1. 2

    I can’t wait to try Shenandoah and ZGC in production (one of my services does over 1.5K RPS with G1). I’ve moved over to Kotlin long time ago seeing same features land in Java, and more JVM improvements get me excited and confident in future of JVM ecosystem.

    1. 12

      It really is an exciting time to be working in a JVM language. I too moved over to Kotlin a while back, but I still closely follow what’s going on in Java.

      My hunch is that a lot of people who currently dismiss Java and the JVM as slow bulky dinosaur tech are going to be shocked when some of the major upcoming changes get released. Loom (virtual threads) in particular should drive a stake through the heart of async/await or reactive-style programming outside a small set of niche use cases, without sacrificing any of the scalability wins. Valhalla (user-defined types with the low overhead of primitive types) and Panama (lightweight interaction between Java and native code) will, I suspect, make JVM languages a competitive option for a lot of applications where people currently turn to Python with C extensions.

      1. 2

        My hunch is that a lot of people who currently dismiss Java and the JVM as slow bulky dinosaur tech are going to be shocked when some of the major upcoming changes get released

        I agree with this re the JVM, but isn’t Java mostly releasing language-level changes that are just catch-up with things that have been commonplace elsewhere for years?

        1. 4

          That’s a fair point, sure.

          Maybe a better way to frame it is that as language changes roll out, it’ll get harder to point to Java and say, “That’s such an obsolete, behind-the-times language. It doesn’t even have thing X like the other 9 of the top 10 languages have had for years.”

          Of course, Java will never (and should never, IMO) be on the bleeding edge of language design; its designers have made a deliberate choice to let other languages prove, or fail to prove, the value of new language features. By design, you’ll pretty much always be able to point to existing precedent for anything new in Java, and it’ll never look as modern as brand-new languages. My point is more that I think the perception will shift from, “Java is obsolete and stagnant” to, “Java is conservative but modern.”

        2. 1

          my Android client app shares code with backend (both are in Java).
          The android’s Java is at about JDK 8+ level (https://developer.android.com/studio/write/java8-support-table ) The backend is currently using JDK 11.

          So sharing the code between client and backend is becoming more challenging.

          I think, if I am to move backend to JDK 17, then it will be harder to share code (if take advantage of JDK 17 features on the backend).

          I guess the solution is to move both backend and frontend to Kotlin… but that’s a lot of work without significant business value.

          1. 3

            Nothing prevents you from using JDK 17 with Java 8 language features level, essentially marking any use of new features a compile errors and making sure your compiler produces Java 1.8 compatible bytecode. That’s what we do in our library that needs to be JDK 8+ (but we use JDK 8 on the CI side to compile the final JARs to be on the safe side). Then you can run that code on JVM 17 on the server and take advantage of the JVM improvements (but not the new language features). We have decided to add Kotlin where it makes sense gradually instead of a full rewrite (e.g. when we’d want to use coroutines).

            1. 2

              You could also just stick to 11. It’ll be supported for years.

        1. 1

          The original link is dead, available from https://www.feoh.org/hacking-the-wetware.html

          1. 1

            The original link is dead, available from https://www.feoh.org/the-eternal-novice-trap.html

            1. 2

              Did anyone here use Exercism to learn a new language? Learned about it today and would be interested to read some journeys.

              1. 4

                I used it to learn Legacy JavaScript and Ruby. I have used it to practice Rust and Clojure after learning the basic syntax through other information.

                I’ve more gotten the hang of TDD though it. Red, green, refactor.

                https://exercism.org/profiles/ClashTheBunny

                1. 4

                  I only used it briefly to learn, but I’ve been mentoring the Elm track for about a year now. It’s been really great seeing people go through the track and also in other parts of the Elm community. I also frequently see people coming over from Haskell, Python, and lots of other languages.

                  1. 2

                    I did the Elixir path at the beginning of the pandemic last year. It was fun and the mentors were responsive. I would recommend it!

                    This year I’ve been doing the Haskell path and the mentors are insightful, but very slow to get through the backlog. It would be weeks between reviews. As a result, I haven’t made a ton of progress on the main track. (You can do unguided exercises as well, but there are a fixed number at each level.)

                    The difference here might be that Elixir advertises exercism on their website, but Haskell does not. In both cases I think its worthwhile and I really enjoy the site. Just be aware that it’s going to be dependent on some combination of the language community, the mentors and the number of people who want to learn the language.

                    Do you have any languages that you are interested in?

                    1. 2

                      The changes in v3 (requesting mentoring is opt-in rather than opt-out and there are learning exercises) will hopefully mean that students who want mentoring get it quicker.

                  1. 1

                    trash-d: A near drop-in replacement for rm that uses the trash bin

                    also

                    Windows won’t work at all, and MacOS probably won’t either. There are no plans for support of either platform.

