1. 3

    Sometimes I need to make layer 7 protocols. I just run it over TLS and I force the use of v1.3 if possible. That is, I can rely on my language’s ssl module and its choices which must comply with TLSv1.3 anyway.

    Server-side, HAProxy can handle the TLS layer and load-balance the forwarded plain-text/octet protocol among local servers.

    The only thing is that you have to handle certificates. Fortunately, there is Let’s Encrypt and wildcards nowadays. I’m pretty sure there is still room for improvement, though. Maybe forcing only the strongest cipher suite allowed by TLSv1.3? Controlling session duration?

    1. 4

      Tls is solid and you probably can’t do better yourself. The place where nearly everyone fails is in how they manage their keys. You can have the strongest steel door in the world but if you leave the spare key under the potted plant then anyone can come in. Ditto for people generating weak and common keys due to poor entropy in both client and server.

    1. 4

      I need some accounting software. I loved “ledger-cli” (plain text-based and double-entry) and I want to use something like that. Except I need it to run on a shared database and I need it to support branching/merging (like the Git model). So I’ll make one for my own company/personal finances and I’ll release it under a free/libre license if it works and looks great.

      1. 1

        I’m interested in this as well, though I wonder why you need branching and merging

        1. 1

          Actually, I’m not even sure myself. I just find this concept interesting and I would like to see how it goes in practice! Just seems fun.

      1. 4

        I’ve never heard about the new Arm Large System Extensions (LSE) atomic instructions before. I surely learned something today! Looks like MySQL-on-Arm conducted some tests with LSE too, but the results were different.

        I love how HAProxy people are always prompt to try low-level and cutting-edge stuff to squeeze another droplet of performance out of the hardware/kernel. Performance is many small things done right like this, I guess.

        1. 4

          strace is an invaluable tool for reverse engineering and learning. Recently I wanted to know exactly what happened when I played with a Rust io_uring wrapper. I could see how syscalls were made to learn more about it. I did the same when I wanted to quickly know how tail -f was implemented under the hood without reading any C source code. (Btw, it uses inotify + epoll if I remember correctly.)

          1. 2

            Celebrating Easter with my family! This is a 3-day weekend in France (Easter Monday is a public holiday), so I’ll have some time to learn more Rust I guess.

            1. 44

              In France, a lot of companies rely on OVH to host simple websites or complex Cloud infrastructures. Unfortunately, some are not tech-savvy enough to have backups and Disaster Recovery Plans. I sympathize with those companies that just lost their website tonight.

              1. 1

                We probably have enough of extra hours just around here to gather around some sort of sane repository of software and docs on how to do it simply and quickly for the surge of people that’ll wake up from the general panic now.

              1. 2

                I believe you still need to use the same connection during the 200 queries. Some Web frameworks open and close a new connection for each query thus making this technique less efficient.

                1. 2

                  Yes. You should also keep the compiled query (sqlite3_stmt) object and reuse it, instead of compiling SQL every time. Do these things and SQLite is hella fast.

                1. 15

                  There’s no such thing as a free lunch!

                  Anyway, what’s the purpose of Cloudflare anyway? Rent a server in a good datacenter and pay for a DDoS-plan if you’re so inclined. Too many websites use Cloudflare and give it too much power over what content can be seen on the internet. Using Tor? Blocked. Coming from an IP we don’t like? Blocked. Javascript disabled? Sorry, but you really need to fill out this Captcha.

                  On top of that, it’s one giant MITM and I am seriously shocked this hasn’t been discussed much more intensely. It would be trivial (if it hasn’t happened already or was the whole purpose of this shebang) for a five-eye-agency to wiretap it.

                  The NSA et. al. don’t like that more and more traffic is being encrypted. It woule be a great tactic of them to spread mindshare about Cloudflare about it being almost essential and at least “good to have” for every pet-project. “Everybody loves free DDoS-protection, and Google has it too!”

                  1. 19

                    Anyway, what’s the purpose of Cloudflare anyway?

                    The purpose is that they’re a CDN

                    Rent a server in a good datacenter and pay for a DDoS-plan if you’re so inclined.

                    This doesn’t replicate a CDN

                    On top of that, it’s one giant MITM and I am seriously shocked this hasn’t been discussed much more intensely. It would be trivial (if it hasn’t happened already or was the whole purpose of this shebang) for a five-eye-agency to wiretap it.

                    I don’t know about you, but the threat model for my personal website (or indeed a professional website) does not include defending against the intelligence services of my own government (“Five Eyes”). That is a nihilistic security scenario and not one I can really take seriously.

                    For my money, I think the author of TFA has (wildly) unrealistic expectations of a free service. I’m only sorry that Cloudflare have to put up with free tier customers loudly complaining that they had a problem and needed to make at least a notional contribution in order to get it resolved.

                    1. 9

                      Sure, it doesn’t have to fit your threat model but by using Cloudflare you’re actively enabling the centralization of the web.

                      1. 10

                        In my defense I must say that I am merely passively enabling The Centralisation of The Web, at most, as I have formed no opinion of it and am taking no special action either to accelerate it or reverse it, whatever it is.

                        1. 3

                          What’s a good, existing, decentralized solution to DDoS protection?

                          1. 1

                            Not necessary good, but very much existing and decentralized, is IPFS. Comprises quite a bit more of the stack than your standard CDN; nevertheless, it has many of the same benefits, at least as far as I understand it. There’s even a sort of IPFS dashboard (it’s FOSS!) that abstracts over most of the lower-level steps in the process.

                            If you are at all dismayed that the current answer to your question is “nothing”, then IPFS is definitely one project to keep an eye on.

