1. 12

    If you want to check out a practical gradually-typed language, I’ve been using Typed Racket.

    It’s very convenient to use untyped code early-on when the design of the program is unclear(or when porting code from a different language), and to switch individual modules to typed code later to reduce bugs.

    1.  

      Another great gradually typed language is Perl6. It has a Cool type, a value that is simultaneously a string and a number, which I think is pretty… cool!

      1.  

        Basically how every string / number in perl5 work{s|ed}?

        1.  

          Based on reading https://docs.perl6.org/type/Cool, kinda? Although it also looks to me as if this is at once broader than what Perl 5 does (e.g. 123.substr(1, 2), or how Array is also a Cool type) and also a bit more formal, typing-wise, since each of those invocations makes clear that it needs a Cool in its Numeric or String form, for example.

          1.  

            That makes sense that it changed. perl5 is not so.. structured. But this stuff worked:

            "4" + "6.2"
            $q=42; print "foo$q"
            print "foo" + $q
            

            It makes things like numeric fields in HTML forms very easy (if $form["age"] <= 16), but the subtle bugs you get…

            Anyway. That was perl5. The perl6 solution seems to make things much more explicit.

      2.  

        stanza is another interesting language that is designed from the start to be gradually typed.

        1.  

          Typed Racket is indeed an awesome example. I believe TypeScript would also qualify very well here (as might Flow; I’m not as familiar with it). This also reminds me of Dylan of yore, too: https://en.wikipedia.org/wiki/Dylan_(programming_language)

          1.  

            Is this the same thing? I had the same thought and I wasn’t sure if it was.

            1.  

              Yes, Typed Racket is gradual typing, but for example, the current version of Typed Clojure is not. The premise is that gradual typing must support being used by dynamic typing, to simplify a little bit.

          1. 2

            This captures pretty well what my problem with J has been too. I wonder to what extent it’s largely just the size of community though. Judging by the revision history, the NuVoc reference pages were almost entirely written by 4 people. Given a few more, you could imagine a more extensive set of resources on the wiki or elsewhere. It also lacks as a result the most common way people pick up useful code snippets and partial solutions in other languages, an extensive set of StackOverflow answers.

            1. 3

              I wonder to what extent it’s largely just the size of community though. Judging by the revision history, the NuVoc reference pages were almost entirely written by 4 people.

              I think that summarizes the problem quite well: the language itself is great, but the support network isn’t yet there. It’s compounded by the fact you really need to know some idioms to build complex sentences with, a problem most other languages don’t have. I might try to whip up some verb classifications.

              1. 4

                This honestly is reminding me of people coming to FORTH. We’ve tried to improve the situation in Factor by having namespaces and examples, but I’m still used to those new to the language writing amazingly unidiomatic code because they didn’t know that a word existed in some vocabulary somewhere. I wonder if there’s a generic solution to this type of problem with “weird” languages.

                1. 4

                  Cookbooks are great help for this

                  Lots of problems end up needing to be solved. Sure, there’s stuff like finding the mean. But I’m thinking maybe one level up. Parsing out tuples from a string in a file efficiently. Having a basic state machine simulating… Bank accounts maybe? Making some circles on a screen to visualize some data

                  Some tools are for different domains than others but most of us are aiming to ship things for “real people” so having proper end to end examples can show new people good ways to organize their code.

                  Purescript by Example does this pretty well, with “real” motivating examples the entire time, and showing how to take advantage of Purescripts goodness even with JavaScript being used for heavy lifting.

                  I learned so much watching other people code JQuery stuff too. Real examples. It’ll show larger architecture patterns that type signatures can rarely capture

            1. 6

              Smalltalk has a tool where methods can be found using example values. And Smalltalk has many other tools for discovery. Other languages could provide similar capabilities, but rarely do.

              1. 6

                Smalltalk proper doesn’t, though Squeak does (and I assume Pharo, also). But that’s largely a toy: MethodFinder only goes through a list of pre-selected methods to avoid having it accidentally run e.g. Object>>halt or Smalltalk class>>saveAndQuit:, so it’s generally only something I suggest to people who are very new to Squeak. And even there, I hesitate. It’s a pre-screened list, so you may not discover everything and end up reimplementing a method that already exists. And some things are just not discoverable through that interface: there is no conceivable way of describing “I want six random numbers between 17 and 34,” even though Squeak has methods for that.

                The real strength of Smalltalk is the same as the one hwayne identified in the context of Python: the standard library is well-organized, even grouping methods within a given class into useful categories. Combined with its excellent IDE, you have a real likelihood of discovering what functionality exists and finding an example of practical usage within the image.

                MethodFinder can be a part of that discoverability, in a very narrow way, but I really feel as if it’s more an antipattern and a crutch and a genuinely useful tool.

