more UI improvements mainly and possibly switching in IPFS for the DHT.

                                    1. 2

                                      That’s pretty wicked. The stuff people are coming up with around IPFS is really interesting. So the goal is to have file sharing and a social network (and email) while being completely server-less?

                                      1. 2

                                        Yes, eventually we want to be totally decentralised. There are some things, however, that are extremely hard to decentralise, for example the mapping between username and public key (whilst ensuring username uniqueness). The hope is you’ll be able to run you’re own Peergos node, store all your files, and access it from any Peergos node you trust to serve up the website. Whilst also being able to share stuff with others. The sharing structure is based on cryptree which Wuala used. It’s a really elegant data structure for cryptographic control over file system access.

                                        Also, email fundamentally leaks metadata so our “key-mail” uses our file sharing api (which doesn’t expose your friendship graph to passive attackers) to send asynchronous messages. Right now we store some encrypted file metadata centrally, but hope to move that to IPNS when it is more mature.

                                        1. 1

                                          There are some things, however, that are extremely hard to decentralise, for example the mapping between username and public key (whilst ensuring username uniqueness).

                                          It seems like you could use an existing or new authority for this, from DNS to something like keybase.io, and possibly even a choice between providers (“ianopolous.com” or “ianopolous@keybase.io” or “ianopolous@peergos”). Or, given IPFS' immutability, there ought to be a way to do an append-only, first come first served key-value store. None of the approaches are as trivial as they sounds, but it seems like there are a number of ways forward, each with its own sacrifices (namespacing by provider, not truly/completely decentralized, etc)

                                          1. 1

                                            DNS records or keybase could be removed/shutdown by a third party comparatively easily. A blockchain based approach is another possibility, but would be a lot more work. You’re right, there are options, but none are a clear win or easy and it’s only worth doing once the rest of it is fully decentralised.

                                      2. 2

                                        Hey! Totally unrelated, but you’re a JPC guy, right? Is that project still being developed? Does it have any chance of running a recent OS (current *BSD or Linux)?

                                        1. 2

                                          G'day sspiff,

                                          I am indeed the JPC guy. :-) JPC is on the backburner for now because of Peergos (which is also not my day job), but I do want to get back to it. It won’t boot anything modern at the moment I’m afraid (post Windows 98). I’m part way through a port of Bochs to Java, which would be able to run anything. I love emulators.

                                          1. 2

                                            That’s good to hear. I worked with the JVM quite a bit during my student days, and loved JPC. I even started working on a SB16 module for it (I saw that it now has audio!)

                                            I was hoping to use it to run some small Unix tools from my non-rooted Android (and BlackBerry) devices. I tried OpenBSD but it gets stuck booting the installer disc. I look forward to your bochs port! Keep up all the good work!

                                            1. 1

                                              Thanks, mate! I love getting feedback like this. :-) I had a lot of fun in the last JPC rewrite (which made it 10X faster) in the disassembler and interpreter generator. A dream is to use an emulator in conjunction with Peergos to have a “secure vm in the cloud” which you can start from anywhere, run locally, snapshot to the network and move machines etc.

                                      1. 3

                                        More or less done with client work for the foreseeable future (aside from maintenance/support) and working on yet another indie web run-your-own-server kind of thing.

                                        Today I was tinkering with neo4j. It’s pretty slick, but my initial velocity has been lower than I’d like. The node adapters I’ve used so far have been painful, it seems in part due to neo4j 1.x->2.x. If anyone thinks I should spend the week diving into a different graph database, I’m open to suggestions!

                                        1. 4

                                          Making some progress on cross-browser hot-swappable JavaScript here.

                                          1. 2

                                            The function proxy and versioning method is clever. The eventListener example seems especially tricky. Nice work!

                                          1. 2

                                            Well, how does this actually compare with Facebook? You can exclusively use messenger if you prefer to avoid baby pictures. The default web clients are actually pretty flexible if you take the time to set up groups and lists and whatnot. And while I haven’t used it, I think you can take the graph API and build any client you like, so if you wanted to only post Ed25519 signed updates, you could do that.

