Threads for dtgriscom

  1. 6

    As the first two articles in the list mention, the correct solution to this is simply to add an & to the variable declaration.

    I was bitten by variants of this in C++ code a few times when I started using auto but never in code like this. The author writes Orbitor o : orbitors. If they’d written Orbitor o = someObject.getOrbitor() then that would be a copy. This feels like a problem for someone coming from a Java or similar world, where objects are always accessed via reference and are only ever copied explicitly. In C++, Orbitor o defines a variable with a value type. Any assignment to it must be a copy. If you want to avoid accidental copies, you can make the copy constructor and copy-assignment operator deleted or private. If you do this, then the original example will fail to compile.

    With auto it’s a bit more surprising because assigning something that returns T& to a variable declared auto will cause the type to be inferred as T, which will cause it to copy. This is necessary because C++ doesn’t have not-a-reference syntax (or, in general, any kind of not-a-thing-of-this-kind type modifier). If auto inferred as T& then there’s no modifier to easily remove the reference type and force a copy.

    There’s a fun difference between auto and decltype here, which bit me in code that was supposed to stash errno. It used decltype(errno), which, because errno was a macro that evaluated to dereferencing a pointer that was returned from __errno(), ended up being resolved as int& (on some platforms - if errno is exposed as thread_local int errno then it resolved as int). Stashing it and restoring it involved capturing a reference and then doing self-assignment because decltype (unlike auto) doesn’t strip the reference qualifier. This is, again, important because you can strip it yourself with std::remove_reference but, if it were automatically stripped, then you couldn’t differentiate between T and T& in templates built from decltype.

    1. 3

      “We’re porting MacApp from Object Pascal, which we think of as a crayon, to C++, which is like a double-edged razor blade.” —Steve Friedrich, 1991

      1. 1

        With auto it’s a bit more surprising because assigning something that returns T& to a variable declared auto will cause the type to be inferred as T, which will cause it to copy.

        Wouldn’t you then use auto&?

      1. 3

        I was thinking this would be the old trope of implementing a single-pixel X windows server.

        1. 1

          Why stop there? I’ve implemented a 0-bit display driver that runs on any device, at any resolution, and frame-rate with no overhead or RAM usage!

        1. 1

          In high school, I learned programming on a Wang 2200-T. 8kB RAM, cassette storage. The instruction manual referenced an operation called “Master Initializing”: turning it off and then back on.

          1. 22

            I’ve been complaining to banks for over a decade that they train people to fall for this kind of scam. They cold call their customers and require the customer to authenticate by providing information about the account, before the bank will tell you anything. At the start of the conversation, neither party knows that the other party is who they claim to be but the bank has a bit higher confidence because they’ve called a number that’s on file. The customer has absolutely know information in the other direction: they have the caller ID number, which can be forged, and absolutely nothing else. The burden should be on the bank to prove that they are the bank, at the start of the conversation.

            In the last year, Barclays has finally started doing something about it. The people that cold call you are now able to send a secure message through the app. If they call you, you log into the app, and see a message saying ‘hello, I am {person} from Barclays, I am talking to you on the phone’ then you know that one of the following is true:

            • They are from the bank.
            • They have compromised the bank’s back-end system.
            • They have compromised the device that you’re running the app on.

            Of these, the first is probably a safe assumption. If it’s the second, you’re completely screwed anyway in the short term, but it’s definitely the bank’s liability. If it’s the third then they have probably compromised the app to the extent that they could also instruct it to make transactions on your behalf, so there’s not much of a downside to talking to them.

            1. 5

              A few years back, a friend of mine was at the bank when he received a phone call from the corporate call centre of that same bank. He did trust the unsolicited call, so he turned it over the the assistant branch manager he was currently speaking with to confirm that this wasn’t a scam.

              Several weeks later, he got a call back from the branch manager confirming that it had been a legitimate call. It had taken their own security team that long to figure out whether or not their own calls were legit.

              1. 5

                My company just switched to SAP Concur for expense reporting. Soon after, I got an email asking me to complete my profile. The link went to “”. Going to showed a generic Anti-Spam and Privacy statement. Nothing to do with SAP Concur, although there’s an “” email listed; gets bounced to “”, which talks about “Curating the Banking Experience.” Despite all appearances, it was a legitimate email.