                1. -7

                  Tedious Lobster debate straight ahead. I’d rather quit Lobsters than go through such a thing one more time. Bye.

                  1. 11

                    I honestly wasn’t looking for a debate; I was just assuming that most people here wouldn’t have used MethodFinder or known how it worked, and I didn’t want to paint it as more than it was. I’m sorry that you’ve decided to leave the community, and I hope you return.

                    1. 7

                      Don’t blame yourself too much, people who leave like that have likely been on the edge of leaving for quite some time. This was likely the straw that broke the camel’s back.

                      1. 7

                        His positions were outliers in a lot of the discussions which people either disagreed with or lacked historical information to fully understand. That he brought those here was a good thing. That they’d get argued with a lot was inevitable since he was going against the flow. Watching it, I was concerned he might think of leaving some time ago since the comments rarely got much positive feedback. It definitely built up over time.

                      2.  

                        Don’t mind him. That was a good comment. I haven’t touched Squeak in years, but it was one of the very first apps I made an RPM package for back around Red Hat 6.0. In fact, there’s even still a dead links to it on their wiki.

                        I didn’t play around with it much, but I do remember it did have that API browser. Comments like yours are important because you break down the thing discussed, talked about your experiences with it, it’s strengths and weaknesses, etc. It’s not just semantics either as Squeak and Smalltalk are two different things.

                      3. 5

                        Well, Ill miss having you here. Thanks for the things you taught me about Smalltalk.

                  1. 16

                    I see this come up from time to time, and I’m not honestly sure why, because I don’t actually think there’s any reason to use a console editor on Windows in the first place.

                    On Unix, you perform ad hoc administration by logging into the remote system and doing your work there. In this context, console editors make a ton of sense, because the only way to edit files on the remote system will be to launch an editor running on that system. (Yeah, I know about Emacs TRAMP mode and sshfs, but those are neither the traditional way to do those things, nor common, and both have major caveats and drawbacks compared to the log-on-directly-and-change-stuff approach.)

                    But in the Windows world, while you can do that (via e.g. RDC), you’re working against the grain. Instead, your boxes should be bound to an ActiveDirectory controller, which lets you administer remote systems directly from your own box by using SMB and DCOM (or its more modern variants, like WinRM). In this environment, you don’t need a console editor; you can just use whatever editor prefer locally, complete with all of your local settings and overrides and what have you, and edit the remote files directly over SMB. (This also avoids whole classes of things that can be tricky to get right in Unix, like syncing dotfiles, managing multiple clipboards, and so on.)

                    I’m thus continually perplexed by this. I don’t know whether I’ve just been lucky in working exclusively in shops with properly configured Windows networks, and thus I have an unrealistically good experience here; or whether Microsoft just does a really poor job teaching Unix gurus how Windows best practices differ from Unix’s.

                    Maybe the Windows way is better, and maybe it isn’t, but it’s certainly sufficiently different that you’re going to have a bad time trying to treat them as if they’re the same—and trying to use console editors via remote PowerShell sessions just seems unnecessarily painful to me.

                    1. 3

                      Nothing ever gets exploited when access to the system to exploit is very expensive and restrictive in the first place.

                      1. 5

                        The teams who ran the Iranian nuclear subterfuges would like to have a word with you. You might also find Wiley’s book Unauthorized Access on physical hacking relevant.

                        On the one hand, you’re right: that kind of stuff really only applies when you are a seriously high-value target. On the other hand, we’re talking about OpenVMS machines. Many of them are.

                        1. 2

                          subterfuges

                          Nice, I know it’s not really a portmanteau word but it captures to reality perfectly!

                          1. 2

                            Heh. That was a fun combo fo commenting on my phone over breakfast and forgetting to disable autocorrect, but I’m going to claim I did that on purpose.

                        2. 2

                          Exactly. See the mainframe OS’s and ancient systems the military runs for examples.

                        1. 6

                          TL/DR: Similar to GRPC, but drops requirement for HTTP2 which can lead to a ton of problems when combined with AWS ELBs. This is pretty cool.

                          1. 3

                            I am disappointingly used to libraries like this that try to focus on just the simple parts being underpowered, but I’m with you: this is clean and surprisingly powerful, without actually sacrificing much at all. I may use this in anger as early as tomorrow.

                            1. 2

                              This looks incredibly cool. I’ll be looking for additional language support for sure.

                            1. 7

                              I wrote the user-space emulation of non blocking IO for Jehanne, and now I’m looking for more tests.

                              Please share links to POSIX C code that uses non blocking IO.
                              Any small program that exit(0) iff non-blocking IO works will help.

                              1. 2

                                The screenshot link on your front page is down.

