Threads for code

  1. 2

    I switched to Dvorak layout as a teenager, but I kept my old keyboard. With mismatched key caps, I learned to touch type very quickly.

    If someone is going to spend the time to learn touch typing (which I do highly recommend for anybody working with computers), I think you should first take a moment to consider if QWERTY is the best layout for you. Unless you’re very social/sharing your keyboards, QWERTY is probably not ideal.

    1. 1

      Seems like there’s been a few of these posts recently.

      My main blog is at https://codeplea.com/.

      I’ve also recently started writing articles about socket programming at https://handsonnetworkprogramming.com/articles/ I hope to write an article about each common problem people run into. I’ve got a lot of ground to cover yet.

      1. 3

        Nice, but there’s not much to it. I guess that’s the point. I like minimalism. And it’s obviously light weight.

        This reminds me a bit of these websites that were going around a while back:

        1. 10

          Better comparisons to this classless CSS framework are:

          1. 1

            Cool, I hadn’t heard of those.

            The first two I linked to are classless though, right?

            1. 2

              the creators of those websites were going for “you can put up a half decent looking webpage without making it heavy with fonts, CSS frameworks, and JS”. You can ofcourse borrow their css files to get a minimalistic styling for the HTML page.

              The two “frameworks” I linked, much like the item under discussion, were designed to be used with semantic HTML without the need to use special classes or div layouts (like you would when using say bootstrap). They also provide styling for most commonly used elements like forms etc.,which the MFW sites lack.

              The good thing about classless/semantic CSS styles (framework is probably too heavy a word to use for a css file), is that you can either hand write HTML or use a generator like pandoc and apply these styles to get a nice layout without worrying about figuring out how to use Bootstrap, Tailwind etc.

              Eg: I use water.css on my website where 90% of styling is from water.css.

        1. 1

          I use Zola, and I’m pretty happy with it. I wrote my own theme, but since you prefer not to do that, I think Hugo might be a better choice.

          The latter has a famously annoying templating syntax, but I think its many other qualities make up for it.

          Here’s my repo if you want to peek at some Zola source code: https://github.com/2mol/juricho.me

          1. 1

            I just used Zola for the first time and liked it (I built this site with it).

            I have read that Hugo has an annoying template syntax (from the Zola people), but I’ve never actually used Hugo.

            Can someone tell me why Hugo’s template syntax is considered annoying?

            1. 1

              The latter has a famously annoying templating syntax, but I think its many other qualities make up for it.

              That probably depends on one’s personal taste. I like the Hugo templating syntax, because it’s the default Go template syntax, which I use for other things too.

              1. 1

                That’s a good datapoint, thanks. In this case it might be worth putting more effort into learning it then.

            1. 4

              I wrote a book on the topic. It’s called Hands-On Network Programming with C. It starts with the basics, and it uses lots of examples to illustrate concepts. It’s in C though, not Python.

              1. 13

                Damien Riehl and Noah Rubin are heroes!

                I can’t wait until the day comes when we as a species no longer feel the need to claim intellectual property. This shit is so stupid.

                1. 9

                  I agree! I’m glad to see more and more anti-intellectual-property ideas being circulated recently.

                  I think every project like this one helps to educate the public. Hopefully a time will come when the public realizes just how harmful and counterproductive patents are copyrights truly are, and we can be rid of them.

                1. 2

                  I’ve been using https://get.gaug.es/ for a while now. I like that it’s cheap, not too complicated, and I can use it on several domains from the same account. Adding it to a new site is simple. It works on static pages too, because it’s not self-hosted.

                  Before that I was using goaccess to analyze my nginx server logs. Goaccess was nice, but a bit of trouble to get setup and configured exactly as I wanted. I ended up having a PHP script to run goaccess on-demand. It worked okay. It didn’t really give as much detail as I wanted though, and it had no real way to differentiate bots from humans.

                  Before that I was using Piwik (which is now called Matomo). It was pretty good, but a pain to setup. It required a database. I really don’t have any desire to run and maintain a real database anymore. In the end, it just wasn’t worth the maintenance.