                            1. 2

                              Ironically, one of the first results when googling about how to set up IPFS is hosted on… Cloudflare:


                      2. 18

                        Cloudflare’s S1 filing explains how it makes money from free users. Traffic from free users gives Cloudflare scale needed to negotiate better peering deals, and more cached sites save ISPs more money (ISPs prefer to get these free sites from a local Cloudflare pop, instead of across the world from aws-us-east-1).

                        1. 7

                          I’m digging for the blog post that references this, but Cloudflare in a past RCA has said that their free tier is, essentially, the canary for their deployments: changes land there first because it is better to break someone who isn’t paying for your service than someone who is.

                          (FWIW, I don’t think this is a bad thing; I’m more than happy to let some of my sites be someone else’s guinea pig in exchange for the value Cloudflare adds.)

                          E: Found it!


                          If the DOG test passes successfully code goes to PIG (as in “Guinea Pig”). This is a Cloudflare PoP where a small subset of customer traffic from non-paying customers passes through the new code.

                          1. 4

                            Yes, free users sometimes get releases earlier. However, the PIG set is not all free customers, but only a small fraction. In this case “non-paying” meant “owes money”.

                        2. 3

                          Have to agree. Besides, their preloading page in front of websites is really annoying and I wouldn’t use that for the sake of UX. Each time I get one, I just bounce instead of waiting 5 secs.

                        1. 5


                          I don’t trust anyone else. They go broke or go scared of Nethack for Windows CE. I don’t know why anyone hosts on shared platforms or why they even exist.

                          1. 18

                            A couple of reasons:

                            • no stable Internet connectivity at home
                            • no stable energy at home
                            • no money to buy servers (everything cannot run on a Raspberry Pi)
                            • hosting services is against ISP’s TOS (very common in my country)
                            • managing emails deliverability is tedious and it’s not even always technical
                            • managing disk failure costs some money too (you have to pay for extra disks)
                            1. 0

                              Well cellphone isn’t so great either. But things like email have a baked in several day delay model. I front with office 365 as I too have a life and couldn’t be bothered with lists and all the crap. My exchange server has the pptp RAs set to dial with default gate on the VPS so it sends out the “smart host” just as I only allow the MS servers inbound. I’ve been doing it for years now.

                              Since my stuff is the pptp client how does the ISP know i’m hosting? Simple they don’t. No connections go to my home they all go to the VPS which in turn points to the pptp client.

                              Powe and servers are so cheap, along with virtualization… Xeon e5v2’s board /cpu/16gb of ram are sub $100 USD. It’s trivial.

                            2. 8

                              To save time! You pay someone money to spend their time on it. With my day job I make enough to pay for these services, leaving me with time to spend with my family and doing leisure activities (reading, playing games, social events). There are some things I do for fun and to learn, but I can pick and choose those.

                              If you truly trust no one, then of course self-hosting is the only option. For me, there’s quite a few companies I’ll happily trust with my projects.

                            1. 7

                              I love your pricing page - those ‘our choice’ tags are such bullshit.

                              1. 4

                                What, like somehow $999,999.98 isn’t the best value for you?

                                1. 2

                                  What happens if someone seriously wants the $999k plan?

                                  1. 16

                                    I write an “amazing journey” post detailing how the service is seriously definitely never getting shut down for at least three days and retire on a beach while you deal with the rotting service.

                                    1. 1

                                      What startup is the phrase “amazing journey” in reference to?

                                      1. 14


                                        1. 3

                                          Many! I think I’ve seen “incredible journey” used with that one email program you had to wait in line to get, one of the post-Flickr photo sites, Vine maybe?

                                      2. 1

                                        He throws a party… I mean… hires a lawyer and makes a Series-A announcement?

                                  1. 3

                                    I feel like we are pushed to use E2E encryptions mechanisms that are independent of the provider (such as GPG). It is a bit sad because not everybody wants to learn/use such tools, especially non-tech-savvy people who need privacy as a fundamental right as well.

                                    1. 5

                                      The ANSSI authored that document. That’s the National Cybersecurity Agency of France (fr: Agence nationale de la sécurité des systèmes d’information) and they publish a lot of valuable (and not so trivial) guides to help programmers and administrators secure their servers and applications.

                                      As Rust is a very security-centric language, it’s great to see such a guide from them!

                                      1. 2

                                        I’d like an OS that can run a container or a VM (running itself or any other OS) as a simple kernel module. Actually, that idea is not new, L4 implements something like that. Of course, if a module crashes, the OS would handle it gracefully.

                                        I don’t know if it’s feasible (outside academic research), but the idea seems elegant.

                                        It’d be nice to also provide native primitives towards Rob Pike’s dream as well:

                                        I want no local storage anywhere near me other than maybe caches. No disks, no state, my world entirely in the network. Storage needs to be backed up and maintained, which should be someone else’s problem, one I’m happy to pay to have them solve. Also, storage on one machine means that machine is different from another machine.

                                        1. 5

                                          I write scripts both in Python and Bash/ZSH but I feel like Perl 5 would be the sweet spot between those two languages for sys admin stuff.

                                          I don’t know if Perl 6 serves that spot as well, but it may be an interesting choice for sys admins if it does.

                                          1. 6

                                            I think Perl 6 serves that spot well in many senses except one: it doesn’t come preinstalled with virtually every real operating system.

                                            1. 6

                                              Perl 6 has been renamed to Raku: https://www.raku.org/

                                            1. 6

                                              So planning to break even more websites?

                                              I’m already struggling to find energy to keep using Firefox when it generally performs much worse than Chrome, adding more friction won’t make anything better in my opinion.

                                              Let’s see, I believe in a world where FF leads the way once again, one can only hope.

                                              1. 11

                                                This is opt-in. Did you read the full article?