                I have no clue why a purportedly experienced and professional company would think this is OK.

                1. 5

                  100%. I just got a call from my local Chase branch the other day: “Hi this is Jack from Chase, I wanted to discuss your account.” A google of the phone number didn’t even link back to the bank. I told him I needed some verification.

                  He sent me an email from his Chase email account that was verifiable, but I remember having the same feeling like, given the scams that are ongoing why would Chase communicate with customers like this as a policy?

                  1. 4

                    He sent me an email from his Chase email account that was verifiable

                    How was it verifiable? I bet most Chase customers aren’t able to verify DKIM signatures reliably…

                    1. 2

                      Most are not, I’m a security engineer so it’s not a big deal for me. Actually I have Thunderbird set to verify DKIM automatically.

                  2. 3

                    The banks here have been doing electronic ID for about 20 years and I don’t recall getting a single call ever.

                    I wonder what the scams here are like.

                    1. 1

                      Here it’s phishing email. The banks I’m with have clear communications, strong paper-based auth since before apps, and perpetual warnings about frauds everywhere.

                      Their problems are with UX and shitlisting rooted androids/Sailfish’s android support, but scams are easy to pick up on cuz it’s all email.

                      Or I’ve been lucky and only received those “support” calls from “Microsoft”.

                    2. 2

                      I’m not sure my banks have a phone number for me. If they tried to call me they would only get voicemail.

                    1. 4

                      I like “SERAI”, then if I haven’t gotten many hits “POUTY”. That’s all the vowels, which helps me organize my thinking about the possible words. (Today, I tried SERAI, then POUTY, then got the actual word on the third try.)

                      1. 4

                        It irritates me no end when a product won’t register a brief press of a button due to “debouncing.” Many developers think that debouncing means “ignore the signal until it’s been stable for a while.” My VW Golf’s horn does this; you need to briefly hold the horn switch before you can get a beep.

                        Assuming that your switch is stable when it isn’t being used (no external noise), this delay is completely unnecessary. My go-to (software) algorithm for debouncing has always been to register the very first transition I see, but don’t allow a reversal of that transition before, say, 10ms has passed. Easy peasy, and it gives full control to the user without spurious transitions.

                        (And, this post should be marked “2019”.)

                        1. 1

                          That sounds like a nice solution to debouncing in the situation you describe. You could apply some kind of filter to stop noise if noise were an issue. I feel like there should be a proper categorization of these debouncing methods

                        1. 7

                          “One of my mates realize me that a lot of people grown up even without ever using the INS/DEL HOME/END PGUP/PGDN layout.”

                          To take a different perspective, I see this as a tradeoff, not a loss. The tradeoff is better touch-based manipulation (indirectly via trackpads and directly via touchscreens) facilitating more natural ways of viewing content. There’s also been more content-derived methods of paging through content (e.g. the headings sidebar in google docs, cmd+t, cmd+p shortcuts in coding editors, etc.). It’s arguably more modal (i.e. less obvious) than dedicated buttons but more precise than a fixed-length approach of ‘pagination’ that could be argued as more of a skeumorphism back to physical paper.

                          1. 3

                            better touch-based manipulation (indirectly via trackpads

                            I had Macbooks for years, and the more I had to hold my fingers in the unnatural two-finger scrolling claw pose the more strained my hands felt. I was glad to eventually give up multi-touch trackpads completely. On the other hand, I never felt like the Page Up/Down buttons were giving me repetitive strain injuries.

                            1. 1

                              Were you using your thumb and pointer to scroll? I use my pointer and ring fingers, and they just fall in the right position to scroll. Easy peasy, and certainly no stress. (Macbook Pro Retina 15” 2018.)

                          1. 4

                            Post title has been corrected to “11 mm in 1.25 nanoseconds”

                            1. 2

                              Anthropomorphizing software: “my code is out to get me”…

                              1. 2

                                On my 10.14.6 system it’s at /System/Library/Frameworks/JavaScriptCore.framework/Versions/Current/Resources/jsc (note the “Resources” instead of “Helpers”).