                                If I have time some time this week, I’ll swap out 9front for Jehanne for my occasional “Plan 9” hacking explorations. I’ve been curious how things are going over there.

                                1. 2

                                  It’s not down, it’s sadly “work in progress”… that is: I had no time to write the page down.
                                  Sorry… I can either code or edit the web site, and I usually prefer to code. :-(
                                  I’ll try to give it a shot asap.

                                  Thanks for trying Jehanne!
                                  Just beware that it is really unstable, by design.
                                  And I’m going to change it deeply in 2018. So do not use in production. :-)

                                  OTOH, 9front is the most stable evolution of Plan 9.
                                  I imported a lot of their improvements, but if you are looking for a Plan 9 system, you might be disappointed.

                                  I mean: if Plan 9 from Bell Labs were Homo Sapiens, 9front would be Homo Sapiens Sapiens.
                                  Jehanne would be a race of Elves.

                                  1. 2

                                    Just beware that it is really unstable, by design.

                                    I’m very aware, but 9front is already in my “for fun” bucket, with things like Haiku and DragonflyBSD, so that’s fine. (Honestly, to a point, it’s almost better, because it means the community is probably actively having some fun and not entrenched in process yet, and the last thing I’m looking to do in my spare time is to learn or contribute to Yet Another Unix that’s almost but not exactly like what I do for work each day.)

                                  2. 1

                                    Just added a screen shot at http://jehanne.io/pages/screenshot.html

                                    Also, the link in the front page should work now.
                                    This is marketing, dude! :-D

                                    (it has been work in progress for more than two years!)

                                1. 2

                                  At work, I’m aiming to try my first patches to some of our Elixir components, which will be interesting.

                                  At home, I’ve been working on a series of blog posts about “the everywhere computer,” which is basically the idea of having your entire computer environment available anywhere, but not by just relying on web apps or needing to SSH into a specific machine. My goal for the week is to get a miniseries on file systems in this space (currently IPFS, Minio, KeybaseFS, Perkeep, and Upspin) done enough that I can launch it with some confidence I can maintain a once-a-week post cycle, but we’ll see.

                                  1. 1

                                    Please post a link to those posts to one of these threads when they’re up. It’s an interesting area, and I can’t be the only other person who’d like to know more about it.

                                    1. 1

                                      You might find the Nirvana Phone interesting on the desktop-anywhere angle. For a whackier take, there’s the person that switched to Windows 3.1 on all devices to do photoshop on the cheap.

                                    1. 27

                                      I know this will sound grumpy, but I’ve got a much simpler suggestion:

                                      1. Do work stuff on your work computer
                                      2. Do personal stuff on your personal computer

                                      This eliminates whole classes of lawsuits for you, and makes your Git configuration wonderfully simple: you just have a main dotfile, plus a computer-specific override, which likely won’t exist for any personal boxes and will exist for your work laptop. Do that, and this entire blog post devolves into literally one line that provides work-specific overrides for your personal config.

                                      1. 3

                                        It’s not grumpy, it’s what you should be doing.

                                        Your work computer is very likely not your property. It’s also very likely your employment contract does not guarantee you privacy on that machine. So putting private SSH keys on your work machine seems like a bad idea. Furthermore, doing personal projects on them is also seems like a bad idea. As stated, mixing work and personal machines is flirting with lawsuits.

                                        Making this kind of setup is following DRY way too slavishly. Accept the fact that work and personal computing time shouldn’t mix and keep two configurations.

                                        1. 3

                                          I use a VM for personal stuff on my work machine, and work stuff on my personal machine. It’s not great, but it’s certainly better than not making the distinction.

                                      1. 4

                                        My choice of editor went through a long journey, from vi, to vim, to emacs, to viper, to evil, back to nvi, to neovim, and currently acme. I still have a long .emacs left for my collection of org-mode files, but I am mostly live in a bunch of full-screened acme’s, one per project.

                                        I guess I’ve just become lazier. I can still work out a string of vi commands in my head, and yank and @ the register. I can write an elisp function to do fancier stuff, with the help of the info. However, I grew fond of two-one mouse click, two-click, mouse select and write a |shellCommand, and etc. Recompile? Middle-click the compilation command. Error? Right-click the error line. File link in my notes? Right-click. I don’t think the mouse slows me down any more. There is the simplicity and purity that prevails.

                                        1. 3

                                          Do you do much customization in acme? I’ve always had a strong bent towards very simple systems that are trivial to customize (with Smalltalk being that both for a language and environment for me), so I’ve always wanted acme to be my main general-purpose editor, but I’ve never quite been able to make it work as such.