                  So in my use-case, where I run a lot of small sites for a really long time, I just wanted something basic and easy. A paid solution was what worked for me. I probably would have been better served by using Google Analytics, but I have long felt that using GA is disrespectful to my users. I think Google has enough data about us all already. I also avoid their CDN (e.g. Google Fonts) for the same reason.

                  I’ve been thinking about rolling my own analytics. It would probably be a PHP script I could simply include in my page router. From there it would log to a text file or a SQLite database. Loading the PHP page itself would update and display statistics. I’m thinking this would be dead simple to setup and maintain long-term. It just hasn’t been a priority.

                    1. 13

                      There are a bunch of comments on HN about why this submission hit the front page and then left the front page. People are arguing over whether it was users flagging it, or because it had more comments than up-votes, or moderator action. A minute ago it was marked [flagged], now it’s not.

                      Something I really like about lobste.rs is that there is a moderation log. It is just much more honest and transparent, and it shows more respect for the user base.

                      1. 8

                        This comment is hilarious:

                        And HN is arguably better for not being invite-only.

                        I never felt accepted over at HN. Many of my comments eventually would get shadowbanned for no known reason. They also tend to ignore my requests through email.

                        Lobsters on the other hand is simple, and I had no trouble getting an invite and participating here without any undocumented moderation censorships happening behind my back.

                      1. 1

                        I don’t post as often as I would like, but https://codeplea.com/ is my site.

                        1. 14

                          I don’t host my email, because I think it’s too much of a risk. Email should always work, period. With a self hosted environment I can’t assure that.

                          1. 19

                            That’s exactly why I do self-host. If you rely on somebody like Google, you’re at their mercy as far as what actually gets through or not.

                            1. 8

                              You’re always going to be at the mercy of 3rd parties when running your email. If your IP ends up on a blocklist you’re doomed, every provider will blackhole your email. You’re one person, you’ll struggle massively to get it lifted, if at all - meanwhile your email is being blackholed. Google end up on a blocklist, they’ve huge leverage and will have it fixed instantly.

                              Email operates on trust, its really hard to gain trust when you’re one person with no history. Especially when you don’t even own the IP space, so you’re relying on the trust of your untrustworthy ISP members.

                              1. 9

                                That’s my point. Google and other providers are silently blocking incoming emails. I’d rather be in charge of what gets through to me. Of course you’re always at the mercy of third parties regardless, but self-hosting makes it one less.

                                By the way, I have a side-project that sends several thousand emails everyday. I’ve had to deal with blocklists a few times, but it’s really not that bad. It’s also trivial to switch outgoing IP addresses.

                                1. 6

                                  I agree. I’ve recently noticed that Google is being way too aggressive in dropping the mail, including from some mailing lists, not to mention the private domains.

                                  As for your second point — apparently, I actually have had my domain name itself blocked by Gmail, expectedly due to sending myself some lists of domains through crontab, so, I’ve actually had to switch my domain for outgoing mail for now.

                            2. 7

                              When self-hosting, you at least have access to logs. You can see, if other side greylisted you or accepted mail immediately. Mail service providers are hiding all kind information, both about incoming and outgoing connections. I have self hosted my email long-long time, over 15 years. Sometimes there is little bit trouble, but nothing too serious. Most practical advice: don’t use well known cheap VPS providers. Those IP-s are bad neighbourhood, most problems with delivery are going from that.

                            1. 32

                              So if you get caught pirating a movie/music/software for personal use, you could be fined between $750 and $30,000 in statuary damages. If the infringement is found to be willful, damages could be as much as $150,000. [1]

                              On the other hand, Tesla is willfully pirating various software, which it then resells for profit. Tesla knows it’s doing this. It has been documented for years.

                              Why hasn’t this gone to court? I must be missing something?

                              1: https://codes.findlaw.com/us/title-17-copyrights/17-usc-sect-504.html

                              1. 18

                                With a few notable exceptions, the copyright holders of GPL software haven’t chosen to take GPL violators to court. Lawsuits are expensive and stressful. The early/landmark GPL cases mostly happened in association with the Software Freedom Law Centre.

                                I’m not a lawyer or an expert on the details, but as far as I understand Software Freedom Conservancy was founded by ex-SFLC employees and has a different philosophy that is more along the lines of attempting to cooperate with companies and educate them in order to make complying with GPL easier and less confrontational. Although they’ve also supported litigation in the past.