                                1. 4

                                  And, a quick test shows that a jsc “Hello World” runs in 14ms, while a Node “Hello World” runs in 76ms. Running simple utilities in 1/5 the time isn’t anything to sniff at.

                                1. 21

                                  Of all of these, the most important is text handling. This is the biggest reason that macOS apps provide a clean and consistent UI: NSTextView is sufficiently powerful to do everything from displaying a label to rendering multi-page documents with tables and figures inline. Almost equally importantly, it’s coupled with a rich text abstraction that allows coupling arbitrary bits of metadata to a range of characters so users can attach semantic markup information and then generate instructions for the text renderer with the same data structure.

                                  The WebView is similarly complicated. If you’re building your own widget set then you either need to make your web view use them or it will feel weird. When Google forked WebKit to make Blink, they ripped out a load of the UI toolkit abstraction layers, so you’re probably stuck with either WebKit or Gecko, both of which have tremendously exciting build systems.

                                  For input, it’s really worth looking at Taligent, which had a fantastic model that decoupled raw UI events from higher-level inputs and provided mechanisms for adding custom ones easily. Things like gestures are trivial to add in this model.

                                  macOS is also about the only system I’ve used that gets drag-and-drop right (I think X11 does? Wayland gets it wrong): Drag and drop is fundamentally different from copy-and-paste because copy-and-paste has to handle the case where the source program has quit before the paste, whereas drag-and-drop must be completely responsive. This means that a drag should provide a list of possible types and nothing else, you should not require the actual data to be provided (which can take a few seconds if you’re dragging something like a video) until the drop event.

                                  1. 10

                                    I think X11 does?

                                    X drag and drop works very similarly to the X clipboard. Now I know a lot of people love to hate the X clipboard since it doesn’t persist when the program exits but I actually like it a lot but regardless, like you said,t hat model works really well for drag and drop anyway.

                                    The dragging application advertises that it has something and tells windows it passes over that it is passing over, then the window can ask for the list of types you offer. If they like one, they tell you what operations they will allow (the dragger application is always responsible for updating the cursor so it needs to know). If the user drops, then the drop application asks the drag information for a particular format from the advertised list and the data is transferred in incremental chunks. All these interprocess asks are done through the X server as the middle man rather than strictly peer to peer, to ensure it works even if the applications are running on separate closed-off machines.

                                    X copy paste is basically that same process, just without the dialog with the dragger. The “copy” application advertises it has something, which takes ownership away from whatever previous app (if any) had it. Then the pasting application knows it can ask the “copying” application for the list of formats. If it likes one, it asks for the data and it is transferred over. (I used scare quotes because nothing is actually copied until the transfer of a specific format requested. This is why people hate it but also why I like it - it is flexible and efficient, once you get to know it at least.)

                                    The Windows way for drag and drop actually can be really similar to the X way btw: you provide a COM interface that has methods that provide formats on-demand. One method lists the available options and another method requests a copy of one of the formats. You don’t need to actually copy things up front…

                                    EDIT: I guess lobsters doesn’t let me do two comments on separate topics to the same parent. oh well

                                    Of all of these, the most important is text handling.

                                    I think the text handling thing is why HTML did so well. You can pretty easily mix and match rich text and in-flow controls. That kind of thing was a legit pain to do in old desktop apis - they’d tend to offer something high level like a pre-packaged RTF widget and something low level like the text metrics…. but that middle level of html’s mix took a lot of work. The RTF with OLE components is about as close as you got but like html is soooo much simpler.

                                    1. 16

                                      That kind of thing was a legit pain to do in old desktop apis - they’d tend to offer something high level like a pre-packaged RTF widget and something low level like the text metrics…. but that middle level of html’s mix took a lot of work. The RTF with OLE components is about as close as you got but like html is soooo much simpler.

                                      NSTextView with NSText (NSAttributeString) gives you a very similar level of control to HTML. It’s not a coincidence. The original WorldWideWeb was a very thin wrapper around NSTextView that stripped the tags from a string and converted them into NSAttributedString tags before passing the result to the NSTextView for rendering.