                    Maybe not so drop-in after all…

                    Not a big fan of Node but maybe https://github.com/sindresorhus/trash could be used as an inspiration. Ironically, sindresorhus/trash states that their Linux support is not that good.

                    1. 3

                      I intentionally chose to only support platforms conforming to the FreeDesktop trash specification since that covered all the systems that I personally cared about (I don’t own a Mac or use rm on Windows).

                      I should really update the README though, since I am totally open to supporting those platforms, if it can be done in a way that doesn’t cause other problems.

                      Also I hadn’t heard of sindresorhus/trash, thanks for sharing it! Their platform-specific tools could be very enlightening.

                      EDIT: I updated the README to reflect my opinion on MacOS and Windows support better, along with some other information and links to similar projects like the one above.

                    1. 4

                      And people wonder why RDF didn’t become popular. I can’t imagine why…

                      1. 2

                        I don’t think one can hold the fact that such discussion is possible with RDF against RDF. RDF is a tool. You may stick to representing your CSV in RDF or go further, and RDF has nothing to do with it. I actually don’t see the future of IoT/Industry 4.0/buzzwordhere without RDF. Its core premise is a federation of vocabulary definitions, where classes and properties are identified by their URIs instead of bespoke literals (and anyone can reuse other definitions by linking to them). Eg ssn, s_s_n, and all other variants become ‘https://ns.irs.gov/core/#ssn’. I can’t imagine how we are going to build a future of “connected everything” if we can’t get things even to use the same terms for same things and just keep inventing new JSON structures for every single API.

                        1. 4

                          I remember the hey-day of RDF in “Web 2.0” - Flickr, Friend-of-a-Friend, all sorts of API-driven sites with sharing. In principle I really appreciate the affordances these services offered but they were a bit too hard for most developers to wrap their heads around.

                          The vision for XML was similar: that organizations would define careful schemas, files would conform to these schemas, and liberal use of XSLT would transform data from one form to another. Reality was that people shoved CSV data willy-nilly into XML, shipped it over the wire, and relied on copious amount of hand-filed ETL code at the receiving end to handle it correctly.

                          RDF is the same - it’s a beautiful creation but too good for this fallen world. The future is an endless pile of JSON.

                          1. 3

                            That’s the fundamental tragedy of RDF, to me. The idea and most of the basic concepts are mostly great and sorely needed, but the technology stack and documentation is a 90’s W3C nightmare, and there is all this academic logic/theory stuff around that almost nobody in the real world cares about and only makes the entire thing seem hopelessly intimidating. There is some good technology hidden in there, but if you just search the web for “RDF” as a curious potential adopter, you’ll almost certainly end up saying “yeeeeeeeah, no thanks”.

                            As the maintainer of a project (LV2) that “forces” RDF on developers who just want to get something done (write audio plugins), I’m painfully aware of these problems. While some aspects of the technology are concretely useful there, it /really/ hurts to have RDF be what it is. In recent years I’ve been trying to mitigate this on a soft level by distancing from “RDF” and the mess the W3C and the semantics people have made, including avoiding using the term “RDF” at all. The situation is so bad that I think doing so only does damage.

                            In an ideal universe maybe there’d be a vaguely WHATWG-like splinter group of people trying to build up these ideas in a more practical way (we want to chuck quasi-schemaless data around but still have it make some sense, and we need nice tools with a low barrier of entry to do so, etc), but I imagine that ship has sailed.

                            At least JSON-LD provides a pretty viable bridge between something most developers these days are comfortable with (JSON) and the Linked Data ideal, at the cost of more work having to write context definitions and so on. Although I have my gripes with JSON-LD, it at least provides us an option to provide something that is superficially uncontroversial (“it’s just JSON”) without throwing the meaningful baby out with the bathwater…

                            While I have my gripes with JSON-LD, I think it’s the only hope at this point. The RDF project did such a bad job at the practical-developer-facing side of things, that the only way out is to present a veneer that almost completely abstracts it away and makes it essentially an implementation detail. I’m pretty convinced at this point that the only way to make RDF-based technology palatable to random developers in the trenches is to make it so that they can’t even tell they’re using RDF-based technology at all, unless they actively dig into it.

                            JSON won because it’s simple. A developer who knows nothing at all about it can get the basic idea with a single web search and maybe 5 or 10 minutes, and probably achieve their goal (which is probably just chucking some data around) shortly thereafter. Meanwhile, it would probably take days if not weeks to initially figure out what RDF even /is/, to say nothing of actually achieving anything with it. There’s a lesson to be learned in there somewhere. I wrote a fully conformant (and very fast) JSON parser in C with no dependencies in one weekend. I’ve been writing an RDF implementation for over a decade with no end in sight. That kind of thing really matters.