                                          There have been lots of little frustrations, such as the (AFAICT) truly mandatory three-button-mouse, meaning I can’t use it on my laptop; or the deliberate lack of any text formatting whatsoever, which means that while e.g. it’s possible to write an IRC client for acme, its interface is more spartan than even I would like. But the bigger deal is that I’ve found using acme effectively requires me spending a tremendous amount of time drafting my own plumbing rules, minicommands, and so on, for every single language, because the community’s just so damn small. Given that Atom, Visual Studio Code, NeoVim, and Emacs come out-of-the-box with tons of packages these days, and that it’s comparatively easier to disable all the fancy stuff in one of those than to add fancy stuff I need back to acme, and I’ve found it tough to use it for any meaningful length of time. But maybe I’m doing it wrong.

                                          How do you handle the lack of text formatting? Is it truly a place for you, as it is (by necessity, if nothing else) in Plan 9, or is it “just” your editor? Do you find that you have built up enough of a toolbox that you’re not bothered anymore by the lack of a large community? Maybe there is such a community, but it lives somewhere odd (e.g. the 9front and acme-sac mailing list archives being solely available via 9fs, to my knowledge)?

                                          1. 1

                                            Not gonna lie, if you feel the strong urge to customize anything, acme is definitely not for you.

                                            I’ve been there. I had a very long .emacs file. Over the years, though, I started accepting the default more and more, until only some configs of evil and org-mode left.

                                            That been said, I have been adding a few customizations to my acme ecosystem, too. Instead of many elisp functions, I have added a few custom plumb rules for a few compilers (nim, for one), and I have collected a few shell/awk/sed scripts. Instead of enriching my life in emacs, now I am enriching my life in the whole command line ecosystem. No, I don’t spend tremendous amount of time just for the sake of customizations. I used to write those crazy one-liners any way for my work. Now I just type those in acme instead of a terminal.

                                            What acme gives me is a nice window system to the whole command line ecosystem. If I’m testing a module, instead of M-x compile RET myTarget (or :!make myTarget, or switch to a terminal and press up-arrow RET), I just move my mouse to the already highlighted string “make myTarget”, and middle click it. In a sense, I just use acme as a fancy terminal that has multiple windows having their own $PWD, write my command line once, and middle-click it many.

                                            As to the mouse requirement, I am happy using the touchpad on my MacBook Pro, with ctrl, opt, cmd, for 1, 2, and 3, click.

                                        1. 4

                                          I’m going to be very curious if this actually goes anywhere. During the Bazaar retrospective, I remember Jelmer commenting that one specific feature of Bazaar—its ability to work transparently inside Git repositories—was a misfeature he regretted. I was a bit surprised by that at the time; Mercurial generally feels that it’d be great to have better interop with Git, and there have even been projects such as hgit (directly use the Mercurial UI on .git repos) and hg-git (use Mercurial to clone and work with Mercurial copies of remote Git repositories; this is also the track I took in Kiln Harmony) to try to achieve that.

                                          (BTW, neither hgit nor hg-git are official Mercurial projects, but both were started by core Mercurial contributors, and the latter remains very actively maintained.)

                                          I’m not personally convinced there is enough interest in Bazaar, or enough legacy Bazaar repositories in active use, to really justify maintaining Bazaar at this point, but I’m really unsure that there’s enough room in this space to launch an third island of DVCS into the existing landscape. The ability to use Bazaar to work with Git seemed like one of its few bright stars; I’m not sure how Breeze will get any initial traction at this point.

                                          1. 4

                                            Nit: hg-git was actually started by a GitHub employee (he got to it a few weeks before our GSoC student was to work on the very same thing). In order to help the GSoC student, I made the code more pythonic and added some tests, and then ended up holding the bag for several years.

                                            I’ve since given up maintainership of hg-git, because I never use it. I still want to try hgit again some day, but there’s many miles of core hg refactoring to go before it’s worth attempting.

                                          1. 2

                                            I’m actually really curious if mobi is as bad as this, and what other formats exist (if any). To me, it seems as if epub barely needs to exist; I’m reminded of the old bookmarks.html of Netscape, which somehow served fine as both a document and a bookmarks list, and feel as if that concept, plus a simple .html file, could honestly probably handle about 99% of what you’d need here.

                                            1. 2

                                              I feel a bit silly for this, but I’d never thought of reading UNIQUE as “this is a key” until reading this article, even though I intuitively use them that way. I doubt it impacts my designs much, but it definitely changes how I’ll conceptualize my schemas. (It also does a good job explaining why PostgreSQL doesn’t cluster tables on the primary key.)

                                              1. 6

                                                why would such a site have google analytics?

                                                1. 1

                                                  People often include google analytics without really thinking about the privacy implications, just because publishing blind is so annoying I suppose. Is there a better alternative?