                                    2. 4

                                      tremendously exciting build systems

                                      I’m not sure, but I’m guessing this isn’t a compliment…

                                      1. 1

                                        I thought it was excellently put tho :)

                                      2. 3

                                        Similarly, Win32 used to have its RichEditEx decades ago, although not as able.

                                        Windows also had a universal web view component. It forms some of the most jarring additions to Windows 98 and mainly 2000.

                                        I don’t see how Wayland does it wrong: X11 and Wayland have fully “responsive” DnD and selections, which is what you seem to be concerned about. On the other hand, they share the aspect of the selection disappearing with its owner, so in both you need a clipboard manager to retain them, preferably for text/images only–it’s a decision to make.

                                        1. 9

                                          Similarly, Win32 used to have its RichEditEx decades ago, although not as able.

                                          It’s been around for ages, but it’s not very useful. It didn’t have a real abstraction over the rich text (it kind-of does now) so if you wanted to use it as anything other than an opaque source or consumer of RTF data, you ended up having to write your own RTF parser and generator.

                                          I am led to believe (with no insider knowledge, through things I’ve read in the press) that in the ‘90s the Office team was deeply concerned that a more powerful rich text widget would make it easy for people to write a Word competitor. With NSTextView, you can write something that’s got the core feature set of Word ’97 (styles, multi-column layout, live spell checking, inline images, printing, and so on) in around a thousand lines of code and something quite polished in about 10K. Keeping a bunch of those features Office-exclusive probably led to a lot of the growth of web apps early on: It was easier to write a web app and delegate UI text layout to IE than it was to deal with RichTextEx.

                                          I don’t see how Wayland does it wrong:

                                          Oh, great! It looks as if this has been fixed since I last looked at Wayland in detail (which, I now realise, was probably at least 10 years ago, back when I was actively contributing to GNUstep). Back then, their protocol was built on top of copy-and-paste: you put every format that you could provide onto a pasteboard (I can’t remember the Wayland terminology) at the start of the drag. To be honest, getting this so fundamentally wrong was the main reason I stopped paying attention to Wayland. It’s probably been fixed for a long time without my noticing.

                                          1. 5

                                            I also used to be angry at Wayland, but it’s developing, albeit very slowly.

                                            In particular, I thought it wouldn’t be possible to monitor all selected text, though Sway, which is what I’d naturally use for a WM, now supports both Xwayland synchronisation, and some unstable protocols to do it natively. But, e.g., I still don’t get 10-bit colour or indicators like nm-applet, so it’s plainly worse than + i3, and will likely stay that way for a few years to come.

                                            My dislike of Wayland has hence shifted towards this complexity. The core is tiny, and you need to have the extensions you want supported by the compositor. Not much can be depended on.

                                            Something about throwing the baby out with the bathwater.

                                            1. 8

                                              My dislike of Wayland has hence shifted towards this complexity. The core is tiny, and you need to have the extensions you want supported by the compositor. Not much can be depended on.

                                              Well, it’s good to know that they didn’t replicate the problems with X11, which has a tiny core and implements everything in different extensions (some in the X server, some provided by the window manager or compositing manager) that don’t always compose well and are not universally supported.

                                              1. 1

                                                I’m not a person that uses tray icons, but I think the nm-applet weirdness only applies to swaybar, which is a specific status bar and not anything inherent to the protocol itself. It doesn’t reflect on Wayland any more than a buggy GNOME status bar would reflect on X.

                                                That being said, the “tiny core + extensions” thing bothers me. Though wlroots does appear to give a decent baseline for stuff.

                                                1. 1

                                                  Sway and the bar are just indicative of the practical usability of Wayland–it still hasn’t caught up–also, the protocol doesn’t live in a vacuum. More examples can be found. E.g., someone on IRC had a problem with Wayland not supporting QWindow::requestActivate(), and when I looked into it, the protocol in staging (for once not unstable) meant to support this kind of functionality still can’t be used to implement this method. I taught him how to force the program to run under XWayland.

                                                  1. 1

                                                    Oh yeah, that’s a fair point. I misread you as blaming it on the protocol itself; my bad.