                                The blog post suggests they are losing patience with Tesla as the “carrot” approach has stalled…

                                1. 23

                                  Or more succinctly: your rights are only as strong as your ability and willingness to defend them.

                                  1. 8

                                    I guess. Ability, in a realpolitik sense, seems like a big limiting factor.

                                    I am sympathetic to what I see SFC doing to change the narrative around GPL compliance from “if you don’t do this then angry nerds will post angry pseudo-legal rants on the internet and someone might actually choose to sue you” into “GPL compliance is not that hard, here’s how to do it correctly. Also, doing it correctly saves you from legal liabilities now and in the future.”

                                    It seems more pragmatic, and it takes into account the massive power imbalance between most GPL copyright holders (even SFC/SFLC as power-aggregating entities are small by comparison) and many GPL violating companies.

                                    Legitimately interested to see where this Tesla thing goes.

                                2. 1

                                  There are still a bunch of companies out there that operate under the idea that any free software is a virus like the GPL.

                                  They call it virus as due to various issues they are not prepared for disclosing any sourcecode or may not even be able to do so.

                                  Why would you still want them to use the GPL ? Because you don’t want them to re-invent the wheel X times again (crypto here we come) and rather use software that is stable. Because you want them to start adopting free software that isn’t GPL licensed so they may get used to using the GPL and one day start contributing back and opensourcing own stuff. There are also just people working and they’d also like to use for example some bootstrap for the website instead of having to copy stuff over.

                                  Because you don’t want people to ditch things like linux in favour of some other big kernel which allows non GPL code, so you’re stuck again without any vendor support for hardware and such.

                                  Making lawsuits here will scare away even more of these companies, showing them that apparently you should never use free or even worse GPL software (and here you already expect them to differentiate between GPL and other license, which they mostly don’t do).

                                  This already starts with the question whether such companies will use GCC (and thus compatible code) or Rust as they are under a free license. So if you really try you will be able to damage things even here.

                                  1. -3

                                    Because no one cares about GPL and every time it took to the the court it was only to show off or to let FSF fsck off. No company has gotten into any sort of serious trouble due to that, except minor fatigue and additional paperwork for lawyers.

                                    1. 14

                                      It looks like it generally holds up in court: https://wiki.fsfe.org/Migrated/GPL%20Enforcement%20Cases

                                      It doesn’t look like any of those cases have been so clearly willful, open, and as ongoing as Tesla’s case, either.

                                  1. 3

                                    I love this. I love this so much. The chat even scrolls from top to bottom, I thought they had made a mistake and scrolled there myself. It’s like they said fuck it to all the rules.

                                    1. 1

                                      Maybe it’s so old that there wasn’t a well established chat ordering back then. I mean we ended up with email clients standardizing on top-posting.

                                      1. 2

                                        I used to administrate a metal chat and a bulletin board back in 1998-2003 (then moving on to getting a modbit in a Ruby Forum and so on) and the chat had top to bottom. It was quite usual.

                                        In any case anyone ever wonders why I got this very community drift to interacting with technology: it’s my path and the by and large, the community has treated me well for it.

                                    1. 9

                                      I’ve been looking into https://commento.io/ , but I’m not sure if I want to bother with comments at all or not.

                                      What’s your plan for anti-spam?

                                      1. 3

                                        Shouldn’t get too much because it’s custom, so people have to manually spam it. I have a rate limit of one post per 2 minutes, which prevents brute force spam, a comment minimum of 20 characters, and no website link or HTML allowed for link spam. I’ve gotten 100 or so comments since I put it up, and none were link spam or anything you’d see on WordPress. Just a few people sending junk strings through.

                                        So at the moment I’m just reviewing them all once a day and seeing if there’s anything I need to delete, but it’s been a lot less spammy than WP ever was even with anti-spam plugins.

                                        1. 11

                                          Spam tools are smart. They know to try to add more than 20 characters into a <textarea> and figure that the name-field has no limits. So, expect your site to be “crawled” some day, which is done a lot. Any <form> found is scrutinized intelligently. The 2-minute cooldown of your blog would turn this spam-offensive into a DoS on your behalf.