                                                  1. 2

                                                    Well, there’s Piwik. I find it quite nice, though I’ve heard Google Analytics is in a league of its own. Wouldn’t know since I don’t use it for these exact privacy concerns.

                                                    1. 1

                                                      You probably also punish yourself with google search ranking by not using google analytics too. bummer.

                                                      1. 3

                                                        Anecdotally, this seems to be the case, based on what I’ve played with this on my own site.

                                                        Currently, if you search for “Benjamin Pollack” on Google, my blog is (usually, because Google) about third on the page. About two years ago, I noticed that it had suddenly and without any warning plummeted to almost the bottom of page one. Sometimes, it wasn’t even on page one, which was even worse. While I generally don’t like doing SEO, I didn’t really like not having my blog rank highly, either, and the sudden drop didn’t make much sense to me. So, I spent some time poking.

                                                        I knew I’d gotten some whining from Google about not looking good on mobile platforms and some other things, so I started there: gave the site a responsive design, turned on HTTPS, added a site map, improved favicon resolution, and some other stuff. But while those changes did help a bit on some other search engines, none of it really seemed to help much on Google. In frustration, I started looking through what I’d changed recently to see if I’d perhaps broken something that Google cared about.

                                                        Turned out, I did: while I’d used Mint in practice to track my site’s usage, I’d accidentally left Google Analytics on as well for quite some time. I’d caught it shortly before the rankings drop, and removed it from my site. On a hunch, I added Google Analytics back in, and…presto, back up to roughly my old position.

                                                        I don’t actually think this is malice. I think that Google absolutely factors in the traffic patterns they see when calculating search results. In the case of my blog, their being able to see people showing up there based on my name, and then staying on the site, probably helps, and likewise probably gave them insight they might otherwise lack that I tend to have a few key pages that get a lot of traffic.

                                                        So, yeah: unfortunately, I do think you punish yourself with Google by not using analytics. For some, that might be okay; for others, perhaps not.

                                                        1. 5

                                                          I don’t actually think this is malice. I think that Google absolutely factors in the traffic patterns they see when calculating search results.

                                                          Perhaps not active malice, but this is the exact sort of thing people mean when they say that algorithms encode values.

                                                          It may not be active malice, but it still has malicious effect, and it’s still incumbent upon Google to clarify, fix, and/or restate their values accordingly.

                                                          1. 1

                                                            I knew I’d gotten some whining from Google about not looking good on mobile platforms and some other things, so I started there: gave the site a responsive design, turned on HTTPS, added a site map, improved favicon resolution, and some other stuff.

                                                            in what form did you receive the “whining”? as someone with an irrational hatred of the web 2.0 “upgrades” that have been sweeping the web, making fonts huge, breaking sites under noscript or netsurf, etc., i have been wondering about the reasons for this. like is there some group of PR people going around making people feel bad about their “out-dated” websites, convincing them to use bootstrap?

                                                            would motherfuckingwebsite.com live up to google’s standards of “responsiveness”?

                                                          2. 3

                                                            For what it’s worth: When I worked on Google Analytics a few years ago, that was definitely not true. And I’d bet that it’s still not true and will never be true. Search ranking is heavily silo’d from the rest of the company’s data, both due to regulatory reasons and out of principle. Just getting the Search Console data linked into GA was a big ordeal.

                                                            Edit: Just did a quick search, here’s a more official statement from somebody more relevant: https://twitter.com/methode/status/598390635041673217, I’m pretty sure there were many other similar statements made by other people over the years too.

                                                            1. 1

                                                              thanks for that info.

                                                              1. 1

                                                                I understand if you can’t say anything but I’m wondering if there’s a different explanation for https://lobste.rs/s/3o3acu/decentralized_web#c_ltcs3n then?

                                                                1. 2

                                                                  I don’t work there anymore, so there’s no way for me to know for sure.

                                                                  If I had to guess I’d say it’s a similar deal to the dozens/hundreds of “I spoke about X in private and now I’m seeing ads for X, so my phone/car/alexa/dishwasher is spying on me” stories. We’re really good at attributing things incorrectly.

                                                                  The comment you link already mentioned various things that happened which likely ruined the ranking: Unresponsive design, no HTTPS, whatever else was wrong with it. The thing is, it takes time for ranking to get updated and propagate. Even if everything was fixed yesterday and the site got crawled today, it can take weeks or months for relative ranking in a specific keyword to improve. It’s very hard to attribute an improvement to any specific thing—all you can do is do your best across the board over the long term.

                                                                  Some other possible things that might have gone wrong which the comment didn’t already mention: Maybe Mint was doing something bad, like loading slowly or insecurely or something else. Maybe some high-value incoming links disappeared. Maybe Google rolled out one of their big algorithm changes and the site was affected by some quirk of it (it happens fairly regularly, lots of rants about it out there).