                                                    I’ve been using it to work on, but screen recording was iffy for a while, and I miss all the fancy tools X has. I hear it’s better in GNOME-land, but that’s because they have their own protocols for everything… bleh. And not having window urgency or a way for the currently focused window to transfer that focus is just bizarre.

                                                    (I used sway until very recently; I switched to river because I like its layout model more, and because of frustration with sway’s “no features that aren’t in i3” philosophy.)

                                          2. 1

                                            For input, it’s really worth looking at Taligent

                                            Can you point me to a resource that describes the way Taligent did this? I’m curious about how this works…

                                            1. 1

                                              It’s about 15 years since I last read the docs, back when we were designing EtoileUI. The API docs were online somewhere, but I didn’t bookmark them and I’ve no idea if they’re still there now…

                                          1. 3

                                            One of my early managers had a rule for estimating project times:

                                            1. List all the tasks

                                            2. Estimate the time in man-hours for each task

                                            3. Add the times together

                                            4. Multiply by π.

                                            If the project uses unknown technology, then instead of multiplying by π, multiply by π^2.

                                            1. 1

                                              It took me a while to realize: this is a per-process issue. If your process doesn’t use a lot of FDs, then feel free to use select() if you like; there’s no way that external conditions can ramp up the FD numbers.

                                              1. 2

                                                Is there any chance that this could work under MacOS 10.14 by changing an XCode config popup?

                                                1. 2

                                                  It uses SwiftUI, which doesn’t seem to work on 10.14 I’m afraid.

                                                  1. 1

                                                    Well, darn. I want my money back.

                                                    Something to look forward to when I finally upgrade…

                                                    1. 1

                                                      Hah! If you feel like converting the SwiftUI code to AppKit you could have it sooner ;-)

                                                1. 6

                                                  Spoiler: implementation used <ctype.h>, and was cursed by the C locale.

                                                  1. 17

                                                    It’s more subtle than that. ctype.h include an isascii, which returns true for things < 128. The FreeBSD libc version actually exposes this as a macro: (((c) & ~0x7F) == 0) (true if all of the bits above the low 7 are true). The regex library was using its own isascii equivalent implemented as isprint() || iscontrol(). These are locale-dependent and isprint will return true for a lot of non-ascii characters (most of unicode, in a unicode locale). This is not C locales’ fault, it is incorrect API usage.

                                                    The fact that the C locales APIs are an abomination is a tangentially related fact.

                                                    1. 2

                                                      true if all of the bits above the low 7 are true

                                                      Nit: it’s true if any bits above the low 7 are true.

                                                      1. 2

                                                        (true if all of the bits above the low 7 are true)

                                                        false if any of the bits above the low 7 are true

                                                      2. 3

                                                        To be fair, this is a kind of bug you can run into without needing to hit C locales.

                                                        For example, a few times I’ve had to re-teach people regexes in Python, because the behavior today isn’t what it was once upon a time.

                                                        To take the most common example I personally see (because of the stuff I work on/with), Django used to only support regexes as the way to specify its URL routing. You write a regex that matches the URL you expect, tell Django to map it to a particular view, and any captured groups in the regex become arguments (keyword arguments for named captures, positional otherwise) used to call the view. Now there’s a simpler alternative syntax that covers a lot of common cases, but regexes are still supported when you need the kind of fine-grained/complex matching rules they provide.

                                                        Anyway, suppose you want to build a blog, and you want to have the year, month, and day in the URL. Like /weblog/2021/02/26/post-title. Easy enough to do with regex. Except… most of the examples and tutorials floating around from days of yore are from a Python 2 world, where you could match things like the four-digit year with \d{4}. That only worked because Python 2 was an ASCII world, and \d was equivalent to [0-9]. In Python 3, the world is Unicode, and \d matches anything that Unicode considers to be a digit, which is a larger set than just the nine numerals of ASCII. So every once in a while someone pops up with “why is my regex URL pattern matching this weird stuff” and gets to learn that in a Python 3/Unicode world, if all you really want is [0-9], then [0-9] is what you have to write.

                                                        This seems to have been an instance of the same problem, where the decision was deferred to some other system that might have its own ideas about things like “printable”, instead of just writing it correctly from the start to only match what it intended to match.