                            … I probably should have used this as my entry in the “what would you rewrite from scratch?” thread from a few weeks ago. Such a missed opportunity.

                        1. 6
                          1. Helping evade sanctions may get people (+on this thread) in trouble. See the North Korea Bitcoin talk case. Also, don’t put your friends in Europe at risk and use something like Github Pages or Netlify to host your site maybe?
                          2. Whatever jurisdiction you choose, make sure to obey their laws. See the recent Protonmail case.
                          3. Some countries are not fans of OFAC sanctions. A Chinese or Russian domain registrar may tell you if your place of residence is a big deal for them or not. Though using their tlds may not be that classy for your blog.
                          4. Don’t evade sanctions (see #1).
                          1. 10
                            1. I don’t think hosting some website breaks sanctions, and if it does, I don’t care about what them as these sanctions are inhumane.

                            2. Nope. If the law is inhumane, I won’t follow.

                            3. China and Russia are no different than Iran and USA so it’s a no.

                            4. I will actually, with everything I can. I don’t care if some Americans think all people of a nationality should live under sanctions and face various troubles and difficulties just because they can’t figure their shit. It’s racist kind of.

                            1. -1

                              What makes these sanctions “inhumane”? They were a response to specific actions by the Iranian government - shouldn’t you be asking them? Moreover, what prevents you from renouncing your citizenship and moving to another country?

                              1. 1

                                What the fuck? First, sanctions target people, not governments. Governments should be responsible, not people. Sanctions are inhumane because it targets innocent people, it fucks everything for innocent people. 40 years of sanctions and it’s only people who suffer from them. Second, you can’t expect people to simply move away from where they always lived and are living. It’s easy for you to say, not for people who live under an authoritative regime, not for people who are sanctioned and their economy is fucked. Not for people who every other government ignore them.

                                1. 1

                                  What the fuck?

                                  Please don’t display such unprofessional and un-intellectual behavior here - this site is meant for intellectual discussion of technical topics, which you’ve already disrupted with your barely-on-topic post.

                                  First, sanctions target people, not governments.

                                  This is false - the Iran sanctions target the nation of Iran. You stop being an Iranian, the sanctions stop applying to you - so, by definition, they don’t target people.

                                  Sanctions are inhumane because it targets innocent people, it fucks everything for innocent people.

                                  No country owes your country any kind of trade deal - nations have the absolute right to refuse to do business with any other nation for any reason. Doing trade with another country is a privilege, not a right. It’s your government that’s responsible for taking care of you, not the United States - and, in this case, it was also the actions of your government that caused the US to sanction you, as they don’t just go around randomly refusing to do business with countries by rolling dice.

                                  Second, you can’t expect people to simply move away from where they always lived and are living. It’s easy for you to say, not for people who live under an authoritative regime, not for people who are sanctioned and their economy is fucked.

                                  If you’re prevented from leaving your country, then that’s your government that is taking advantage of you, not anyone else’s government, all of which have the absolute right to refuse trade deals with your government.

                                  Sanctions are a tool that governments use to shape the behavior of others, and are generally a rather humane alternative to war - and I don’t hear you calling for the US to invade Iran to replace your government. Those are your two options - sanctions and war, because it’s insane to just continue to do trade with an authoritarian government with no repercussions.

                                  I know that you have a hard life - but that’s not the fault of the US government, that’s exclusively the fault of the Iranian government. Direct your anger there, where it belongs.

                                  1. 2

                                    It’s sad to see such uncritical acceptance of the worst parts of US foreign policy being espoused on this site.

                                    1. 1

                                      Please don’t display such unprofessional and un-intellectual behavior here

                                      I apologize for that.

                                      This is false - the Iran sanctions target the nation of Iran. You stop being an Iranian, the sanctions stop applying to you - so, by definition, they don’t target people.

                                      You just repeated what I said and then claimed they don’t target people. Did you read what you wrote?

                                      No country owes your country any kind of trade deal - nations have the absolute right to refuse to do business with any other nation for any reason. Doing trade with another country is a privilege, not a right. It’s your government that’s responsible for taking care of you, not the United States - and, in this case, it was also the actions of your government that caused the US to sanction you, as they don’t just go around randomly refusing to do business with countries by rolling dice.

                                      You’re talking about something completely different. What a government does should not put people in this situation. Iranian government is authoritative and not democratic. Sanctioning all Iranian people for what that regime does is inhumane.

                                      What you say about other governments wanting to trade is false because many countries want to trade but they can’t because U.S. forces them with its power. Now you can say it’s Iranian government’s fault, and I agree, but people are innocent and sanctioning all people of a nation is inhumane.