                                                1. 11

                                                  The future of the web is HTTPS-Only

                                                  Once HTTPS becomes even more widely supported by websites than it is today, we expect it will be possible for web browsers to deprecate HTTP connections and require HTTPS for all websites. In summary, HTTPS-Only Mode is the future of web browsing!

                                                2. 5

                                                  This isn’t on by default.

                                                  1. 3

                                                    I missed that. Thanks!

                                                  2. 3

                                                    Since the launch of Let’s Encrypt, every browser (not only Firefox) has incrementally pushed HTTPS-related features to incentive its generalization.

                                                    Sure, FF83 is making a radical (but optional) move here, but I have the feeling that it’s only the continuation of that trend every browser support. That is, I wouldn’t be surprised if Chrome follows and releases a similar feature in near future.

                                                  1. 14

                                                    There are some harsh comments on the blog post. Some people seem to think that the author is inherently against non-repudiation per se, but it seems to me he’s not. He’s against DKIM as a non-repudiation mechanism, hence his proposal.

                                                    If you want non-repudiation, fine. Just use something else than DKIM that provides that property by accident.

                                                    1. 50

                                                      To whomever downvoted this as off-topic:

                                                      • It’s about cryptography, security, and privacy
                                                      • The source code examples are written in JavaScript

                                                      …so which topic is it off-?

                                                      1. 37

                                                        It’s probably an expression of political distaste for overt references to furrydom rather than an authentic opinion that this article’s content is off-topic. I think this is absolutely topical content myself, but I’ve seen plenty of articles posted that I also thought were entirely topical (some of which I posted myself), that had off-topic or other flags because they were triggering to the political sensiblities of other users.

                                                        1. 53

                                                          Just posting in support of this.

                                                          Folks, this is a nice high-effort post about implementing security, with code and references and the whole shebang. It isn’t shilling a service, it isn’t navel-gazing on politics, it isn’t even some borderline case of spamming a blog to get more views without care for the community.

                                                          Anybody who flagged this as off-topic either didn’t read the article or is a tremendous asshole.

                                                          Anyone who flagged this as spam either didn’t read the article or is a tremendous asshole.

                                                          If the reference to furries in the title rustled your jimmies, despite the site policy here being to use the original title as close as possible, and you were unable to evaluate the quality of the article on its own merits, you’re a tremendous asshole.

                                                          1. 26

                                                            I get off topic downvotes for my posts with Mara too. Some of the graybeards here really dislike furries for some reason I can’t comprehend. I hope they can find something better to do that downvote furry adjacent content. Anyways, keep up the good work!

                                                            1. 46

                                                              I’m that kind of a person, though I don’t have a gray beard. To me it’s just cringe (for lack of a better word), just like an unironic “euphoric” atheist, a gun-obssessed anarcho capitalist, a “My Little Pony” Fanboy or a western-anime otaku. I honestly don’t see what the difference is.

                                                              Any blog that tries to mix that kind of usually fringe subculture is fine by itself, people are strange, but I have my doubts how relevant it is to a general-public site like Lobsters.

                                                              That being said, I didn’t flag it, I’ll just be hiding it.

                                                              1. 16

                                                                Setting aside how cringe or not it is, we should evaluate the article on its technical merits.

                                                                1. 14

                                                                  In principle, yes, but we often have discissions on the form of sites (don’t post twitter threads, avoid medium, not loading without JS, too low contrast, automatically playing videos), and interspersing a page with furry imagary is just something that some people are used to (apparently this is an american thing), and others are not.

                                                                  1. 5

                                                                    It’s not an American thing.

                                                                    I don’t know why you think it is.

                                                                    Eurofurence, Nordic Fuzz Con, and FurDU are just a few of the international furry conventions that attract thousands of attendees every year (COVID notwithstanding).

                                                                    1. 16

                                                                      Honestly that comes of as saying that McDonalds isn’t an american thing, because they have joints all over the world. Have you ever wondered why we are writing in English? I think everyone knows that american culture has a kind of dominance that no other culture has, because of hollywood, TV series and media in general. It’s always the de facto standard, and almost anything that is a thing in the US has following somewhere else. That has only intensified with the internet. But if anywhere in this thread, this is the point where we would be crossing over into off-topic territory, so I’d sugest we agree to disagree.

                                                                      And regarding

                                                                      I don’t know why you think it is.

                                                                      First of all, Wikipedia says

                                                                      The furry fandom has its roots in the underground comix movement of the 1970s, a genre of comic books that depicts explicit content.[5] In 1976, a pair of cartoonists created the amateur press association Vootie, which was dedicated to animal-focused art. Many of its featured works contained adult themes, such as “Omaha” the Cat Dancer, which contained explicit sex.[6] Vootie grew a small following over the next several years, and its contributors began meeting at science fiction and comics conventions.

                                                                      So it literally comes from the US. But setting that aside, even if I didn’t know that, it’s something so inherintly american, that I would have been really suprised that something that at the same time desexualizes bestiality (by removing the inherent link) and sexualizes animals (by giving them human cues of attractivness and anatonomy) could come from anywhere else.

                                                                      Edit: Also I was curious and looked it up, “Nordic Fuzz Con” has 1499 atendees in 2020, but considering how many contries these people came from, it’s approximatly 0.000008% of the population. It’s common that when people are too online, they overestimate how large their bubble really is. “Eurofurence” with almost twice as many atendees isn’t much better of.

                                                                      1. 2

                                                                        That’s super off topic for the discussion, but I’ve recently changed my mind about “american culture”. I now feel that a significant part of it is just universal, liberal culture, and not specifically American (hamburgers, pizzas and sushi being fun gastronomical examples). This post changed the way I think about this.

                                                                      2. 2

                                                                        I don’t know why you think it is [an American thing].

                                                                        Probably due to mako’s comment, which said they “always considered it an American subculture”. I hadn’t heard of it being American before… thanks to your comment I’ll unlearn that.