                                                        1. 2

                                                          In Python 3, the world is Unicode, and \d matches anything that Unicode considers to be a digit, which is a larger set than just the nine numerals of ASCII


                                                          1. 1

                                                            Have the Python core devs ever articulated what kind of use cases motivate “\d matches anything that Unicode considers to be a digit”?

                                                            1. 3

                                                              UTS#18 gives a set of recommendations for how regex metacharacters should behave, and its “Standard”-level recommendation (“applications should use this definition wherever possible”) is that \d match anything with Unicode general category Nd. This is what Python 3 does by default.

                                                              So I would presume there’s no need to articulate “use cases” for simply following the recommendation of the Unicode standards.

                                                              If you dislike this and want or absolutely need to use \d as a synonym for [0-9], you can explicitly switch the behavior to UTS#18’s “Posix Compatible” fallback by passing the re.ASCII flag to your Python regex (just as in Python 2 you could opt in to Unicode-recommended behavior by passing re.UNICODE). You also can avoid it altogether by not using str instances; the regex behavior on bytes instances is the ASCII behavior.

                                                        1. 1

                                                          I’ve been trying to draw something that would flip 180°, but with no success. The best I can do is draw something tall and skinny that falls on its side, rotating 90°. Any suggestions? (Or am I putting too much mental energy into this?)

                                                          1. 12

                                                            What bothers me with this article is use of the word “Chinese”. I also see articles with “Russians” and “Iranians”. However, I never see an article with “Americans” or “US” doing the hacking (as they certainly do, many Snowden’s leaks confirm it). It’s always either NSA or some agency, and I found that disingenuous, since the former style puts emphasis on the whole nation, while the later just hides behind abbreviations and agencies. Words are important for shaping our relationships, and this style just deepens the gap between various nations.

                                                            1. 0

                                                              The assumption is that most things are done by Americans, so when you describe something that they’ve done you need not include the ostensibly redundant “Americans”. (Yep, I’m American, and am unfortunately guilty of this from time to time. Apologies on behalf of myself and my parochial fellow citizens.)

                                                              1. 4

                                                                That’s only your assumption as an American, I personally don’t have that in my mind when I read articles and do roll my eyes when someone ends up being US-centric (lots of US podcasts are guilty of this).

                                                                1. 1

                                                                  (lots of US podcasts are guilty of this)

                                                                  Heh, most of them are expecting your culture (school,law enforcement,government..) to be the same as the american one. It’s annoying.

                                                                  1. 0

                                                                    This was an American blogger, and my point was that many Americans (and a few others) do this. Hence my reference to “my parochial fellow citizens”.

                                                              1. 4

                                                                Java 1.0 was released in January 1996. In the fall of 1997 I was contracted to write a Java- and browser-based multi-player puzzle-piece sharing game for The Computer Museum in Boston. The goal was for it to be playable in Navigator and Internet Explorer, but since it used network communications the applet had to be signed.

                                                                Navigator and Explorer used completely separate and at times conflicting signing methods, and nobody on the Web had described how to sign for both. Hence this page.

                                                                1. 3

                                                                  I often submit bug reports to FOSS projects, without expecting an immediate fix on my behalf, and with the belief that my reports are a net benefit to the author(s). However, that ignores some aspects of the ecosystem:

                                                                  • When reviewing potential tools on Github, one sign of project health I use is “how many open vs. closed issues are there?”. In other words, I downgrade projects which don’t respond to bug reports.
                                                                  • Not everyone is as intelligent and thoughtful as me ;). So, projects must deal with lots of low-quality and spurious bug reports, especially when their tools are meant for general use (as are the OP’s).
                                                                  • It takes time and energy to review bug reports, even if no action is likely to be taken. This gets magnified by self-entitled users, again especially those of general-use tools.

                                                                  Topics like this are more subjective than they seem. The costs and benefits depend greatly on the project, the developers, the audience, and many other dimensions, not all of which are apparent to bystanders. Conclusion: although I wouldn’t choose the OP’s approach to the problem, I can’t say that it’s the Wrong Thing To Do.