-
I too had issues around syncing my own files using pass in the past and eventually settled on LastPass. In my opinion, it’s worth paying $24 a year for premium support which gives me 1GB of encrypted storage and more two-factor authentication options. Plus having the app seamlessly sync to my phone is great as I can just copy passwords to the clipboard for other apps on my phone. It’s been easy to use and I enjoy not having to worry about passwords anymore.
Edit: Sorry that this was seen as spam. I realized after the fact that it was a little zealous. I am by no means connected to or trying to endorse LastPass.
-
-
-
Talking about Firefox on Android? I don’t think so, at least it doesn’t for me. I don’t think that’s LastPass vs 1Password though, I think each app has to implement it. Looks like Android P will bring it to browsers by default
-
-
-
I’ve been sticking with LastPass for a while as well. They have a good automatic sync and user experience on all platforms, and from what I understand, the data architecture is good - master password never touches their servers, always handled by Javascript in the browser or in the mobile app. I do try and remember to back up the password list periodically as well.
-
-
I have been toying around with the idea of writing a daemon that is similar to fail2ban. I use fail2ban on my small VPS now and have found it to be memory hungry. I plan on using Rust and exploring the problems that come with monitoring log files. There isn’t any code yet but I will get to prototyping soon.
-
I got around monitoring log files by writing my own syslog daemon in C/Lua. I have code that monitors
sshdand adds/removes entries toiptablesover time. Memory usage has been negligible over time (or it’s never been an issue as far as I can see). There are other modules I’ve written (like one that summarizes several Postfix log entries for forwarding onto another system). -
-
-
I ended up writing a few middleware handlers following the pattern mentioned here so I could use alice to chain them. Combining this with popular community middleware made it easy to write robust servers.
-
Reading more about Rust as I prepare to start a job that will largely have me writing in it.
The new position puts me as the only engineer on a project initially and my usual languages are C and C++. I’m worried about safety of a system I’m writing by myself. Rust should provide sufficient safety and strictness to help mitigate a large portion of problems with writing low level code, especially since this will be completely green field development.
I’m also excited to be using a modern toolchain for development (e.g. cargo) :).
-
start a job that will largely have me writing in it.
That’s a really exiting statement as far as the overall Rust ecosystem goes. Are you at a point where you’d be comfortable saying who this is for, or maybe at least a bit more about the type of software you’ll be building? I’m really curious to hear more about where Rust is heading in industry.
-
In the interest of transparency, the job didn’t dictate the language - I did. I spent most of the Christmas holiday prototyping and experimenting with stuff to try and find a language I felt most suited the nature of the project (one engineer, strict performance requirements, strict/safe compiler). I’m an OS-level engineer by experience, having spent the entirety of my professional career working on lower level OS stuff.
The project itself is under wraps but it’ll be low level OS-related code. Some OS services/daemons and some driver work. The code will need to be minimal overhead for CPU/memory and run on a variety of hardware setups. Where I can, I’m going to use Rust as much as possible.
If I can find the time, I’d like to blog about and/or open source some if it as we go along :).
-
-
-
-
This was a refreshing post as the author didn’t go on about generics or how all of Go’s third-party package managers are horrible. The linked articles on writing effective Go and benchmarking were great to read again as well.
-
I haven’t used Perl for a few years now and reading this reminds how much I enjoyed it. I wonder what I have been missing and what has been added to the language and community since 2015. It’s great to hear that there is no slowing down for Perl.
-
I just moved into my new place this past weekend, so lots of unpacking and changing my address for banks and such. After getting done with all of those tedious things I plan on picking back up on some Rust work. I had written a nom parser for the Redis crate but haven’t attended to it since I started escrow.
-
I am in week three of my new job so I haven’t been able to settle in enough to where I want to program in my free time. Although the project I am trying to make progress on is a client for NSQ written in Rust. It’s been fun to learn more about binary protocols and the asynchronous world at the same time.
For those that are interested NSQ can be found at this page: http://nsq.io
-
The thing that bothers me the most is how some sites enforce a small maximum length. For example, my bank’s site doesn’t allow passwords over 14 characters. Since I use a password manager I would have liked to make one that is much longer.
-
Unfortunately a lot of those odd rules are driven by legacy systems that just don’t allow longer passwords (or even passwords with anything other than alphanumeric characters, quite often not even distinguishing between upper and lower case).
