1. 3

    Work:

    • Release documentation, and helping fix up the last few remaining edges in our installation process.

    Personal:

    • I’d suggested I could put up a e-commerce website for my wife’s various crafty/DIY creations, and she took me up on the offer this weekend. I’m using this as the reason to finally buckle down and learn Elixir and Phoenix, so this week will involve working on getting familiar with all of the moving parts involved there. We have a backup plan if the project gets to be too overwhelming, but I’ve wanted to see what happens on the other side of actually learning Elixir and Phoenix, rather than just giving up after 2 hours of not quite getting it. I plan on using Stripe for payment processing.

    If anyone has any advice on pitfalls to avoid when building an e-commerce site, I’d be interested in hearing them.

    • I picked up Godot again, after having been away from it for a while. Other than one person having a bug with key mapping or something, it seems to have a really nice HTML 5 game export with WASM. I’m considering making a game gallery as one of the ramp-up projects in Elixir. (I plan on building multiple smaller projects before I attempt to take on the e-commerce site. I want to have my sea legs before I take on that complicated of a project).
    1. 1

      If anyone has any advice on pitfalls to avoid when building an e-commerce site, I’d be interested in hearing them.

      My best advice is - don’t [1]. There are many security issues that may arise developing custom e-commerce website for the complexity which it requires. My best advice is to fork a stable, mature & open-source e-commerce and build it from such base.

      I pwned a few ECMS (Ebay//OLX to name a few) [2]; if those large in-house developed ECMS websites are vulnerable, so will be yours. The vulnerabilities will probably be logic-based; and framework won’t protect you from those.

      [1] https://twitter.com/0xduraki/status/1108908794208239616
      [2] https://duraki.github.io/reports.html

      1. 1

        Do you have any recommendations as to which open source projects to use?

        I think I stand a hope of building an E-commerce site that is at least not vulnerable to script kiddies (aka safe from SQL injection, CSRF and XSS). I also hopefully can keep the feature set small enough that it doesn’t have too many issues (the idea being that keeping the feature set smaller should hopefully keep the potential interactions under control, and make securing it easier).

        That notion probably sounds like lunacy to you, tho.

        1. 1

          I’m not sure I’m adequate enough to answer your first question. Magento comes to my mind but if I was, I’d do some comparison between choices. One with strict control, a lot of source reviews, and decomplexity (one which allows you to turn options on or off) would be a great fit. This would minimize your attack surface.

          As for the notion, again, be very careful. ECMS is both a target to gray hats and black hats for the juicy details they may find. Sometimes, script kiddies can make a bigger damage then professional infosec person.

          Best of luck with the development! :-)

    1. 9

      One blog post is at least a couple of hours of work and could be valued in hundreds.

      looks at list of first drafts that each have 10+ hours of work in them

      I don’t get how people can write a blog post in a couple of hours. Like I know it’s normal and everybody does it, I just… don’t get it. It doesn’t connect with my brain somehow.

      1. 2

        I’m with you. My posts take several days minimum.

        1. 2

          Quality over quantity. Yes, I dig that.

          1. 1

            Not sure how that discussion makes sense when no-one is specifying the size of the blog post. I write blog posts in less than 30 min but they are short.

            1. 2

              In my case the size of the post is only very loosely correlated with the time taken to write it. In fact much my time writing is editing it down to be smaller. Only rarely am I trying to edit it to be longer.

      1. 1

        Nice article. Can anyone of elders give more information on shell word from the old times?

        1. 5

          Apparently, the original Multics shell (sense 1) was so called because it was a shell (sense 3); it ran user programs not by starting up separate processes, but by dynamically linking the programs into its own code, calling them as subroutines, and then dynamically de-linking them on return.

          Source: http://www.catb.org/jargon/html/S/shell.html

          1. 1

            Wow, thats a nice gem of a site. Much appreciated.

        1. 4

          Something else to consider; the average age of a registered car is 10.7 years in Europe, and Google quotes 11.8 as the average age in the US. Possibly this is skewed somewhat by people collecting classic cars, but for decades, a new car has offered few advantages over a used one.

          PCs have reached a similar level of age indifference; today you can buy a 5 year-old used laptop or pc, and expect to get at least another three years of use out of them. When you buy new, you expect to get at least five years, and I see people around me using laptops for over ten years.