                                      If you’re prevented from leaving your country, then that’s your government that is taking advantage of you, not anyone else’s government, all of which have the absolute right to refuse trade deals with your government.

                                      This is completely irrelevant. Doesn’t matter whose fault it is, U.S., Iran, or any other government, I don’t care what a government thinks about me, I care for people. What Iranian regime does is what any other authoritative regime does, sacrificing people for its own benefits. That is however not a reason for any other government to impose inhumane rules and laws on innocent people.

                                      I know that you have a hard life - but that’s not the fault of the US government, that’s exclusively the fault of the Iranian government. Direct your anger there, where it belongs.

                                      It is partly U.S.’ fault though. U.S. is not innocent in this. You don’t want to accept it? Fine with me. I’m not responsible for what you believe. I don’t accept what Iranian government does, but that doesn’t mean U.S. is innocent country who is forced to impose sanctions on all people. U.S. is no different than Iran when it comes to human rights, the only difference is that Iranian regime kills its own people more obvious than U.S.

                              2. 5

                                Don’t evade sanctions (see #1).

                                These “sanctions” are only between some countries (like the USA) and Iran. There is a lot of other countries that have actually good relations with Iran, and they aren’t “evading sanctions”: USA doesn’t rule the world.

                                1. 3

                                  I was curious about this so I looked it up. This article seems to indicate that this sort of discussion or advice wouldn’t be an issue at all. Also this law seems to say directly providing web hosting or domain name registration wouldn’t be an issue for blogging, etc.

                                  I’m not a lawyer, this is not legal advice, etc. I’m guessing these kinds of laws are usually enforced based on politics more than the laws themselves, but who knows.

                                1. 5

                                  I am sorry but as a European and a developer that uses open-source, I like the ruling (from what I can see). Basically, the court says that once you license something to someone and they break the license terms, you can’t go and wildly (maliciously?) claim that they pirated your software to which you hold copyright without any permission (which I would consider to be an intimidation tactic). If a user broke the terms of the GPL license, the court would only consider it as a violation of the licensing agreement. Though I think the court needs to consider if the consumer entered the licensing agreement without any intention of honoring it, which is what I think happened here. GPL is still enforceable in France as far I understand.

                                  1. 3

                                    I don’t get logic of this ruling either. Did they license it to the offending company specifically? If not, how is that different from piracy?

                                    If I install a copy of Windows that Microsoft has licensed to some enterprise, but not me, is that also just a contactual dispute?

                                    1. 1

                                      Yes, that’s the point why this is so significant – if I am understanding correctly (and I am not a lawyer), the court has interpreted software piracy as purely a contractual dispute in French law.

                                  1. 2

                                    Does k8s also suffer from this in the default configuration?

                                    1. 3

                                      The short answer is ‘no’. This is among the reasons for CNI and why, with Calico say, you often see a boatload of interfaces on the node.

                                      The right way for all of this was mentioned in an above comment – create and bind and specifically route a virtual subnet/interface – which is what CNI is automating.

                                    1. 9

                                      The trackpads are now too large.

                                      I can’t tell you how many times I’ve been in the middle of typing something when the trackpad decides that I really wanted the cursor to be a few lines up from where I just was. It’s a large and infuriating number.

                                      1. 1

                                        Yes, I had to disable Tap to Click functionality so that only real clicks are registered.

                                        1. 5

                                          Tap to Click is disabled by default, right?

                                      1. 10

                                        I use Microsoft Sculpt Ergonomic keyboard.

                                        I was using the Mac keyboard beforehand, but my left wrist + ligaments on top of the hand started hurting after prolonged usage, so I knew I had to switch to an ergonomic keyboard. One of the best purchases of my life. Tbh, I rly dislike the fact that the keyboard is connected thru USB instead of bluetooth, but I assume that’s some business decision, in order to force pairing the keyboard with the mouse (cuz you can’t buy the keyboard standalone… it comes with the mouse).

                                        1. 2

                                          I also use this keyboard on a Mac and I absolutely love it.

                                          1. 2

                                            I use the Microsoft Sculpt Ergonomic keyboard too. I love it. It feels great to type on even after long periods. It’s not huge, it’s light and easy to move around my desk. It’s not mechanical unfortunately. I also wish it was Bluetooth. But honestly, the worst part for me is whatever material they used for the palm rest wears away relatively quickly. I’m already on my 2nd keyboard and thinking about buying another one. I might buy a bunch because Microsoft will stop making them at some point and I don’t want to pay a fortune in the post-production market.

                                            1. 4

                                              But honestly, the worst part for me is whatever material they used for the palm rest wears away relatively quickly

                                              I’ve had to take apart my 1st to try and repair it, but failed. I noticed though while taking it apart, it is VERY easy to replace this wrist rest material with something of your own. It would be a easy modification to use another material.