                                                                  1. 1

                                                                    Hmm, thanks. That makes sense; I appreciate the explanation!

                                                              2. [Comment removed by author]

                                                                1. 2

                                                                  they got rid of that along with the serifs on their logo

                                                            2. 1

                                                              what is so annoying about publishing blind? i am publishing this comment blind and it doesn’t bother me.

                                                              isn’t it easier to do nothing, than to do something and set up google analytics?

                                                              1. 1

                                                                Eh, well, there’s actually up down vote buttons on your comment. So the tracking was already there for you. Likes and claps and shit… people want to see who’s seeing them.

                                                                1. 1

                                                                  tracking is different from allowing voluntary participation.

                                                          1. 5

                                                            This looks very cool as something close to a drop-in for curl. For interactive work, I’ve really enjoyed HTTPie, which breaks backcompat to provide a nicer overall experience (IMHO).

                                                            1. 2

                                                              This last 12 months of actions and reactions by the developers of Caddy make me wonder why anyone would still use it.

                                                              1. 3

                                                                It’s very useful and even open source, why not?

                                                                1. 1

                                                                  In may when LE had an outage, Caddy servers with valid certificates in the renewable period would refuse to start. This was not an oversight, it was intended behaviour and it took a lot of complaints before they relented and adjusted the configuration. It will still refuse to start if a certificate is very close to expiry and LE is down, from memory.

                                                                  Later in the year they started injecting ads into repsonse headers for the downloaded “free” binary before again, relenting under a wave of backlash.

                                                                  Whenever the main developer is involved in a discussion about it where there is criticism or particularly comparison to alternative open source tools, his responses make it seem like he thinks requesting/renewing a certificate via letsencrypt is some kind of secret sauce that he alone provides to the world.

                                                                  Theres also that whole “separation of concerns” thing but that’s not specific to the last 12 months

                                                                  1. 3

                                                                    You could just set the certs explicitly in the caddyfile to work around that issue. And I guarantee you I could code, build, and deploy a hotfix removing that behavior in 15 minutes or less if necessary. But I can’t say the same for Apache or nginx. Actually I’d probably just shoot myself if I had to hotfix Apache.

                                                                    As for separation of concerns, I think a web server that handles all aspects of being a web server is a great idea. Certs in particular cause loads of trouble for amateur users.

                                                                    1. 1

                                                                      In no other TLS terminating program do you need to “deploy a hotfix” for fucking stupid behaviour.

                                                                      The problem with caddy is two fold: it tries to be “magic” and the “wizard” in control thinks he knows better than anyone else.

                                                                      1. 2

                                                                        In no other TLS terminating program do you need to “deploy a hotfix” for fucking stupid behaviour.

                                                                        Sorry, are you jokin my ass? You’ve NEVER heard of anyone having to deploy a config hotfix to Apache or nginx for stupid behavior? Hah, good one.

                                                                        1. 1

                                                                          Changing a config value isnt “code build and deploy a hotfix”.

                                                                          1. 1

                                                                            First sentence of my comment:

                                                                            You could just set the certs explicitly in the caddyfile to work around that issue.

                                                                            1. 1

                                                                              Literally the next sentence of your comment:

                                                                              I guarantee you I could code, build, and deploy a hotfix removing that behavior in 15 minutes or less if necessary

                                                                              Changing the config to statically reference a certificate file isn’t a long term solution, because it will then turn off Caddy’s renewal of said certificate. So, what, you either keep manually adjusting the config whenever Caddy won’t start, or you have to modify the source and re-build the whole program? All to work around fucking stupid behaviour that was intentional.

                                                                              1. 1

                                                                                Yes, I could do either one. The point of the second sentence was not only is a config change easy, Caddy is so easy to work with I could do a code change instead if I wanted. Or roll out a config change first and a code change later. Or use an external LE client. I’ve had worse problems with other servers that were a lot harder to fix, and bitching about this one like it’s the end of the world sounds really amateur to me. And yes, the many problems in other servers are “fucking stupid behaviors that are intentional,” and still aren’t fixed.

                                                                                Besides, how would you even hit this problem? Why are all of your frontend web servers restarting at the same time? If you only have one, why is it restarting unattended? I can’t imagine any skilled team having a second of downtime because of this.

                                                                                1. 3

                                                                                  Why shouldn’t I restart my server? There’s no reason for me to expect it won’t come back.

                                                                                  1. 1

                                                                                    You shouldn’t make any unattended changes to production. If you’re restarting manually, you can just fix the issue with a config change trivially in < 1 minute. If you’re a company making an infrastructure change, you better have some real process that would catch any problem, not just this one.