                                            Now, there’s something of a governance issue. Not just anyone can make changes to Facebook. How will you organize your network? I suppose you could model it like Mozilla, although practically speaking I feel pretty powerless controlling the direction Firefox is going too.

                                            1. 2

                                              I’m working on something that addresses this with decentralization. With a decentralized or federated system, the governing body would push specifications and reference implementations rather than features. Then, governance becomes something that is driven by consensus among the user base. The feature set adopted by the majority of your friends defines the feature set of your network.

                                              1. 2

                                                Facebook provides their user with a wealth of core services that cannot be completely disabled and/or removed. Tagging and Location data, are a couple that I can think of that many people would remove, if they were able to.

                                                On the remark of direction of the service, I think a democratic structure would be viable, but that’s difficult to accomplish with the lack of real identity requirement and the high potential for abuse (e.g. trolling). Perhaps a ranking system could sort this out. I like the idea of giving people who have made more contributions towards the service to have a stronger word in the direction of the service. For example, Linus Torvalds started the Linux operating system, and because of his large contributions, his opinion for changes in it are large.

                                              1. 14

                                                Tangential thought: This reminds me of a thought experiment regarding the limits of software reliability. Imagine you have a printer, except it won’t work on Tuesday or Thursday. (Perhaps an errant strchr(string, ’T'); finds the wrong T.) This is no doubt highly annoying, but manageable. You get a spare inkjet for when you need to print on the bad days and make sure that your 1000 page quarterly reports are always printed on a good day.

                                                There’s a patch which updates the printer and now it only crashes on Wednesday because the rewritten code overflows a buffer. Do you care? I mean, assuming this is an office printer used on weekday, this is a remarkable 33% improvement in reliability. My intuition is that while the patch will be a welcome change, it won’t really matter. Still need the backup printer. Still need to schedule the big prints.

                                                Sadly, getting from “good enough” to “better enough” is a lot of work and not many people are interested.

                                                1. 13

                                                  My intuition is that while the patch will be a welcome change, it won’t really matter.

                                                  Imagine your thought experiment from the standpoint of a large company with a fleet of such printers. Likely the new patch would be considered much worse in such a scenario. Assume they had a work-around (non-software) process in place, such as people being reminded and trained to print on designated “other printers” only on T-days. Since the patch only changes the day of failure to W-days, they now have to notify and retrain people, and deal with lost productivity when people who were used to the old system forget or get confused. In such a case it would be better for them to stay with clearly more broken older version.

                                                  1. 6

                                                    Indeed. And very good point. That’s what I get for changing the scenario.

                                                    It was initially hypothesized that post fix it only crashes on Tuesday, but then I provided too much detail about strchr and needed the fix to make sense, so I said Wednesday.

                                                    I could also go on and on about old bugs versus new bugs. Now I have a new hypothetical for that discussion too. :)

                                                  2. 4

                                                    A thought I had reading this and yours: A lot of bugs are related to time. The reason being that time, more or less, is completely arbitrary with weird unknown rules. Implicitly people write code and, more importantly, tests assuming induction applies to it. It worked for X, it’ll work for X + 1. But time throws a huge kink in this because it’s just not true.

                                                    How to solve this? One option is to just run the same test with artificial clock for every <time granularity> that exists. That sounds pretty expensive, though. So I don’t know how to solve that.

                                                    But I do think that software needs to take time in as an explicit dependency. So much time-related code is hard to verify because it involves doing evil things that are global to the application or system. With time being an explicit dependency one can do all sorts of interested tests involving time on an individual component. Also, people might write code differently if they consider time an explicit thing rather than something that happens to them.

                                                    1. 1

                                                      Would everyone know to write and run tests for each day of the week, leap year days & leap seconds, 2038+, time zones, months/dates with 1 vs 2 digits (learned recently javascript’s Date.parse() returns different values for ‘2015-7-30’ and ‘2015-07-30’ if the client’s time zone is not +0000), etc.?

                                                      It seems like there would be an unending list of scenarios to cover as you get into more bizarre edge cases and combinations.

                                                      That said, I’m on board with making time explicit and testable, so at least after a weird bug is caught, a failing test can be written for it and then made to pass.