                                              I think a big reason behind the material they chose is it’s easy to clean while still being soft.

                                              1. 2

                                                Can you explain? I didn’t think the wrist rest would be that easy to replace, mostly because of the shape and how it’s attached to the rest of the plastic. What material do you recommend and how would you get everything fit in nicely?

                                                1. 3

                                                  You wouldn’t replace the rest but the material. The material just slides right off :)

                                                  1. 2

                                                    I get it now. Very interesting. I don’t think it will be easy but peeling off just the stop surface is more promising than that what I was originally picturing. Thanks.

                                            2. 2

                                              You used to be able to buy one without a mouse, and it still used the dongle.

                                              It’s a mixed bag: I lost the dongle to one keyboard, which sucked. On the other hand, my experience (which I’ve heard echoed from others) is that wireless dongles connect much more reliably than Bluetooth.

                                              1. 2

                                                I use the old-style Microsoft Ergonomic Pro keyboards - produced when they were switching from PS/2 connectors to USB, so they come with a split connector with both. Right now I troll eBay for ones that look like they’re in good shape (haven’t found new in box for sale) because there hasn’t been a good replacement made since the early 2000s. The Logitech ergonomic keyboards from early 2000s were good, but it seems Logitech got out of producing real ergo keyboards.

                                                1. 2

                                                  It’s a shame they don’t make a slightly better quality one, as the ergonomics is just perfect. Plus, it doesn’t differ so much from a regular QWERTY keyboard.

                                                  However, some keys get stuck, latency is a bit too high for my taste and the rubber palm rest gets damaged too quickly.

                                                  1. 2

                                                    Thanks for the recommendation! Btw, seems like you can indeed buy a keyboard alone: https://www.amazon.de/Ergonomische-Tastatur-Microsoft-Sculpt-QWERTZ-Layout/dp/B00EY8PXZG/

                                                    1. 1

                                                      Oh, dope! I didn’t know that! Will do when I’m replacing my current one! Thanks!

                                                  1. 9

                                                    I’m seriously considering getting one of those M1 macs eventually (currently using a Dell laptop running Linux). However, one of my big worries is Big Sur. Not only doesn’t macOS look “pretty” or “serious” anymore in my eyes; the increasingly locked down and iOS-ified nature of macOS isn’t very attractive.

                                                    As usual with Apple, their hardware seems amazing, but their entire software philosophy is keeping me away. This used to only really apply to iPhones and iPads, but is clearly increasingly applying to Macs as well.

                                                    1. 2

                                                      But why is it appealing to buy hardware where you can’t even replace you RAM or SSD to upgrade or fix it. Where you have to use dongles for everything that’s not charging and where you have to discard the whole MoBo when for example RAM/SSD is broken while the company claims to be so environment friendly ? And don’t get me started on trying to provide local backups in timemachine for apple users without the Cloud. The only real reason I can see apple going all-in on security is that you can suddenly sell DRM on SSDs and Buttons in the name of hardware verification.

                                                      Sure if you want this processing power and battery lifetime today, you’ll have to buy these machines. Otherwise you could wait till the competition has something to provide, while surely even more software is capable of running on these chips by then (and apple shipped the next version of their hardware, probably making the old version obsolete).

                                                      1. 4

                                                        I’m not convinced that the competition will keep up with Apple’s CPU design. If they were capable of that, surely there would have been Android phones with CPUs which could compete with iPhone CPUs on both raw performance and performance per watt, but to my knowledge, Apple is generally years ahead of the Android market on the CPU design front.

                                                        Granted, this is largely based on a feeling I’ve gotten from following the tech world for many years, not based on hard numbers. But I looked up some benchmarks just now for the purpose of this comment, and it seems like my impression is correct. If you have some source which shows that the Android market is usually on par with contemporary iPhones in the CPU performance department though, I’m all ears.

                                                        (I kind of ignored your other points because I largely agree with them by the way. We could go back and forth regarding my own personal reasons why it might or might not be a worthwhile trade-off, but I don’t think that would be a very interesting discussion.)

                                                        1. 1

                                                          surely there would have been Android phones with CPUs which could compete with iPhone CPUs

                                                          I don’t think you can compare android and apple phones to latops or non-mobile processors. Most of the android phones are plenty fast while not costing as much as the apple versions. I personally won’t buy a phone > 400€. And I can get the ~top model Hardware for 300€ from chinese vendors (or get really reusable smartphones from fairphone). And all of them are more than enough for some browsing and messaging. The Camera is already top notch for me (9t pro). So I don’t see why you would require even more CPU power and battery lifetime. ( I can pretty much not charge my phone for a week if I don’t go on reddit)

                                                          For laptops and desktop systems I think that it’s something entirely different. Because you obviously want more power for you portable devleoper/games hardware and long lifetimes. Here People showed that they’d buy hardware with windows that is evenly priced to apple laptops (or more). So it’s not a niche. The same goes for server processors.