          While there’s a growing market for refurbished phones, all of them seem doomed by the limited number of years Apple and Google will support older models.

          1. 2

            I’m using a number of ~10yo (9 and a half, more, but still…) Android phones almost daily, one of them in its original duty as a phone, others for different purposes - remote-controlled media player, trailer camera, etc. Even though the manufacturer - Motorola - never got beyond Android 2.3.6 they’re all running 4.4.4. One of them doesn’t have a screen (it got broken in some distant past), that is the one in use as a trailer camera. The thing is, these older Android phones are still useable for many purposes, from their original gadgety-communications-device role to those things I mentioned and more, due to the free software nature of Android and Linux.

            With Apple the story is a bit different, they do offer longer support than most Android vendors but once they drop a model it quickly becomes useless. Some devices can be ‘jailbroken’ and with that their useful life can be extended a bit but since the size of the hacking community around Apple devices is nothing compared to that around Android it takes a lot more effort to get things done. Seen as curves the Android ‘usability’ curve starts going down earlier than the Apple one but once Apple drops support their curve quickly sinks below that of Android devices of similar vintage. In both cases it takes a bit of hacking to extend the useful life, more in the case of Apple hardware.

            1. 1

              With Apple the story is a bit different, they do offer longer support than most Android vendors but once they drop a model it quickly becomes useless.

              How did you get to the conclusion of rendering Apple device useless after support is dropped?

              1. 1

                Depends on your use, I suppose.

                My ipad quickly became useless for my use because I needed to install or upgrade apps to evaluate [… digression elided], and that quickly started demanding newer ios versions. If your use is to keep running and using the apps you already have, nothing bad will happen, AIUI.

                1. 1

                  So basically same as w/ Android? I don’t recall difference between two platforms as per the comment bias.

                  1. 1

                    The big difference is that with many Android devices there are AOSP-derived distributions which can be used to keep the device up to date once vendor-supported updates have ceased.

                    1. 1

                      No, not basically the same. The same in principle. The key word is quickly.

                      Apple is good about providing upgrades and coercing users to upgrade, and the flip side is that app developers feel free to drop support for old versions quickly. Being two or three versions behind on an ios device limits your app selection much more than being two or three versions behind on android device.

                    2. 1

                      The biggest reason that the old iPads are “useless” today is that today’s apps use too much RAM and CPU - something a new OS version isn’t going to solve. When today’s latest iPads are five years old, this is likely going to be less of a problem since performance increases aren’t as huge any longer, but for the first five years or so of iPads this is the biggest limiting factor. IMHO.

                  2. 1

                    I don’t doubt that they’re useful for other purposes, and you’re probably right that we should be making better use of them. But personally I don’t like the idea of using an internet-connected device that’s limited to a seven year-old operating system.

                    1. 1

                      The thing is, they’re not limited to whatever version of Android the device is left with when the vendor ceases to support it. Those AOSP-derived distributions can take it along for the ride more or less until the hardware can no longer support the newest version, e.g. because of the 32/64 bit shift. The Galaxy SIIIneo which I mentioned was left by Samsung at Android 4.4.4, it currently runs Android 9 through LineageOS. It gets weekly OTA updates, the latest was on the 20th of April. As long as these projects support those devices they will stay up to date. They are supported until there is not enough interest from developers, which again depends on the number of users who want to keep those devices in use. There are some hard limits on support like the mentioned 32/64 bit shift, others are a lack of driver support for those platforms which rely on closed-source blobs, hardware capacity limits (memory, GPU, SoC) being exceeded by newer versions of the operating system, etc.

                  3. 2

                    Something else to consider; the average age of a registered car is 10.7 years in Europe, and Google quotes 11.8 as the average age in the US. Possibly this is skewed somewhat by people collecting classic cars, but for decades, a new car has offered few advantages over a used one.

                    Similar to cars, a lot of the advantages are in the realm of safety and security features you don’t want to become important. A 2020 Accord has measurable improvements in structural safety components over a 2010 Accord, and a 2020 iPhone has security features that 2017 iPhones don’t have the silicon to support.