                                                                  2. 12

                                                                    Lobsters is general public? :-)

                                                                    I think you could tack on just about any group and the content would be pretty much the same. “…for punks,” “…for people with a pulse,” or whatever. I’ve no strong opinion on furries. As long as their hobbies are not hurting anybody, I’ll just file it in the “not my thing, but not hurting me” bucket and see if the rest of what they have to say is interesting or not.

                                                                    1. 11

                                                                      Technology doesn’t exist in a vacuum. Practitioners, users, researchers, and creators are people whose experiences of technology will be informed by their lifestyle preferences, race, gender, queerness (or not), positionality in society, past experiences, mental health, hobbies, friends and so on.

                                                                      It’s ridiculous and downright depressing to me that anyone would consider a blog off topic because the writer chose to make their technical narrative their own. It strikes me as the kind of narrow thinking that leads the tech industry to not be a very accessible or diverse place in general.

                                                                      Divorcing technology from the real world leads to isolation and atrophy (to borrow the words of Courant). It reduces diversity, leads to moral atrophy, and systems built without empathy for users.

                                                                      And it leads to gatekeeping. Don’t do that.

                                                                      1. 8

                                                                        The cringe is a reaction of your own, not the content itself. I would avoid downvoting a post just because of my relationship to it, so I’m glad you made the same call.

                                                                        1. 11

                                                                          Lobste.rs caters to a very specific subculture that exists in the IT sector that is in itself part of a broader subculture of technology creators and maintainers. It’s just that you think your subculture is important enough to be let in and others are not.

                                                                          1. 11

                                                                            You’re right that “technology” is a subculture, but my claim is that we are perpendicular/stochastically independent to “furry culture”.

                                                                            It’s just that you think your subculture is important enough to be let in and others are not.

                                                                            I would very kindly ask you not not be this elitist about this, this is explicitly a techonology site, with no further designations. The community has it’s tendencies, this way or another, but that doesn’t change the fact that the average to something as obscure as a “furry” will be recieved with some hesitation. This isn’t anything personal, I can imagine that if I went to some “normal” site like Facebook and started talking about the need Free Software that most people would consider me crazy.

                                                                            1. 8

                                                                              It’s the exact opposite of being elitist, it’s about being inclusive. You call “technological community” a thing that is aligned to your culture and values and it’s just a very small fraction of the people that produce digital technology. You universalize it because you cannot conceive that there might be different ways than yours of producing technology together. You believe your way is THE way and you reject other ways.

                                                                        2. 11

                                                                          I don’t think it’s greybeards, rather non-Americans. I’m in the UK, London, and if there’s a furry subculture here it is so microscopic that I’m not aware of it. I’ve always considered it an American subculture, and possibly mostly silicon valley, but certainly for non-Americans I think it’s very obscure. I didn’t vote either way, and have no idea what the furry thing is about, just glimpse it once in a while.

                                                                          1. 11

                                                                            For what it’s worth, in America you don’t just see people walking around expressing as furries while they shop for groceries. Most of us have never run across the culture in person. I think it’s not that this is an American phenomenon but that online spaces are safer, so that’s where you (and we) see them.

                                                                            1. 3

                                                                              just how microscopic would it have to be for you to not be aware of it? do you keep tabs on all… culture… in London?

                                                                              1. 1

                                                                                It’s honestly not very hard.

                                                                            2. 10

                                                                              I really enjoy most of the aesthetic of your pages, and the technical content! I just don’t like the random stuff being jammed in between it. I don’t need a bunch of reading space occupied by a full color, artistic, glorified selfie 6 times. Or in the case of Mara’s first appearance, 16 times.

                                                                            3. 19

                                                                              I’m not going to flag it, but the „for furrys“ bit certainly is off topic

                                                                              1. 39

                                                                                Furry is my blog’s aesthetic and theme, and a significant chunk of the content, but the focus is 99% encryption. The parts that are furry-relevant are:

                                                                                1. A lot of tech workers are furries (or furry-adjacent).
                                                                                2. I’ve found that furries are generally more comfortable with the abstraction of “identity” from “self” than non-furries. I generally attribute this to the prevalence of roleplay in our culture. (I remarked on this detail in the post.)
                                                                                3. Implied but never stated in this particular article: Since roughly 80% of furries are LGBTQIA+, and queer folks are likely to be discriminated against in many locales, improving furry technology will likely have a net positive impact on queer privacy in oppressive societies.

                                                                                This page isn’t so much for furries than it is from a furry, published on a furry blog, and with a bad furry pun in the title.

                                                                                1. 27

                                                                                  You don’t actually need to entertain anti-furry sentiment. And do not worry either, there’s also people who appreciate this. I’d rather see furries than most common traits of the modern web.

                                                                                  1. 19

                                                                                    A lot of tech workers are furries

                                                                                    For certain values of “a lot”. I’d guess that this kind of stuff is more popular in the US than in India.

                                                                                    1. 28

                                                                                      The main problem with this kind of title phrasing is the forced communication of a political/sexual/whatever message, which is off-topic for the site, and most people don’t care, and don’t want to care for it.

                                                                                      Anybody visiting the link would see that the page has a furry aesthetic. Then they would have the chance to read the article, or close the page. This way a message is promoted on the main page. I think identity politics are already too emphasized and destructive in discussions, and have a bad effect on communities and society. Consider seeing things like a Heterosexual christian father’s guide to unit testing on the front page. Without judging anybody’s identity, this is not the place and form for that topic and that kind of statements.

                                                                                      1. 15

                                                                                        I wonder why the simple reminder of a group’s existence bothers you so.

                                                                                        1. 17

                                                                                          For some reason you failed to understand my point, and are accusing me with something instead of arguing my points. Most likely this is because of my inability of phrasing my point efficiently.