                                                          As far as I know there are two additional things: Intel is still struggling to reach the same structural size for their chips as the apple ones, which are manufactured somewhere else. And AMD is currently catching up pretty fast. On top of that ARM isn’t something only apple can use and ARM servers are getting more popular. So all of this sounds to me like arm vendors/intel/amd will catch up. One thing where I can imagine apple having a big lead is with their SoC base that allows to easily optimize the CPU with multiple ASICS like video encoding or machine learning co-processors. But ultimately qualcom does SoCs (for different reasons like LTE + GPU) since ages for smartphones while providing the base for Apple. So I’d guess that we will see more SoC systems and matching drivers (no problem on windows/apple) in time, which take advantage of cpu+co-processors sitting on the same die. [If nvidia could buy ARM this could get massive in terms of cuda/gpu and ARM cpu on the same chip.]

                                                          1. 1

                                                            SoC base that allows to easily optimize the CPU with multiple ASICS like video encoding or machine learning co-processors

                                                            Which just means we will need more support for chips that can do more. Basically moving from “oh a CPU + interrupt controller and some basic GPU” to CPU+GPU+.. in one packaged and maybe some kind of unified interface as apple has, to allow your users to just use an accelerator chip if one exists. But looking at the state of video acceleration I’m not sure if we’re moving forwards or backwards in linux.

                                                      2. 2

                                                        I would probably still recommend doing it (I rely on Parallels to run Windows and a few tools that use kexts so neither Big Sur nor M1 is a viable path for me so far, for the record). However, I kind of unconsciously started to rely on bash-/ruby-scriptable things more over time and increasingly try to run all kinds of automation on my home Ubuntu server (with xrdp for occasional things that require a GUI) or my secondary Thinkpad machine with Manjaro. The UI stability and the battery life are still awesome on macOS and latter just got better (and yes, you still need to fiddle with packages from AUR to get a relatively old Thinkpad T430 to work well in 2021 and yes, a package upgrade can still make your GUI flicker until you reboot, which was one of the main reasons to switch from Arch to macOS for me in the first place). Also, if you are ready to pay, apps that run on macOS get more polish. However, I don’t want to do anything on my macOS that cannot be done on Ubuntu these days unless I really need to (eg I do most of my diagramming using draw.io unless I really need OmniGraffle, which obviously blows draw.io out of the water). Also, many apps are doing “move fast and break things” stuff, e.g. Evernote dropping AppleScript automation, which further reduces any desire to invest into lots of macOS-specific workflows/automations.

                                                      1. 2

                                                        I guess we should look forward to all false positives around research CUDA kernels involving Keccac being rate limited. Though it seems that https://eth.wiki/en/concepts/ethash/ethash has more things to fingerprint than Keccac itself.

                                                        1. 6

                                                          I get the emotional appeal of iconoclastically rejecting a conventional stack for something simpler. But I think running everything on a single machine is going too far.

                                                          In 2015, my Christmas Day with my family was interrupted by the DDoS attack on Linode. I’ve also seen connectivity issues spanning multiple servers in the same data center at Vultr. So, while it causes cognitive dissonance (see my comments on the thread about colocating one’s own servers), I have better peace of mind relying on a redundant stack at AWS.

                                                          Also, a highly available multi-tier architecture doesn’t have to have the kind of insane complexity that we like to ridicule in our caricatures. Many applications can get very far talking directly to a client-server RDBMS without a caching layer. Also, there are projects like PostGraphile that leverage advanced features of Postgres to provide things like real-time notifications and work queues without adding extra services like Redis, Kafka, or RabbitMQ to the mix. With something like PostGraphile, one can get very far with a managed Postgres service, a managed load balancer, and simple stateless application processes.

                                                          1. 14

                                                            Not all web-applications require a distributed stack. We are living at the start of an era of federated services targeting small communities. We need software that is cheap to run and deploy. Litestream helps to fill that niche very well.

                                                            1. 5

                                                              I wouldn’t say it’s purely an emotional appeal, though I think there’s a lot of “alternative-en-vogue” on Lobsters. It depends on the scale your running your web service. I write five-nine services for work and they take a lot of engineering. But when our company was smaller, we wrote to three-nines. And if you’re running a Fediverse node that hosts maybe a hundred users, you can probably get away with two-nines or less. If you’re running a Fediverse node for yourself, your uptime is probably how you’re feeling that day. I’m happy to see DB solutions target the entire breadth of web development. A lot of my personal web services just leverage a Postgres or Redis instance on the box.