                                                      1. 1

                                                        Would everyone know to write and run tests for each day of the week, leap year days & leap seconds, 2038+, time

                                                        If we were to take this approach, the testing harness would just do it.

                                                        At the very least, testing every day of a year is pretty easy, only 360sh tests.

                                                        1. 1

                                                          If only it were that simple! Those 365-400 time inputs would probably need to be applied to each test (at least each feature), so the tests to run would be n*400 rather than n+400. Or am I misunderstanding something?

                                                          All that said, I think it would be interesting to have a separate set of exhaustive tests to run in addition to (and likely programmatically derived from) unit tests. It would be kind of like running 100-1,000 hand-written tests during development and then 100,000+ generated tests (time edge cases above, fuzzing, etc) during the integration process.

                                                          Anyone know of any literature on such a system? I’d be very surprised if something like this hasn’t been done, or at least talked about, before.

                                                          1. 1

                                                            No you are definitely right that it’s * not +. This is where taking time in explicitly has such value, you only have to run that level of testing on the portions which you know take time as input. I think it’ll be hard to get there but definitely more correct.

                                                            This basically comes down to prop testing, so you can check out any literature or materials on quickcheck. In a world with explicit time, using prop testing becomes very straight forward and obvious.

                                                  1. 2

                                                    We’ve built software as loose bags of features atop a teetering tower of unreliable abstractions. Functionality is slow, regressions are common, and that’s even before you throw in the now-standard business practice of shipping as part of figuring out what’s worth building and how to build it. Maintenance often means burning it down and rebuilding from scratch.

                                                    I feel like I can relate to this much more than I would like to admit.

                                                    Granted, I have been making an effort recently to build things differently. Flexible languages like javascript (and php, etc) let you get away with accumulating giant messes of functionality. It’s interesting to think that while JS isn’t a purely functional language, writing in a functional style seems to result in less buggy code that is easier to reason about and write tests against.

                                                    1. 6

                                                      Is “JavaScript is a toy language” the new “writing scripts isn’t real programming”?

                                                      1. 8

                                                        Just because a language isn’t good at everything doesn’t mean it’s a toy language. If that were true, every language would be a toy and nobody would be doing “real programming”.

                                                        The comic just calls out the shoe-horning of javascript into environments that it’s not really well suited for. It’s not an attack on the language, but instead calling out humans that are doing silly things. Javascript is great for some things, and not so great for others.

                                                        1. 5

                                                          A better comparison would be “x86 is a toy”. We have these monstrous 64 bit machines that still boot up in 16 bit real mode with archaic instruction sets. Much like the cascading tech pile that is emscripten, asm, etc.

                                                          The criticisms here are more thorough, however. Callback hell seems like a valid weakness to point out.

                                                          1. 5

                                                            In that it’s infelictious, but largely true?

                                                            1. 4

                                                              Yes, that’s precisely what this is. It’s all about back-end developers trying to feel superior to front-end. Of course, JS isn’t only front-end now, because of node.js and related infrastructure… This is fairly subjective, but to me, the subtext of javascript-on-the-server was always that self-proclaimed server developers are often unwilling to treat web developers as equals, which makes it difficult to do meaningful collaboration, and most interesting sites require both types of work. You can see how that would be frustrating.

                                                              There really are not very many conceptual differences between the two, just language proficiency, so JS backends were fundamentally a move to ignore the people trying to be exclusionary and hope they went away.

                                                              And no, it’s not always easy for everyone to change career direction to use another language, precisely because of this, um, “typecasting” and rhetoric about how JS supposedly attracts less competent programmers. And I don’t actually agree that JS was ever bad enough to justify wanting to leave, anyway. This was always purely about claiming prestige and trying to hang onto it by putting down everyone else.

                                                              Given that history, it feels like making fun of the JS ecosystem is somewhat unsporting. It’s programmers who feel superior saying “well, you’re not inferior anymore but look at how silly it was of you to work so hard to get to that point!”