                                          I try to avoid captchas as much as possible and strive to include at least one field with a strict input policy instead. I never had problems there. If that is not possible, consider adding a simple captcha, which can serve as a “strict input field”.

                                          To give an example, the question “What feels wet on your skin when you go outside and it is present?” has the obvious answer “rain”. No current AI would be able to answer this simple question, and we are far from solving it through AI.

                                          Captchas as classification problems is just a means for Google to train their NN’s. Please mention that if you ever write an article about captchas, as this is a fundamental problem and skewed the entire captcha-landscape. There are much simpler and less annoying captcha methods. Oh, and they don’t track you. ;)

                                          1. 12

                                            I would be really curious to see a modern spam tool. Maybe I should infiltrate a spam gang or something.

                                            From my experience with MediaWiki, it seems like they are very easily extensible with any custom form filling logic and the cost of setting up a targeted attack is quite low.

                                            At the time of events, the wiki I ran wasn’t super popular, maybe a hundred visitors a day or so. The old reCAPTCHA became useless against automated attacks, so I made a simple QuestyCaptcha plugin with a small number of options, like “what OSI layer a router operates on?”. To my surprise, it was broken. We’ve been facing a targeted attack, and to make it economically viable, the spam machine had to be easily configurable for that. But, QuestyCaptcha is a popular MW module and someone probably made a spam plugin that makes it as easy as adding question-answer pairs in the config.

                                            I wrote a custom domain-specific captcha that asked the user to enter the broadcast address of a random network, with prefix length range that makes it trivial to do a mental calculation. That is easy to break without any AI of course, but it requires actually writing some code specially for one site. For a while, things finally went quiet. But then it was broken too.

                                            We gave up and added Akismet, which had an absurdly large false positive rate and made the wiki nearly impossible to edit, so we gave up on that too and switched to manual account registration. Unsurprisingly, the wiki died.

                                            The successor uses github plus pull requests plus automatic deployment to readthedocs, and the activity there is higher than it’s ever been on the wiki, but it still feels like a spectacular defeat of Web 2.0

                                            1. 2

                                              I’ll also add that some use humans in the process. Mechanical Turks, folks that solve them to access “free” sites with illegal content, etc. They have piles of people solving piles of CAPTCHA’s free or dirt cheap.

                                              1. 4

                                                There are even services that provide an API for solving capthcas, listing average response time and number of workers online. If an API for programmatic exploitation of humans is not the cyberpunk antiutopia science fiction writers warned us about, I don’t know what it is. ;)

                                            2. 3

                                              The 2-minute cooldown of your blog would turn this spam-offensive into a DoS on your behalf.

                                              What do you mean here?

                                              1. 1

                                                Some sites(HN maybe?) have a cooldown period before anyone can respond to a given comment. Sounds like your limiting process is per user so it shouldn’t result in a DoS.

                                            3. 2

                                              Interesting. After my experience with Wordpress and MediaWiki, I started to think of comment spam as an intractable problem unless you have a lot of resources to throw at it. Maybe I should give comments a try again.

                                              1. 1

                                                I personally think it’s only a problem if your blog gets popular. So anyone should weigh their odds. Otherwise, simplistic captcha is relatively easy to implement. For example there’s a python captcha lib I once used to generate a set of 1000 images from strings. If anyone trained an AI on it, my plan was to just regenerate the images on a schedule. No one ever tried.

                                                If I did it again I would require a verified email to post comments; deter spam and build an email list for referral marketing. Why not? Everyone else does.

                                            4. 2

                                              I’d never heard of commento before, but I just checked it out and decided to move my blog’s comments over to it. It was really easy to migrate from Disqus. It took like 10 minutes total. I already like it much, much better than Disqus.

                                            1. 1

                                              Can anyone expand on what this means:

                                              This function logs text from the clipboard and apparently sends it off to Microsoft servers

                                              It seems if you accidentally paste in an invalid expression to calculator (such as a password you forgot was on your clipboard), it sends it to Microsoft? How is that reasonable?