                                                                                          But in the same spirit: I wonder why do I even need to know anybody’s affiliation at all in context of a technical discussion?

                                                                                          1. 11

                                                                                            One could make the same argument to flag “Beej’s Guide to Network Programming” or any post about how company X solves their problems.

                                                                                            1. 10

                                                                                              And usually they do so, considering it as spam, a form of advertisement… Only not of the political, but of the business kind.

                                                                                              1. 4

                                                                                                I don’t think you are familiar with at least the first example.

                                                                                                1. 7

                                                                                                  But at least I can be familiar with the second example…

                                                                                                  Your style is not that of a Friendly engineer.

                                                                                                  1. 6

                                                                                                    There was a time he went by a different name…:p (angrysock)

                                                                                            2. 6

                                                                                              I wonder why do I even need to know anybody’s affiliation at all in context of a technical discussion?

                                                                                              Because the author decided, that their “affiliation” is relevant to their content, that’s it. You don’t need to follow that thinking, you can opt-out of reading their article, even hide it on sites like lobste.rs.

                                                                                              Any articel tells you something about the authors identity and cultural affiliations. And most of us just fill the blanks with defaults, where details are missing. i.e. an authors gender on technical content is often assumed to be male, if not stated otherwise. Most of us who grew up in societies with Christian majorities just assume that most guides to unit testing are a variation of the “Heterosexual christian father’s guide to unit testing”. That’s bad because it taints our perspective, even on the already factual diversity of tech and the net. So IMHO it’s a good thing, if more of us keep their affiliations explicit and maybe even reflect on how those influence their perspectives.

                                                                                              1. 3

                                                                                                Your points aren’t worth arguing. You assert several things (“most people don’t care,” “have a bad effect on communities”) without any supporting evidence. To the first about whether people care and “don’t want to care” – I don’t find that persuasive even if you can provide evidence that a majority of people don’t want to be confronted with the identities of people who’re considered outside the mainstream. But I also suspect you’re making an assertion you want to be right but have no evidence to back up.

                                                                                                Likewise, what even is a “bad effect on communities and society”?

                                                                                                You also express an opinion (“I think identity politics are already too emphasized”) which I heartily disagree with, but that’s your opinion and I don’t see any point arguing about that. OK, you think that. I think too many craft beers are over-hopped IPAs and not enough are Hefeweizens. The market seems to disagree with me, but you’re not going to convince me otherwise. :-)

                                                                                                1. 7

                                                                                                  Your points aren’t worth arguing.

                                                                                                  Start with a thought-terminating cliché. Then you start arguing my points. :) No problem.

                                                                                                  To the first about whether people care and “don’t want to care” – I don’t find that persuasive even if you can provide evidence that a majority of people don’t want to be confronted with the identities of people who’re considered outside the mainstream.

                                                                                                  I understand your points, but you didn’t really grasp what I wanted to phrase. IMHO “mainstream” and other identities should not confront each other here unless being technically relevant ones, about which technical discussion can be carried on. There are other mediums for those kind of discussions.

                                                                                                  Lucky someone has managed to phrase my ideas better than I could above:


                                                                                              2. 14

                                                                                                As I understand @kodfodrasz, they were bothered not inherently by the reminder of the group’s existence, but by the broadcasting of that reminder to the Lobsters front page. When an article title on the front page asserts the author’s voluntary membership of a group, that is not only a reminder that the group exists—it’s also implicitly an advocation that the group is a valid, normal, defensible group to join. One can agree with the content of such advocacy while also disliking the side effects of such advocacy.

                                                                                                What side effects would those be? @kodfodrasz said that “identity politics are already too emphasized and destructive in discussions, and have a bad effect on communities and society”. I think they are referring to way advocacy for an identity can encourage an “us vs. them” mindset. Personally, I see the spread of that mindset as a legitimate downside which, when deciding whether to post such advocacy, must be balanced against the legitimate upside that advocacy for a good cause can have.

                                                                                                1. 9

                                                                                                  ^ this

                                                                                                  My assertion is that currently I see a trend where legitimate topics are not discussed because some participants in the discussion have specific opinions on other topics than the one discussed. Dismissing some on-topic opinions for off-topic opinions is an everyday trend, and if bringing our off-topic identities to the site would gradually become more accepted, then that trend would also creep in from other parts of the society, where it has had done its harm already.

                                                                                                  I hold this opinion as a guide for every off-topic identity. I think of it with regards to this forum a bit similarly to the separation of church and state has happened in most of the western world.

                                                                                                  1. 6

                                                                                                    by the broadcasting of that reminder to the Lobsters front page

                                                                                                    The submitter (author in this case) has one “vote” in promoting their content on this site. Usually one net upvote keeps stuff in /new and outside the front page. What’s promoted this content to the front page is the site’s users, who have upvoted it enough to appear on it.

                                                                                                    At time of my writing this comment, the current standing is

                                                                                                    50, -7 off-topic, -4 spam

                                                                                                    Also note that comments themselves contribute to visibility, so everyone commenting complaining about this being off-topic and “in your face” aren’t helping their cause…

                                                                                                    1. 5

                                                                                                      When an article title on the front page asserts the author’s voluntary membership of a group, that is not only a reminder that the group exists—it’s also implicitly an advocation that the group is a valid, normal, defensible group to join.

                                                                                                      Are you (or @kodfodrasz) implying that identifying as a furry is in some way so dangerous as to be suppressed by society at large?

                                                                                                      1. 2

                                                                                                        One can agree with the content of such advocacy while also disliking the side effects of such advocacy.

                                                                                                    2. 4

                                                                                                      Would you be fine with a BDSM-themed blog post on a tech topic?