                                                              Although JS is certainly doing well as a technology today, so I could see a case that it’s the new incumbent. But then I’d like to see criticism of what it could be doing differently today, not of how it got here. Much of what the comic derides are (source) distribution and toolchain issues, which are no worse in JS than in Ruby, PHP, Java, or C++. All contemporary languages have absolutely horrible stories for distribution. Actually, that’s a big problem. :)

                                                              1. 3

                                                                I actually use JavaScript (well, CoffeeScript) voluntarily both on the server and client side because I think it’s the best available choice for my mix of components. I disagree with your assessment, and I think this picture is in fact a very good criticism of JavaScript and related tools. The problem is that people are thoughtlessly building a huge rickety tower of tools on a questionable foundation. This creates enormous complexity and churn, and makes it very hard to produce good software that doesn’t constantly require rewriting various parts as things break and become obsolete.

                                                                I don’t know what the solution is, and the root of the problem probably lies deeper - in the web platform, its evolution, and everything around it, rather than just JavaScript. However, it’s definitely frustrating regardless of whether I look at the server or client side development, and I believe this sort of criticism is worthwhile because it might just inspire somebody to think “Hang on, there is a better way of doing things”.

                                                                I agree with your last paragraph though; I can’t think of any language I’m familiar with which doesn’t have many issues of its own (C++, Ruby, C#, Python, Haskell - I can immediately think of problems with each), so it would be wrong to single out JavaScript as the only offender.

                                                                1. 2

                                                                  The problem is that people are thoughtlessly building a huge rickety tower of tools on a questionable foundation.

                                                                  A thousand times yes.

                                                                  I don’t mind Javascript-the-language too much, though there are some design choices which in retrospect look like mistakes. For years, and long before anybody used the phrase “full-stack developer,” I enjoyed chances to do front-end work and prided myself on my willingness and ability to see my work through end-to-end and handle both the client and the server components. I was always the guy defending Javascript to my fellow back-end developers.

                                                                  But Javascript’s limited standard library, lack of higher-level code organization facilities, and protean nature have always led to these all-encompassing frameworks where you have to buy into a whole cosmology, and at some point I just lost the patience to deal with the world of frameworks layered upon frameworks, where it takes half a dozen language-specific build tools and package managers to run even the simplest modern webapp, and where front-end build times (for an interpreted language!) exceed server-side build times. Maybe I’m just getting old, but I’m glad that these days I mostly get to leave the front-end to the front-end people (and it’s certainly not because I think that work is easier or of lesser value than the work that I do).

                                                                2. 3

                                                                  Given that history, it feels like making fun of the JS ecosystem is somewhat unsporting. It’s programmers who feel superior saying “well, you’re not inferior anymore but look at how silly it was of you to work so hard to get to that point!”

                                                                  I can’t speak for anyone else, but for my part in poking fun at the JS ecosystem, my complaint is along the lines of @jfb, in that the community has been considerably ahistoric. This is a complaint I sling at any place apporpriate, it just so happens that the JS community is the visible offender these days. The JS community has produced a huge amount of low-quality software completely ignorant of what has come before them and they are proud of it. I find it very frustrating to be in an industry where one of the biggest growth components is unintersted in self-improvement. That is a problem and one of the biggest contributors to my desire to become a farmer someday. It is by no means a new complaint but I don’t think it is getting any better.

                                                                  1. 3

                                                                    It’s all about back-end developers trying to feel superior to front-end.

                                                                    So you chalk it up any criticism of javascript to people just needing to feel superior to someone else, and you think javascript is actually the one true language that should be used everywhere? That seems more than a bit reactionary and on the far other end of the spectrum.

                                                                    I think some languages are just bad (not a fan of php either, fwiw). It is unfortunate that javascript is the only language available for browsers, and web developers have little to no choice of which language to use. There is no possibility of natural selection to weed out really terrible languages. So you end up with people creating X-to-JS compilers to escape javascript, and the web just ends up with more layers of complexity. With people trying to push the web into apps (mobile and desktop), I think this will only get worse. The Birth and Death of JavaScript is terrifyingly insightful.

                                                                    1. 1

                                                                      I don’t believe I said either of those things, nor do I believe them. I admit I’m a bit bewildered by such an emotional response; I try pretty hard to take personal attacks out of things like this when I write them, and I don’t think I did a worse than usual job this time. I realize it’s a sensitive subject.