                                                              1. 2

                                                                I think if you’re running a small-scale single-node service, SQLite is an even better choice than Postgres, etc., since it’s basically zero-configuration; there are no extra processes or logins or points of vulnerability. All it needs to know is what directory to put the DB file in.

                                                              2. 1

                                                                I thought about this a few times and every time I ended up doing a rough math of a bill a DDoS attack could rack up in terms of bandwidth charges alone and it always brought me back to my senses: I will rely on as much protection $200 can buy me at Cloudflare and no more. Plus, there is always a chance to misconfigure an autoscaler and every time I see articles like https://news.ycombinator.com/item?id=25372336 (written by an ex-Googler), I think to myself: “Unless I am losing lots of money for every minute of downtime, I’d rather see my system go down for a few hours and be woken up by angry clients than wake up to see a $10k+ bill. It will be cheaper to offer them a discount next month in almost every case.”. If you think I am nuts, just check how AWS or GCP reimburses customers when they breach their own SLAs.

                                                                Edit: here is my previous back-of-the-napkin math https://news.ycombinator.com/item?id=23554896

                                                                1. 1

                                                                  What do you use for the database? I would like a database-as-a-service (Postgres or MySQL) but haven’t used them or know which ones are good.

                                                                  I think having the database be “managed” and have some flexibility in the compute could be a good compromise. So you can fail over the web processes but leave someone else to manage the database.

                                                                  I used MySQL on Dreamhost a few times. It worked well but I remember having a performance issue. I did some trick in Python that made it fast, but it was slow in PHP (which surprised me). I guess I should try one of their dedicated plans, not shared plans. Although they may only let you connect from a single host – not sure.

                                                                  From my experience the single Dreamhost box that I run https://www.oilshell.org on has more than enough uptime and performance, but it doesn’t use any database. (It does use a few dynamic processes, though it’s mostly static)

                                                                  1. 2

                                                                    Amazon RDS is working well for me.

                                                                1. 2

                                                                  Practical question: if I want to keep remote access on in my macOS, Linux (xrdp) and Windows machines, are there good references on how to secure them? Zerotier/Tailscale/SSH/OpenVPN/ plain Wireguard + listening only on local ip ranges comes to mind first but not sure how to do better. I would also like to set up push notifications or at least SMS notifications when a remote login happens as opposed just having local logs with logrotate.

                                                                  1. 5

                                                                    Betteridge’s law strikes again.

                                                                    One of the key features of a blockchain, which the author tries to handwave away, is that every link in the chain is verifiable, and unalterable. The author tries to claim that because each commit carries a reference to its parent, it’s a “chain of blocks”, but it’s not so much a chain as just an order. You can edit the history of a git repo easily, reparent, delete, squash, and perform many other operations that entirely modify the entire chain. It was kinda made that way.

                                                                    1. 12

                                                                      The technical properties of git’s and common block chain data structures are relatively similar.

                                                                      You can also fork a bitcoin block chain and pretend that your fork is the canonical one. The special bit about block chains is that there’s some mechanism for building agreement about the HEAD pointer. Among other things, there’s no designated mover of that pointer (as in a maintainer in a git-using project), but an algorithm that decides which among competing proposals to take.

                                                                      1. 16

                                                                        They are technically similar because both a blockchain and a git repo are examples of a merkle tree. As you point out though the real difference is in the consensus mechanism. Git’s consensus mechanism is purely social and mostly manual. Bitcoin’s consensus mechanism is proof of work and mostly automated.

                                                                        1. 2

                                                                          Please stop referring to “Proof of _” as a consensus mechanism. It is an anti-sybil mechanism, the consensus mechanism is called “longest chain” or “nakomoto consensus” - you can use a different anti-sybil mechanism with the same consensus mechanism (but you may lose some of the properties of bitcoin).

                                                                          The point is that there are various different combinations available of these two components and conflating them detracts from people’s ability to understand what is going on.

                                                                          1. 2

                                                                            You are right. I was mixing definitions there. Thanks for pointing it out. The main point still stands though. The primary distinction between a blockchain and git is the consensus mechanism and not the underlying merkle tree datastructure that they both share.

                                                                          2. 1

                                                                            Mandatory blockchain != bitcoin. Key industrial efforts listed in https://wiki.hyperledger.org/ are mostly not proof-of-work in any way (the proper term for this is permissioned blockchain, which is where industrial applications are going).

                                                                            1. 2

                                                                              You are correct. I don’t disagree at all. I used bitcoin as an example because it’s well known. There are lots of different blockchains with different types of consensus mechanisms.

                                                                        2. 2

                                                                          You can make a new history but it will always be distinct from the original one.