                                                                                                      1. 10

                                                                                                        It depends how the theme is explored.

                                                                                                        If it uses BDSM culture to explore the nuances of consent in order to explain a complicated technical point, I’m all for it.

                                                                                                        1. 3

                                                                                                          What if it’s just interlaced with drawings of BSDM activities, like that old GIMP splash screen? I wouldn’t be caught dead scrolling that (nor opening GIMP) at work.

                                                                                                          1. 8

                                                                                                            If you work at a place that cares more about some bullshit policing of imagery than technical merit, that’s a yikes from me.

                                                                                                            1. 5

                                                                                                              There’s an inherent sexual quality to BDSM that isn’t inherent to furry culture.

                                                                                                              You do realize that, correct?

                                                                                                              1. 6

                                                                                                                Strictly speaking that isn’t necessarily true about BDSM.

                                                                                                                1. 3

                                                                                                                  Oh? This is news to me.

                                                                                                                  1. 16

                                                                                                                    Yep. There are people, for example, for whom submission is not a sexual thing but instead about being safe and there are people for whom having a little (in the subcategory of dd/lg) is about having somebody to support and take care of and encourage in self-improvement.

                                                                                                                    That’s not everyone, the same way that there are in fact furries who are all about getting knotted.

                                                                                                                    My point is just that if you want to go Not All Furries, you should be similarly rigorous about other subcultures.

                                                                                                                    1. 6

                                                                                                                      o/ I’m asexual but still very into BDSM (and also a furry!). I know what something being sexualised feels like — took a while to get here — and while a lot of people do link the two intimately (as many do for furry things), they aren’t dependently linked.

                                                                                                            2. 6

                                                                                                              Actually, I know a real example. There is a Python-related French blog named Sam et Max. The technical articles are generally considered high-quality by the French-speaking Python programmers. But there are also BDSM- and sex-related articles alongside the Python articles. Even within a Python-related article, the author sometimes makes some references about his own fantasies or real past experience.

                                                                                                              1. 4

                                                                                                                As long as there’s no overt pornography, sure. I’d read a good article on crypto that had “by someone currently tied up” on it. What’s the point of writing if you get shamed for putting your personality in it.

                                                                                                                1. 3

                                                                                                                  Already mentioned elsewhere but it’s my understanding that being a furry isn’t inherently sexual / about sex, though there can be that aspect. I certainly wouldn’t mind a post that was something like “a lesbian’s guide to…” or “a gay person’s guide to..” because those identities encompass more than sexual practices. (Someone elsewhere says that BDSM isn’t strictly speaking sexual, which … is news to me, but I admit my ignorance here. If there’s a non-sexual aspect to BDSM identity then sure, I’m OK with a BDSM-themed post on tech.)

                                                                                                              2. 5

                                                                                                                Consider seeing things like a Heterosexual christian father’s guide to unit testing on the front page.

                                                                                                                That goes without saying, because that’s the default viewpoint.

                                                                                                                The way the author clarifies and establishes their viewpoint does not make their technical content anymore off topic than someone submitting something titled “A Hacker’s Guide to MFA” or “A SRE’s Guide to Notifications”. The lens that they are using to evaluate a technical topic is an important piece of information that we often-times forget in tech with disastrous outcomes.

                                                                                                                1. 13

                                                                                                                  No, it is not necessarily the default. But even if it would be, articulating that off-topic identity on the front-page would be unnecessarily divisive, and I’m pretty convinced, that people of other identities would flock the comment section claiming that the post is racist (sic!), and is not inclusive, hurts their feeling, and I think they’d be right (on this site).

                                                                                                                  Hacker or SRE are on-topic tech identities themselves, while sexuality, political stand, religion are not really.

                                                                                                                  1. 5

                                                                                                                    Hacker is a political identity. For instance, it’s one that I find really degrading when associated to the whole profession. The nerd identity or the general infatilizing of programmers is degrading as well. These are tolerated because they are the majority’s identity in this specific niche and presented as “neutral” even though they are not.

                                                                                                                    1. 4

                                                                                                                      Well I see some positive vibe about the hacker word in the IT sector, if you remember there was some hacker glider logo thingie around the millennia. I’m not one of them, and agree with you, I also find hacker somewhat negative, and not because of the “evil hacker”, but of the unprofessional meanings of the phrase (eg. quick hack). Still lots of fellow professionals don’t agree on this one with us.

                                                                                                                      Regarding Nerd: I also find the phrase degrading, and I don’t understand those who refer to themselves as nerds in a positive context.

                                                                                                                      1. 7

                                                                                                                        I don’t understand those who refer to themselves as nerds in a positive context.

                                                                                                                        The best way of removing the degrading conotation of a word is to rewrite its meaning. The best way to do that is to unironically use it in a neutral-to-positive context.

                                                                                                                        1. 1

                                                                                                                          yeah but the problem is what you want to appropriate. The word “slut” has been reappropriated to defend the right for men and women to have sex freely without judgement. The word “nigger” has been reappropriated because black people are proud of being black. But the word “nerd”? “nerd” means being obsessed with stuff and have very poor social skill and connections. Reappropriating the word flirts very closely with glorifying social disfunctions, exclusion and individualism.

                                                                                                                          1. 4

                                                                                                                            Reappropriating is done because there are negative connotations that we want to take out of focus; that’s the whole point.

                                                                                                                            1. 1

                                                                                                                              but Nerd is imho all negative. The positive connotations, like being dedicated and consistent on a practice is not exclusive to being a nerd. Being nerd is not even stigmatized anymore: now it’s cool to be nerd and still it’s degrading, like being a circus freak. You reappropriate a word to remove a stigma towards a category, but the stigma is already gone and what is left is a very distorted portrayal of knowledge workers.