                                              I’m running Windows 10, so I literally cannot turn off Windows Defender. Defender breaks my email client once a week, interferes with my work, has never protected me from anything, and it turns out that Microsoft is the real spyware vendor.

                                              1. 1

                                                How is that reasonable?

                                                It is not. This combined with the inability to turn opt-out from telemetry is probably a breach of GDPR tbh, but that doesn’t really help people.

                                                The simple answer is to not use Windows 10. I know that’s not really simple, but it is the only reasonable solution.

                                              1. 10

                                                I agreed to write a programming book last summer. I’m now almost done with only two chapters remaining. It has turned out to be a lot more work than I thought it would be, and the publisher has been unhelpful, to say the least. I’m now a few days behind schedule for the current chapter, and my editor is giving me a ton of grief. Sorry, I guess I just needed to vent.

                                                What am I doing this weekend? Writing.

                                                1. 5

                                                  Any demo content we could see?

                                                  1. 1

                                                    Sorry, I’m not allowed to release any of the writing independently of my publisher, but you can check out the code at: https://github.com/codeplea/Hands-On-Network-Programming-with-C

                                                  2. 4

                                                    Writing a book is freaking hard. I don’t think folks who haven’t done it yet understand what all is involved. There’s code, there’s tweets, there’s essays, there’s long-form content, there’s informative graphics – and writing a book is all of this and more.

                                                    Kudos on almost making it! You’ve got this.

                                                    1. 2

                                                      Yeah, I didn’t really know what I was getting into. If I had it to do over, I would work out a longer schedule, and I would try to do the work in chunks instead of continuously.

                                                      1. 2

                                                        I’ve taken several runs at book-writing, finally finishing my first “real” book last year. I don’t have any words of wisdom. Actually I had to do it the other way – just sit down and keep flailing until I got to the end. Otherwise I would have spent forever bike-shedding. My first couple of tries I finished a book, and it was extremely well-constructed. It just didn’t do what I wanted it to do. That’s because I was focusing on chunks instead of themes.

                                                        There’s one thing I heard that rings true, for what it’s worth: every book writer has to grow and evolve their own system. The more you follow a recipe the less creative you might be. I have no idea if that’s true. It seems right – and I know that once I gave up reading advice and trying to be perfect and instead just tried to be cogent and consistent? It worked better for me that way.

                                                        Having said that, I was writing about how to think about creating tech that people want – an immensely fuzzy topic that I had struggled with for years. If I were doing a language reference? I’d probably do chunks.

                                                    2. 2

                                                      I’m about 2 chapters into writing (after weeks of scaffolding out and research) a beginners book, and man, writing is tough, so props to you…

                                                      1. 2

                                                        Keep it up! Starting is the hardest part (along with finishing, and the middle, which are also both quite difficult). Do you have a publisher, or are you self publishing?

                                                        Feel free to drop me an email if you want to commiserate together (or provide encouragement).

                                                        1. 1

                                                          I’m plugging along when I can alongside regular work. No publisher, haven’t even looked as of yet and it’s for a pretty specific context around using basic programming and OSS tools and command-line tools to do collection, cleaning and analysis of data. It’s aimed at humanitarian staff so I might put it up free in the end. Especially as it’s my first go at writing anything more than a technical spec or architecture doc… have to curb my enthusiasm for turning everything into UML diagrams…

                                                    1. 5

                                                      There is a valid use for two-page logins. My bank has username on the first page and password on the second. It also displays a picture you’ve selected along with some customizable text. This makes it more difficult to phish users, since you can’t just create a copy of their homepage. I suppose you could fetch the picture and text for a given user when they try to login, but there might be a request limit… Then again it could all just be security tehater since they also require three secret questions, and require them to be changed on a regular basis.

                                                      1. 6

                                                        My bank does the same thing. I think it actually hurts security. It makes users think that if they see their chosen security image, then it can’t be a phishing attempt. However, it’s pretty straightforward for a phishing site to fetch the security image (they’d just need a pool of IP addresses, which is easy enough to come by). My bank actually takes it even one step farther and asks for the username on a different domain than the password. They’re basically training users to not look at the URL and only trust the worthless security image.