                                                                          I think what you’re really after is the fact that there is no one to witness that things like the author and the date of a commit are genuine – that is, it’s not just that I can edit the history, I can forge a history.

                                                                          1. 1

                                                                            Technically you haven’t really made the others disappear. They are all still there just not easily viewed without using reflog. All you are really doing is creating a new branch point and moving the branch pointer to the head of that new branch when you do those operations. But to the average user it appears that you have edited history.

                                                                            1. 1

                                                                              what was all that hullabaloo about git moving away from SHA-1 due to vulnerabilities? why where they using a cryptographic hash function in the first place?

                                                                              what you said makes sense, but it seems to suggest this SHA-1 thing was a bit of bikeshedding or theater

                                                                              1. 2

                                                                                Git uses a cryptographic hash function because it wants to be able to assume that collisions never occur, and the cost of doing so isn’t too large. A collision was demonstrated in SHA-1 in 2017.

                                                                                1. 3

                                                                                  SHA-1 still prevents accidental collisions. Was Git really designed to be robust against bad actors?

                                                                                  1. 2

                                                                                    ¯_(ツ)_/¯

                                                                                    1. 1

                                                                                      The problem is that it was never properly defined what properties people expect from Git.

                                                                                      You can find pieces of the official Git documentation and public claims by Linus Torvalds that are seemingly in contradiction to each other. And the whole pgp signing part does not seem to be very well thought through.

                                                                                  2. 2

                                                                                    Because you can sign git commits and hash collisions ruins that.

                                                                                    1. 1

                                                                                      ah that makes some sense

                                                                                1. 4

                                                                                  I stopped little later. On 2011 laptops such as T420s/X220/W520.

                                                                                  Some make one step more and buy T430s/X230/W530 and mod them with T420s/X220/W520 keyboard.

                                                                                  I really like frankenpads such as T62 or X330 which use old cases with new motherboards and screens.

                                                                                  Currently there is no new laptop that would have a real 7-row keyboard. Not. Single. One.

                                                                                  The last one was ThinkPad 25th Anniversary Edition from 2017 but it was limited to 5000 units only.

                                                                                  If someone would now force me to get a new laptop I would get something with bright FHD screen and got a wireless mechanical 87 keys keyboard for it.

                                                                                  I really can not understand why Lenovo would NOT provide a permanent classic/retro line of X220/T420s/W520 successors such as the limited ThinkPad 25th Anniversary Edition from 2017 …

                                                                                  I also really miss ThinkPad X300/X301 as these were never really replaced by anything … and do not start with ThinkPad X1 Carbon - its a different kind of beast.

                                                                                  Regards.

                                                                                  1. 2

                                                                                    Some make one step more and buy T430s/X230/W530 and mod them with T420s/X220/W520 keyboard.

                                                                                    Wow, I did not think this was possible: https://www.flickr.com/photos/106799167@N06/10512559895/ (some remapping is required, apparently but not disastrous)

                                                                                    1. 3

                                                                                      This is most important part - to flash EC (Embedded Controller) with modded firmware:

                                                                                      https://github.com/hamishcoleman/thinkpad-ec

                                                                                      There are also hacked/custom BIOS files that have WiFi card whitelisting - so you can put ANY WiFi card instead of only the supported ones.

                                                                                      Here:

                                                                                      https://www.thinkwiki.org/wiki/Custom_BIOS#Whitelist_Removed_BIOSes

                                                                                  1. 2

                                                                                    Cross-posting my HN comment:

                                                                                    A bit strange it did not reach the front page [on HN and there is no discussion here]. On the other hand, there is not much to discuss:

                                                                                    And while I’m certain now that CentOS Linux cannot do what CentOS Stream can to solve the openness gap, I am confident that CentOS Stream can cover 95% (or so) of current user workloads stuck on the various sides of the availability gap.

                                                                                    I am not sure anyone felt “stuck” on CentOS 7 or CentOS 8 (of course, now they do).

                                                                                    Also, from https://www.itprotoday.com/linux/community-concerns-prompt-red-hat-drop-centos-centos-stream:

                                                                                    […] Fedora for example, do have a lot of bidirectional community involvement. Unfortunately, CentOS was never like that. It was always a community of users, so that that contribution model was mostly one way.

                                                                                    So I don’t think they are wrong here but it’s their fault. Canonical benefits from developers using Ubuntu on their laptops and private servers, maintining PPAs etc. Nothing prevented RH to give RHEL for free to developers sans support to get a similar effect. I don’t think Stream is going to cut it. I run Ubuntu LTS or Debian on my VMs because they are largely in sync and I have confidence I can apply my experience in a commercial environment. CentOS stream will have little to do with RHEL 7 environments you’d encounter in the enterprise. I think HPC community will migrate to Rocky Linux around 2024, at least the academic part.