                                                                                    1. 0

                                                                                      You can fix it “trivially” if you know how to fix it (which is highly unlikey given that the use-case for caddy is “you dont have to worry about certificates”) and if you’re manually restarting.

                                                                                      What if the software crashes and is restarted by your init?

                                                                                      What if the server has to restart due to a failure of some kind?

                                                                                      Its a fucking stupid concept and it was intentional. That should tell anyone all they need to know about how this project is run.

                                                                                      1. 2

                                                                                        That should tell anyone all they need to know about how this project is run.

                                                                                        I think you’re too willing to make black and white judgements, but ok.

                                                                                  2. 1

                                                                                    A skilled team wouldnt find certbot and haproxy/similar “too hard to configure” and turn to caddy.

                                                                                    I don’t know the exact situations that triggered the problem because I dont use the fucking thing, but it had enough people seeing the issue that the github issue was like a townhall meeting.

                                                                                    1. 1

                                                                                      No, they wouldn’t. But they might use Caddy if they didn’t want to spend the time doing so. Time is a finite resource.

                                                                  2. 1

                                                                    I literally only know about the header thing, where they relented. What else happened?

                                                                    1. 2

                                                                      Oh, the header is gone? I only remember adding it, missed the retraction.

                                                                      1. 6

                                                                        Yep, it died.

                                                                        To answer the grandparent, I’m going to be really blunt: Caddy has made some poor decisions that I disagree with and that make me disinclined to trust them. But so has Mozilla, as we’ve discussed recently. And, very recently, so has Apple, with the battery situation. Caddy, at least, was very straightforward and transparent in what they were doing, whereas these other companies were not. And in the modern context, where most open-source projects are sponsored by major companies, transparency in what’s going on is close to the best I can ask for. Toss in that building Caddy without that header at any point required, let’s be honest, the bare minimum of effort, whereas e.g. building Firefox without the Mr. Robot plugin did not, means I don’t personally have any trouble continuing to use them.

                                                                        1. 3

                                                                          I didn’t know that either, good to know. And I mostly agree. As I see it, Matt is trying to make a living out of a great piece of software. I respect his attempt, although I’m really glad he dropped the propriety headers.

                                                                    2. 1

                                                                      What actions and reactions?

                                                                    1. 12

                                                                      Any interest in a crustacean private leaderboard?

                                                                      1. 9

                                                                        I guess competition is healthy, but I have an additional suggestion: crustacean private help board: I don’t know how we’d do it, one big “ask” story/thread would be difficult, we could set up a github project for it and have questions as “issues” perhaps? We could have a wiki on it too.

                                                                        EDIT:

                                                                        Also, the idea of a lobste.rs joint github additionally appeals to me because I know we all dabble in various esoteric languages and we could have a “rosetta code” type of project where we solve the problems in different languages, and it would be fun to compare these solutions across languages.

                                                                        EDIT:

                                                                        https://github.com/a-red-christmas

                                                                        In case anyone thinks its a good idea … please join up

                                                                        1. 4

                                                                          Sounds like fun to me, I’m azdle on github too if you’re adding people.

                                                                          I agree with @gerikson about not having a daily thread and I think one monster thread would quickly get unwieldy. I created a #lobsters-advent on freenode that we can for discussion.

                                                                          1. 3

                                                                            The AoC subreddit is a good place to look for help and tips.

                                                                            I don’t like the idea of “polluting” Lobsters with a daily question thread.

                                                                            I love the idea of a shared code repo.

                                                                            1. 3

                                                                              Please add gustafe on Github!

                                                                              1. 3

                                                                                yumaikas on github. I’d love to join.

                                                                                1. 3

                                                                                  Count me in. trevmex on GitHub.

                                                                                  1. 2

                                                                                    The github web interface doesn’t seem to have a ‘request to join’ button. I think you have to add people manually.

                                                                                    1. 4

                                                                                      JKowalsky on Github as well, I’d love to join as well!

                                                                                      1. 4

                                                                                        tftio

                                                                                        1. 3

                                                                                          daveloyall

                                                                                          1. 3

                                                                                            NattyNarwhal, not sure if I’ll do it, but I’d definitely consider it.

                                                                                          2. 2

                                                                                            Would you mind adding bpollack?

                                                                                            1. 2

                                                                                              Cool. I’ll add my Haskell solutions :)

                                                                                              1. 1

                                                                                                (Or at least I will if you add PhilArmstrong to the project :) )

                                                                                              2. 1

                                                                                                I’d love to join! My username is Vaelatern.

                                                                                                1. 1

                                                                                                  I’ve invited you!