                                                        1. 2

                                                          My bank recently stopped with the image thing, and now allows one step logins

                                                      1. 10

                                                        I wish I could up-vote this twice. Sites breaking my password manager is one of my biggest pet peeves with the modern Internet. I’ve been struggling with it for years, and it seems to be getting worse.

                                                        Why do people build sites like this? Presumably, the programmers that build these sites use password managers too. They must know what a hassle they’re creating.

                                                        1. 4

                                                          Project managers: If the nerds are being paid so well they might as well be changing improving how the site works!

                                                        1. 4

                                                          While it is usually safe to assume that sensible values have been set for CC and LDD, it does not harm to set them if and only if they are not already set in the environment, using the operator ?=.

                                                          I don’t think that the ?= accomplishes that, at least with GNU make. I don’t have CC set in my environment, but GNU make uses a default of CC = cc anyway. So, as far as I know, CC ?= gcc will never be helpful in GNU make, will it?

                                                          There’s a list of variables set by GNU make here, but you can check your own setup with make -p.

                                                          Question: I do a lot of development with MinGW and MSYS. This environment does not use cc by default. So how can I write a Makefile that will work with MSYS and a normal Linux/macOS setup without forcing CC=gcc? Do I set CC only if ifeq (default,$(origin CC))?

                                                          1. 1

                                                            I think you’re right; this would be superfluous in GNU make (and also bmake – I’m not sure about other makes). AFAICT ?= is not posix, so doing this would make the makefile less portable with no obvious advantage.

                                                          1. 2

                                                            Interesting article. I’ve written a lot of C macros, and it’s nice to see so much info in one place.

                                                            One thing not mentioned in the article, that I always thought was weird, is the defined operator. It’s useful because you can use it with other operators (e.g. || or &&), but I just find the syntax a weird special case.

                                                            1. 15

                                                              I have a story about this.

                                                              A while ago I was interested in getting the statistical medcouple function into Python’s statsmodels. The problem is that this function is computed via a nontrivial but clever algorithm. It was described in an obscure paper from the 1970s that was really hard to read. The implementation in statsmodels is using a slow O(n^2) algorithm, whereas better O(n log n) implementations exist.

                                                              So I find such an implementation in R, written by the same authors of the medcouple paper. Now, R is GPLed. Statsmodels is GPL-phobic. I could have just translated the R implementation into Python, but it didn’t seem fair to me, because I really did not understand the medcouple implementation until I read and translated the R code. Since statsmodels won’t accept the GPL, they shouldn’t accept the code I wrote.

                                                              My solution was to write the medcouple Wikipedia article in generic pseudocode (that looks suspiciously like Python). This is now the spec part of the clean-room reverse engineering process. I’m glad to see that some people have stumbled onto that page and used it to create new implementations of the algorithm. Now I’m just waiting for someone to use this page to fix statsmodel’s implementation.

                                                              1. 1

                                                                Hold on - have you’ve just told on yourself?

                                                                I really didn’t understand the medcouple implementation until I read […] the R code.

                                                                Isn’t this effectively creating a derived work in another language based upon the original GPLed code? Shouldn’t your derived work also be GPLed?

                                                                1. 4

                                                                  It should be and it is:

                                                                  http://inversethought.com/hg/medcouple/file/default/medcouple.py

                                                                  But I also wrote a spec, the Wikipedia article. I described the algorithm in as much detail as I could. The spec should be enough for someone else to reimplement this.

                                                                  1. 3

                                                                    I don’t understand your reasoning. Why do you consider your python code to be a derivative work, but you don’t consider the Wikipedia pseudo-code you wrote to be a derivative work (and therefore GPL and not Creative Commons)? If your python code is a derivative work, why does the copyright notice only have your name?

                                                                    1. 3

                                                                      The Wikipedia article is a description of the algorithm that I cobbled together from various sources, which I amply cited. At no point do I just grab the R code and translate it for Wikipedia. The pseudocode I wrote based on my understanding of the algorithm as described by the papers I read and cited. I did do separate “literal” translations into Python and C++, and those I do consider derivative works of the original, which is why I GPLed them.

                                                                      As to why my copyright notices don’t mention the original copyright holders, I’m not sure if that’s necessary. Am I required to keep their names in order to satisfy my GPL obligations?