                  1. 4

                    Cloudflare is shielding cybercriminals

                    It’s true Cloudflare protect victims from DDoS, but also protect attackers. Although, if there are no DDoS attacks, whom will Cloudflare protect you from? It’s basically money making machine. Both attackers and legit endusers use it for protection. Vice versa profitable.

                    1. 4

                      This troubled me, as there is no source for that. Only a statement from the website’s owner :/

                      1. 4

                        It’s true though.

                        Cloudflare serves all customers willing to pay, and even has a free tier for some products. It doesn’t generally vet customers. You don’t have to prove that you’re worthy of using whatever Cloudflare product you wish to pay for, and Cloudflare protects its customers. That includes criminals. Most notably, it includes shielding criminals from people who send email saying “FOO BAR IS A CRIMINAL! I’M TELLING YOU FOO BAR IS A CRIMINAL!”

                        Amazon does the same — anyone can buy things there and the selection includes many useful tools, so Amazon sells burglary tools to criminals. But it’s not a universal standard. IIRC all of the big British banks eventually caved in to public pressure and closed the accounts of some customers the vegans didn’t like.

                    1. 6

                      vanilla vim in a basic terminal. Works everywhere, and I don’t have to spend brain-cycles thinking about it.

                      1. 2

                        How do you deal with multi language barrier? ie. Space vs Tabs in different project? Do you manually expandtab/tabstop?

                        1. 2

                          Personally, until I need to do it often enough to put in my .vimrc for a particular filetype, I kinda already remember the :setl sw=2 ts=2 et (replace 2 with whatever needed) “magic incantation” for when needed. Umm… a moment of self-reflection: is vim really a stockholm-syndrome lover I thought it to be in my younger days?… Yet in other editors, I’d have to do it by mouse or keyboard shortcuts anyway…

                          1. 1

                            I have an EditorConfig plugin, many projects ship with an .editorconfig file these days.

                            I also have some autocmd for specific languages/projects; you can just match it by directory:

                            au FileType go nnoremap MM :silent! :wa<CR>:compiler go<CR>:silent make!<CR>:redraw!<CR>
                            au FileType go nnoremap TT :silent! :wa<CR>:compiler gotest<CR>:silent make!<CR>:redraw!<CR>
                            
                            autocmd BufReadPre /home/martin/code/goatcounter/*.go
                                        \  if $CGO_ENABLED is# '' | let $CGO_ENABLED = 0 | endif
                                        \| let g:gopher_install_package = 'zgo.at/goatcounter/cmd/goatcounter'
                            

                            You can set tabs/spaces/etc. there too, if required.

                            1. 2

                              I think “vanilla vim” was important context for the question. With custom config, these things become easy, as you point out.

                              1. 1

                                Ah right; I assumed “vanilla” meant “without plugins”, but yeah, could be “without config” too 😅

                        1. 1

                          Nice project. I wrote similar blogpost on automating iTerm sessions via tmux & tmuxinator, for anyone interested.

                          1. 3

                            This was a pleasant read!

                            I have thought a while about this, and will (eventually) implement this scheme for equality, mostly inspired by Scheme:

                            • identical? for reference equality (and possibly also primitives),
                            • equal? for structural equality (for types that support it),
                            • equivalent? as a more general trait which also requires a context within which you are comparing, like hashing or floats within a given epsilon. (The above two are special cases of this.)

                            Hopefully it will be intuitive and obvious, with no gotchas.

                            (Minor note: F# will let you use mutable as an adjective for Offspring and jane in case you didn’t want to switch to C# for that example).

                            1. 1

                              This reminds me of Ruby & Objective-C cocktail.

                            1. 13

                              Using this on my bar, it’s pretty nice. Still using JetBrains Mono for everything else, though.

                              https://qtp2t.club/pub/setup.png

                              1. 5

                                That is a nice bar! Also, your wallpaper choice is impeccable.

                                1. 2

                                  Yes, please link to it!

                                  1. 4

                                    Not OP but here it is. Just set your background to Tail/Pattern mode depending on OS of choice. Nice desktop tho @hazel.

                                    1. 5

                                      My dots are at https://git.qtp2t.club/hazel/etc if you want them, and thanks

                                    2. 4

                                      Hi, that’s from my wallpaper pack! something something copyright not intended (well some of them are OC)

                                      1. 2

                                        That’s really nice, thanks!