                                                                                                  1. 1

                                                                                                    And I’ve contributed my clojure solutions!

                                                                                              3. 2

                                                                                                I’d be up for it!

                                                                                                1. 1

                                                                                                  Post your ‘join code’?

                                                                                                  1. 1

                                                                                                    Will do asap!

                                                                                                1. 3

                                                                                                  I was curious about VS Code but then read about the privacy policy. It can send your file contents to remote servers. There is a discussion about it here.

                                                                                                  1. 8

                                                                                                    As noted in the very thread you linked, that’s only done on crash, and can trivially be disabled if you wish with a toggle in settings. This isn’t meaningfully different from Firefox and Chrome sending memory dumps when they crash. I can see your argument it should be opt-in, and I think I’d agree, but it’s not nefarious.

                                                                                                    1. 8

                                                                                                      Well, the meaningful difference is that Firefox prompts before sendig crash reports.

                                                                                                      1. 6

                                                                                                        Yup. What @gecko said. Our InfoSec group has blessed it for internal use provided said feature is disabled, and they’re pretty damn hard core about such things. To me if this is your only blocker you should look again.

                                                                                                        1. 0

                                                                                                          Considering MS’s history on that topic, I don’t trust them and wouldn’t install it myself.

                                                                                                          1. 4

                                                                                                            Don’t trust. Verify. It’s an open source project. Go read the source code yourself, build it yourself, etc. https://github.com/Microsoft/vscode

                                                                                                            1. 4
                                                                                                              git clone https://github.com/Microsoft/vscode.git
                                                                                                              cd vscode && find . -name '*.ts' | xargs wc -l
                                                                                                              [...]
                                                                                                              482114 total
                                                                                                              

                                                                                                              Be my guest.

                                                                                                              Not even counting dependencies here. You can’t realistically verify that kind of software by yourself.

                                                                                                              Even if you manage to read and carefully inspect this codebase (rogue commits tends to be quite hard to spot, you wont spot it with a simple distracted read), you’ll have to still read the ~100 daily commits every day.

                                                                                                              My point is: nowadays, ultimately, you’ll always rely on trust to some extent when it comes to your security, even when using open source sotware.

                                                                                                    1. 3
                                                                                                      1. 7

                                                                                                        What hg calls “branches” are entirely different from git branches. They are generally meant to be permanent, and shouldn’t be used if no one else would ever want to pull them in. A good application of hg branches, would be to have a “dev” branch that merges into the “stable” branch from time to time.

                                                                                                        From here on out, when I say “branch” I mean it in the sense of a git branch.

                                                                                                        People often say “bookmarks” are the equivalent of git branches, but this is a bit misleading. Bookmarks are, very simply, a tag that automatically updates when it is activated and you make a new commit. A bookmark only knows the direct commit it is applied to, nothing more.

                                                                                                        So how do you create a “git-like” branch in mercurial? You update to any non-head revision and commit. This creates a new (unnamed) branch on the DAG. You can see it by running hg log -G, or better hg show work (after enabling the show extension in your hgrc). All bookmarks do are add a string label to these unnamed branches which can help you track them a bit better. They are not necessary to do branching however, many of my colleagues just use revision numbers and hg show work to keep track of it all.

                                                                                                        Finally, there is an experimental feature called “topics” being developed. It’s currently packaged in the “evolve” extension, so this needs to be installed separately. I won’t go into much detail on topics here, but they can enable more “git-like” branching workflows than heads + bookmarks can.

                                                                                                        1. 4

                                                                                                          Bookmarks are, very simply, a tag that automatically updates when it is activated and you make a new commit.

                                                                                                          Strictly speaking, this is exactly what a git branch is too: just a ref. People use the word “branch” in git loosely, though, to refer to both the ref and the commits reachable from that ref. Actually, most of the time people use it in the latter sense without having a firm grasp that the former is all that is happening.

                                                                                                          There are some UI ways in which git branch-refs are handled differently than hg-branches, for example, git calls a “merge” what may only be advancing a git branch-ref and has no merge-like qualities at all (i.e. no merging of files, thus no potential to resolve conflicts and certainly no merge commit). It is for this reason that hg merge does not advance bookmarks in hg and instead says that there is no merge to be done. Another UI difference is that git also has additional markers called remote branches that are another ref but one that is only moved by different parts of the UI i.e. push/pull/fetch commands.

                                                                                                          1. 2

                                                                                                            I’ve actually switched to describing classic Mercurial branches as “labels” to people coming from Git, and just telling them to use bookmarks and to always make a bookmark called @ when they start. That, combined with Bitbucket natively supporting obsolete markers, usually helps them get used to the Hg workflow more easily (since things like rebase now do what you’d expect and cleanly allow pushing with deprecation).