                                                                                                                              1. 4

                                                                                                                                That the stigma is gone is precisely because people took the term and ran with it.

                                                                                                                                Besides, I have no problem with assholes (whose opinion of me is no concern of mine) considering me a circus freak: it makes them keep themselves at a distance which means less work for me to get the same desirable result.

                                                                                                                                (Also: I disagree with the term “nerd” glorifying “social dysfunction” - normalizing, maybe, but that’s a very inclusive stance, especially when these “dysfunctions” are called by their proper name: neurodiversity. And what precisely is the problem with individualism again? And another tangent: knowledge workers aren’t necessarily nerds and nerds aren’t necessarily knowledge workers)

                                                                                                                                1. 1

                                                                                                                                  I agree with all your values but it doesn’t seem like this is what’s happening in the real world. Inclusion of neurodiversity is happening only in small bubble in USA/NE: if anything, neurodiverse people are just more aware of being different. Good for coping, not that good for social inclusion. Really neurodiverse people are still rejected by the society at large and at best they get tokenized and made into heroes but not really included. Also this appropriation of the word detached the concept of nerd from neurodiversity that if it was ever a thing, it’s not a thing now. Today being nerd is wearing glasses and a checkered shirt. Then if you flirt flawlessly with girls, entertain complex social networks and work as a hair dresser, it’s enough to say your hobby is building radios and boom, you’re a nerd. I don’t see how this process would help neurodiverse people and I don’t see how it is good to have to live up to this stereotype to be included in the IT industry (because in most places, if you are not some flavor of nerd/geek, you’re looked at with suspicion)

                                                                                                              3. 15

                                                                                                                A lot of tech workers are furries (or furry-adjacent).

                                                                                                                I don’t doubt that a lot of furries (or furry-adjacent) might be tech workers, but I’m not sure your statement is accurate, given just how many tech workers there are.

                                                                                                                1. 7

                                                                                                                  For most people, “Furries” is “that weird sex thing”. I can see a lot of people wanting to make it clear that sexual references are out of place in order to make tech a more comfortable and welcoming place for everyone. I suspect that famous Rails ‘pr0n star’ talk has (rightly) made people feel uncomfortable with sexual imagery in tech.

                                                                                                                  I’ve upvoted because the content is good, but I’m also not really one for keeping things milquetoast. I’d like to see more content like this. The technical parts are worth reading, even though I have no interest whatsoever in furries, and mildly dislike the aesthetic.

                                                                                                                  And yes – I’ve discovered today via google that it’s only a sex thing for 30% to 50% of the people in the subculture, but as an outsider, the sexual aspect is the only aspect I had ever heard people mention.

                                                                                                                  Going forward, I’d just suggest ignoring the downvotes and moving on – they’ll always be there on anything that’s not boring corporate talk, and the threads like these just suck the air out of interesting conversation.

                                                                                                                  1. 3

                                                                                                                    [edit: content moved to different post, this was accidentally off-by-one click]

                                                                                                                  2. 12

                                                                                                                    Yiff it bothers you, why not just read it without the images? Firefox reader view works great fur me.

                                                                                                                    1. 9

                                                                                                                      It doesn’t claim to be for furries, it claims to be by one.

                                                                                                                      1. 5

                                                                                                                        Is it, though? If it was written as “a teacher’s guide to end-to-end encryption” would anybody be flagging it or carping about the title just because the intended / primary audience was teachers but the content could be abstracted to anybody who cared about end-to-end encryption?

                                                                                                                        1. 11

                                                                                                                          That’s a good type of question to ask, but your example title “A Teacher’s Guide …” is not equivalent. The author being a teacher could be highly relevant to the content of the article; for example, the article might especially focus on the easy-to-teach parts of encryption. The author being a furry, however, is likely to affect only the theme.

                                                                                                                          Analogous titles would change “furry” to another subculture that is not innately connected to tech and that people choose rather than being born with. Two examples:

                                                                                                                          • “Hide my Waifu: An Otaku’s Guide to End-to-End Encryption”
                                                                                                                          • “Communication is Key: A Polyamorous Person’s Guide to End-to-End Encryption”

                                                                                                                          Would people complain about those titles? I predict that yes, some people would, though fewer than those who are complaining about the furry-related title.

                                                                                                                      2. 5

                                                                                                                        Obviously it’s great that someone wants to give us this information. In return we should give them respect and thanks.

                                                                                                                        Showcasing their identity not only gives personal color to the post, it also donates some of the credit to the community they identify with, rather than to some default security engineer type we might imagine.

                                                                                                                        Thanks to this personal touch, some readers can no longer say furries are unintelligent, or never did anything for them.

                                                                                                                        1. 4

                                                                                                                          Belatedly, but I’m following up on these flags. I missed this story and am reading through it now.

                                                                                                                        1. 3

                                                                                                                          I worked on professional projects with Flask (v1+) and here are two things that deserve to be mentioned :

                                                                                                                          • Using blueprints to structure the app is pretty effective to avoid the mess. It’s somewhat like Django’s apps.
                                                                                                                          • Very good scability with uWSGI+gevent support. It doesn’t feel too hacky because uWSGI has a special option for that. (Not more hacky than using gevent per se)

                                                                                                                          Flask dependencies don’t collaborate together. This will hit you at least once a year when you try to upgrade and things break. Too bad request.headers from flask is a werkzeug.datastructures object and the object has changed!

                                                                                                                          It seems very strange to me. I never had any issue upgrading Flask and its core dependencies: Jinja2 and Werkzeug. Those are written by the same authors. Maybe it’s wiser to upgrade only Flask and let pip decide which dependencies need an upgrade too.

                                                                                                                          However, it’s true, you have to be careful with global variables.