                                  2. 2

                                    Just wanted to say, your bar is awesome. You’ve got to post this on unixporn :)

                                  1. 12

                                    Write down a one-sentence mantra that you’d use to describe your current work to a technical friend who is in a hurry and doesn’t have time to receive a full download of your vision for the project. Chisel it down until it can be pronounced in a single breath, then recite it a few times a day, or whenever uncertainty creeps in.

                                    For example, here’s my mantra for one of the projects I’m hacking on:

                                    I’m building a self-hosted API & mobile app for virtualizing a remotely operated cell phone.

                                    This helps me leave by the wayside any features or yak shaving excursions which don’t directly contribute to the technical bottom line.

                                    1. 2

                                      This is a great advice. A mantra is gold worth and seems like a great motivation utility.

                                    1. 6

                                      Proposal for crystal-lang tag. This language, not only for maturity in the early stage, also gains a lot of traction on Lobsters. This thread is just an example of it.

                                      1. 2

                                        Agreed. Taking the human-friendly parts of the Ruby syntax that is possible to make run fast and then making that into a natively compiled language is a solid foundation. Lilith helps demonstrate how usable Crystal is, for demanding tasks.

                                        I think the name is a bit unfortunate, though, but naming things is always hard.

                                        There are only two hard things in Computer Science: cache invalidation and naming things.

                                        – Phil Karlton

                                        1. 2

                                          There are two hard problems in computer science: cache invalidation, naming things, and off-by-one errors.

                                          1. 1

                                            I don’t understand what makes the name unfortunate?

                                            1. 2

                                              Lilith was a workstation built by Niklaus Wirth at ETH Zürich.

                                              1. 0

                                                For anyone having watched Breaking Bad, the immediate association is Crystal Meth.

                                                1. 6

                                                  i would never in a thousand years have thought of associating ‘crystal’ with crystal meth. i think the name is great, and goes along with the general gemstones-and-minerals naming scheme that is common for programming languages

                                                  1. 1

                                                    I can’t think of any programming languages except Ruby and Crystal that are following a naming scheme that centers around gems and crystals. Do you have other examples?

                                                    Also, have you watched Breaking Bad?

                                                    1. 4

                                                      perl was of course the canonical one, and ruby was influenced by that. this list has onyx, jade and opal, and i remember alternate ruby implementations being called topaz, sapphire and opal, but you’re right, it’s not as popular a trend as i was imagining.

                                                      never watched breaking bad, but i read a lot of science fiction and fantasy, so that’s my primary cultural association with the word “crystal”. there’s also the whole new age “crystal energy” thing. i don’t think you can call it a bad name based on an association you have formed from a single tv show.

                                                  2. 1

                                                    For anyone having seen The Dark Crystal, the immediate association is Darkness.

                                                    1. 3

                                                      Or quality puppeteering and questionable lipsync.

                                                      1. 1

                                                        Hell yeah, and The Dark Crystal movie and show are brilliant nonetheless. As is Breaking Bad, and probably the Crystal language as well.

                                                        The point I was making was that associating with Darkness is as far-fetched - though TDC is kind of dark - as associating with Crystal Meth. AFAIK the more common street name is Meth anyway, not Crystal.

                                                        1. 1

                                                          Unless we have no data indicating what the most common association is, your guess is as good as mine. I assume this also varies a lot from culture to culture.

                                                          My personal associations with the word Crystal are mainly questionable things like “Crystal Meth” or “Crystal Healing”, which I want to avoid. This could be because English is not my first language, but I don’t believe I’m alone in this.

                                                          Actual data would be needed in order to determine if people in general mainly associate Crystal with minerals or questionable things, though.

                                              2. 1

                                                If there are other examples of posts that merit a new tag, feel free to list them in a new meta post suggesting a new tag.

                                              1. 4

                                                Why no love for the crystal language?

                                                1. 2

                                                  Crystal is in the list, at least now.

                                                  1. 3

                                                    Oh, good to see author added it.

                                                1. 4

                                                  Well, I like my own, although a bit too nerdy for a family website: https://eloydegen.com

                                                  1. 2

                                                    I like yours too! I like mine too! Although a bit too simple to be honest. https://duraki.github.io

                                                    1. 1

                                                      Oh, it looks nice! Although it’s not very mobile friendly.