                                                                      I am absolutely a fan of any effort to explore more languages than we currently are, and to explore using languages for things they haven’t traditionally been used for. Compilers which target JavaScript are such an exploration. Escaping JS is not a wrong description of the goal, but understand that the cost of adding a new language to all browsers, and dealing with security and API-design and feature support for it, is immense. That has far more to do with the nature of the web, and JS’s good fortune to have gotten that position, which with current technology can really only be occupied by one language (or virtual machine) at a time. It has nothing to do with compiler authors disliking JS. If I prefer to study Buddhist writings in the original Pali, does that mean I dislike English?

                                                                      1. 4

                                                                        I don’t believe I said either of those things, nor do I believe them. I admit I’m a bit bewildered by such an emotional response; I try pretty hard to take personal attacks out of things like this when I write them, and I don’t think I did a worse than usual job this time. I realize it’s a sensitive subject.

                                                                        eh? I just read what you wrote, which seemed fairly accusatory to me. Picking out a few things:

                                                                        It’s all about back-end developers trying to feel superior to front-end…

                                                                        self-proclaimed server developers are often unwilling to treat web developers as equals, which makes it difficult to do meaningful collaboration…

                                                                        This was always purely about claiming prestige and trying to hang onto it by putting down everyone else.

                                                                        It’s programmers who feel superior saying “well, you’re not inferior anymore but look at how silly it was of you to work so hard to get to that point!”

                                                                        I don’t think what I wrote was “such an emotional response” by any means, it was certainly written more as bewildered bogglement than “such an emotion response”. The web clearly needs a <boggle> tag (would fit right in with <blink>).

                                                                        If I prefer to study Buddhist writings in the original Pali, does that mean I dislike English?

                                                                        Not sure what point you are trying to make here.

                                                                        In summary: I wasn’t intending to come across as “emotional”.

                                                                        1. 2

                                                                          Well, we seem to be talking past each other intent-wise; I was similarly confused by your response, and perhaps emotion wasn’t the reason.

                                                                          So you chalk it up any criticism of javascript to people just needing to feel superior to someone else,

                                                                          No, but this one.

                                                                          and you think javascript is actually the one true language that should be used everywhere?

                                                                          I’m at a loss for what I said that sounded anything like this.

                                                                  2. 1

                                                                    It’s been around. It kind of reminds me of immigration in the US. At one point, Italian Americans were considered weird and foreign. Now, Latinos draw the fire, but in 2035, they’ll be entrenched, must like YavaScript.

                                                                    1. 1

                                                                      No, because some of the people who said “writing scripts isn’t real programming” did actually program, a little.

                                                                    1. 13

                                                                      God, it pains me so much that as I post this 3 people think this is off topic. They don’t want to talk about this at all. They think we should not be talking about this kind of abuse. I really wonder why. I want to believe that they are well-intentioned and that by ignoring the problem and not talking about it, the problem will go away. I really want to believe that the people who mark this as off-topic are not disbelieving the author.

                                                                      I also want to say something else. There is only one 4chan… one 4chan with many faces. You can’t get rid of this problem by banning or redirecting people. They just regroup somewhere else. When 4chan decided to make a stand against gamergate, the idiots went to other chans. When reddit decided that having a fat-hating mostly anti-female usergroup was unacceptable, the self-proclaimed shitlords moved to Voat.

                                                                      I think the only solution is to ostracise the idiots. To make them feel that their abuse gives them negative consequences. To create a culture where SJW is not an insult. Where it’s a good thing to stand up against abuse.

                                                                      I will not be silenced, and I refuse to be declared off topic. We have to make a stand, together, against abuse, and recognise this is as abuse that overwhelmingly targets women.

                                                                      1. 1

                                                                        I’m with you. After a year and a half of lurking, I signed up today because of the comments here. It’s refreshing to see this topic is not being silenced, ignored, explained away, erased, or otherwise marginalized. If this thread is any indication of the quality and empathy of this community, I want to support it and would like to be a part of it.