                                                                                                                          1. 2

                                                                                                                            I’ve used Flask only once in a small project, but a definite +1 on using blueprints to contain the mess. They provide a very nice way to encapsulate different parts of a web application.

                                                                                                                            1. 1

                                                                                                                              I guess the question is: is flask+blueprints preferable to tornado? (or maybe fastapi)?

                                                                                                                              I get that with bottle, at least you stay lightweight and self-contained - for better or worse.

                                                                                                                              1. 2

                                                                                                                                Blueprints are a Flask feature, not an add-on or something. So using Flask+blueprints is just using Flask.

                                                                                                                                I’d say Flask is suitable if you do traditional SSR-apps or hybrid SSR/SPA. If you only need a backend API or a little self-contained dashboard, then yes maybe other frameworks like Bottle or FastAPI may serve you better.

                                                                                                                          1. 2

                                                                                                                            Making your own search engine comes with a lot of challenges:

                                                                                                                            • There exists no open source web search engine. The best shot you have is using Lucene, diving deep to make it scale, add PageRank support, etc.
                                                                                                                            • Crawling is impossible. Cloudflare blocks all (non-bigtech) crawlers. https://commoncrawl.org/ is a tiny dataset and just using wikipedia’s dump and crawling its external links would give you better results.
                                                                                                                            • It’s still too costly if you just want to use it yourself - you’d have to make it a business, and at that point you really need to worry about scaling and remember, no open source solutions currently exist.
                                                                                                                            1. 1

                                                                                                                              I thought about that a few months ago. I came to the conclusion that the only way was to do a hybrid SE: meta search + collaborative.

                                                                                                                              The meta part uses the API (or any privileged access) of some reference websites (Wikipedia, SO, official websites, …)

                                                                                                                              The collaborative part is a web browser plug-in that reads any page you visit, build the inverse index and send it to the SE pipelines. The advantage is that you bypass any Cloudflare/captcha because you are a real human. The human is the crawler.
                                                                                                                              Problem to be solved: privacy. How to anonymize data that reveals your browsing history?

                                                                                                                              About the PageRank algorithm, let users decide what pages are relevant (through the plug-in) by voting. The plug-in may ask “Is this page relevant according to your terms: “Python” “socket” “hang””?

                                                                                                                              I have no idea what the result would be. However, I’m sure it’d be pretty fun to run that.

                                                                                                                              1. 1
                                                                                                                                • That is why I am working on one

                                                                                                                                • Cloudflare can not block every IPs, and people can spoof user agent, my project is to help people host their own search engine

                                                                                                                                • Too costly at scale, not necessarly for a personnal search engine

                                                                                                                              1. 2

                                                                                                                                I wonder how pandas’ CSV parser (which is pretty optimized) compares. Whenever I have to parse huge CSV files in Python, I use pandas just for that.

                                                                                                                                1. 3

                                                                                                                                  I’ve never benchmarked pandas in particular, but have loosely benchmarked Python’s CSV parser. The inherent problem is measurement. What is your benchmark? Let’s say your benchmark is to count the sum of the lengths of all the fields. Well, that means Python will need to materialize objects for every record and every field. And that is probably what’s going to either dominate or greatly impact the benchmark, even if the underlying parser is written in C and could theoretically go faster.

                                                                                                                                  Pandas’ CSV parser is written in C, and if the comment at the top is true, it’s derived from Python’s csv module. Like the csv module, Pandas’ CSV parser is your run of the mill NFA embedded in code. This is about twice as slow as using a DFA, which is what my CSV parser uses. And the DFA approaches are slower than more specialized SIMD approaches. I’m less sure about the OP’s approach.

                                                                                                                                  1. 2

                                                                                                                                    Thanks! Love Ripgrep! I tried cargo build --release and time ./target/release/xsv index /tmp/DOHUI_NOH_scaled_data.csv, it took about 24 seconds for index to complete (I assume xsv index find all begins / ends of all cells, which approximately is what I am trying to do here for csv parsing).

                                                                                                                                    Didn’t do xsv entirely due to my unfamiliarity to Rust ecosystem. Sorry!

                                                                                                                                    1. 1

                                                                                                                                      Thanks. How do I run an equivalent benchmark using your CSV parser? I don’t think I see any instructions.

                                                                                                                                      1. 1

                                                                                                                                        It is not packaged separately, and ccv can be built with zero-dependency (meaning you may not have OpenMP enabled) so it is a bit more involved to make sure OpenMP is enabled.

                                                                                                                                        You can first install apt install libomp-dev clang, and then checkout https://github.com/liuliu/ccv repo. cd lib && ./configure to configure it with OpenMP (there should be a USE_OPENMP macro enabled, configure script should give you exact output of flags). cd ../bin/nnc && make -j would compile the demo csv program under ./bin/nnc

                                                                                                                                  2. 1

                                                                                                                                    Recently the guys from Julia started claiming that they have the fastest parser (link).

                                                                                                                                    1. 4

                                                                                                                                      It kind of looks like Julia’s CSV parser is cheating: https://github.com/JuliaData/CSV.jl/blob/9f6ef108d195f85daa535d23d398253a7ca52e20/src/detection.jl#L304-L309

                                                                                                                                      It’s doing parallel parsing, but I’m pretty sure their technique won’t work for all inputs. Namely, they try to hop around the CSV data and chunk it up, and then parse each chunk in a separate thread AIUI. But you can’t do this in general because of quoting. If you read the code around where I linked, you can see they try to be a bit speculative and avoid common failures (“now we read the next 5 rows and see if we get the right # of columns”), but that isn’t going to be universally correct.

                                                                                                                                      It might be a fair trade off to make, since CSV data that fails there is probably quite rare. But either I’m misunderstanding their optimization or they aren’t being transparent about it. I don’t see this downside anywhere in the README or the benchmark article.