                                                  1. 7

                                                    I wrote a little static site generator, because that seemed like more fun than getting used to anything else. It takes HTML bodies of posts, and wraps them, generates a homepage, and an rss feed. I’m currently in the process of using it for another site, and it’s been surprisingly enjoyable.

                                                    1. 3

                                                      Same here, and actually prefer it over all other static site generators. I wrote a simple Ruby script to build html from html. Final result is on my blog.

                                                      Pretty easy YAML configuration too! Wrote about it times ago on a similar Lobster thread.

                                                      1. 3

                                                        Ditto, mine’s in Python and Jinja (and it’s horrifying and bent around my own design enough that I’m not going to share, sorry). Articles are written in YaML, which was probably the right choice (it allows a decently easy combination of assorted metadata like title, post date, and tags with long free article text) but feels wrong.

                                                        I’ve thought about switching to a standard static generator, and there are significant benefits, but (a) I don’t need to (yet) and so haven’t taken the time, and (b) I want to write all my HTML myself to minimize the amount of stupid that ends up in it, which mitigates some of the benefits.

                                                        1. 5

                                                          For what it’s worth, Pelican allows you to write your content as HTML pages. It uses tags for metadata such as the slug, date of publishing etc., and simply includes the body of the page into the base template.

                                                          I’ve been using it extensively for my website and it works well!

                                                          1. 2

                                                            Interesting, I might have to look at that. That solves a bunch of my issues with others (e.g. I don’t really want to have to install Ruby to generate my website).

                                                      1. 3

                                                        This is nice, I might use it. How about adding salary range like one on the StackOverflow? Also, sorting by as location?

                                                        ooups, using “remote” as a search works, still a checkbox would be nice

                                                          1. 5

                                                            unable to be built from sources

                                                            This is mostly up to person who compiles. I hate seeing issues similar to “I can’t compile”.

                                                            If you were to wrote >not properly documented compilation process<, I could understand your struggles.

                                                            1. 5

                                                              That is correct, i adjusted the article.

                                                            1. 2

                                                              When I first read the title, I thought it was going to be more of a beef than the chronic it turned out to be. In any case, it actually surprises me that after ten years using modal editing he actually says that:

                                                              There’s a steep learning curve in Vim and seeing all those modern IDEs become better at understanding the user’s intent, editing text became way easier and faster in general.

                                                              I did not find vim to have a learning curve that steep: it can be painful at first, but you are probably fine the second week already, and being productive after a single month. And even if it is easier at first to use an IDE, I have never seen anyone be faster working in PyCharm than someone in vim, for example.

                                                              1. 1

                                                                Being productive after a single month of using Vim? It is, or might be true. But how much productive? After 3 years of using Vim (ime), I think I’m nowhere productive as I would be in perhaps 7 more years of using it. It’s not that Vim has a steep learning curve, but rather it offers so much that even with 10 years usage, you do not fully understand it’s power. And that is what the author is talking about.

                                                                1. 1

                                                                  Absolutely, after all practice makes perfect, especially in something like vim where muscular memory is key. What I meant when I said you can be productive in a month is that you can actually use it in your workflow: in my experience, after a month using Emacs you are probably still overwhelmed and cannot fully integrate it in your workflow (imho has a much steeper learning curve).

                                                                2. 1

                                                                  Then again you can always have vim like modal editing in PyCharm, and be doubly as productive!

                                                                  1. 1

                                                                    Oh c’mon that is obviously cheating in this scenario.

                                                                    (/s, but I meant vanilla IDE shortcuts like OP for comparison!)

                                                                1. 1

                                                                  GithubContributionsiOS deserve some love, shows GitHub contribution graph in a beautiful way. There is also app for Apple Watch.

                                                                  1. 3

                                                                    I did something similar but in Ruby. I use it currently to generate static files for my blog, since Jekyll was overkill. It is very simple and there is room for improvement. It’s based on generate-md [1], great support for theming and config[2].

                                                                    [1] https://github.com/mixu/markdown-styles
                                                                    [2] config mockup

                                                                    1. 1

                                                                      Nice!