The support site of one large software vendor is like that - no passwords longer than 8 characters, etc. Of course, the support site use the vendor’s own software, but obviously a pretty ancient version.
-
-
I’m mostly toggling between Rosetta albums at the moment. Flies to Flame and The Anaesthete are some heavy albums that keep me focused while coding.
-
I realize this post is full of buzz words, but:
Since Tokio released version 0.1 last week, I have been writing a StatsD clone in Rust. I wanted to dive into asynchronous servers and this seemed like an achievable project.
Outside of work and programming, I am trying to get myself into the habit of exercising again. It’s hard to get motivated after work to go to the gym and especially hard to do it alone. I have also been thinking of getting into juicing. One of my coworkers has suggested an Omega brand model but I don’t know if I want to spend over $300 for my first juicer. It may be worthwhile though in the long run.
-
clacke
1 year ago
|
link
| on:
The Not-So-Passionate Programmer: finding a job when you're just a normal person
Long live the dispassionate programmers! They get the documentation written and the boring bugs ironed out, when the passionate programmers have finished 80% on their latest cool Proof-of-Concept and are moving on to their next one.
-
-
There are plenty of people who will do software maintenance. The problem is that they come in two kinds, neither of which companies usually want to hire.
First, you have the ninjas who slash and hack their way though the codebase and organization, have no problem sending FYS (“Fix Your Shit”) letters to the original authors of a system even if they have fancy titles now, and are usually freelancers charging $200+ per hour. The good news is that they will figure out the existing system. The bad news is that they won’t document the new one that they create unless you pay for that too.
Second, you have the lazy but reliably capable people who work 9:30-to-4:00 (with 90 minute lunches) and don’t do anything they aren’t explicitly asked to do, but will happily dive in on boring maintenance tasks and, although it won’t happen fast, they’ll get the job done. They might work 1.5-2 hours per day and that’s when they’re actively tasked, but they’re more productive on maintenance than anyone else, because they have a certain rare gift of emotionlessness that prevents them from getting angry at the code they have to work with.
Managers don’t want to pay for the first kind and deal with the hurt egos (because the mercenary ninja types are often telling the company men that their code is terrible) and they don’t want the second kind because they’re afraid of slacker contagion… even when the slackers are competent enough to be a net win.
In other words, this problem is sociological and economic, not innate. It’s not that software maintenance is this inherently ugly or unsolvable problem. There are personality types that are suited to it. The problem is that managers don’t want to hire the people who can do it well. They’d rather plonk the work on some unlucky fool. The job never gets done, but the manager gets to evade blame and say it was a bad hire, so the behavior won’t change. Managers don’t believe in technical debt because their ethos is, “It’s not really debt if you never pay it back.”
Maintenance would be relatively easy if companies were wiling to hire the right sorts of people to do the job, but I don’t see that happening in the near future.
-
One thing that’s interesting about old-line engineering companies (the Exxons and Lockheeds) is that they’re totally ok with your type #2, maybe even prefer that kind of employee. Although they’re virulently allergic to type #1: when they hire an external consultant, it’s to regurgitate back what they what to hear, not to make waves. But on the 2nd type, someone who does an honest two hours of work per day on a boring but necessary maintenance task, assuming they do so reasonably consistently and correctly, would be a valued employee in a lot of these more staid engineering organizations. These companies can have all kinds of other dysfunctions of course, but not this particular one.
-
The interesting question is the extent to which such companies are productive. I’ve heard claims that all large companies are inherently in decline, that your Exxons and Lockheeds will always and only burn money (or have below-market returns, which in a spherical-cow economics sense amounts to the same thing), that all useful growth and innovation are accomplished by small companies (populated mainly by people who might be categorized as type 1 in this taxonomy that I don’t really want to legitimize). I don’t quite subscribe to the strong version of this thesis, but it’s food for thought.
-
Actually, I think that the Exxons of the world are, in general, capable of being very profitable.
Keep in mind that if a CEO can capture $1 in executive perks or compensation instead of corporate profit, he’ll do that. It’s a classic principal-agent problem. This is complicated somewhat by the fact that shareholders aren’t always idiots, so the CEO can’t just loot at will, and of course the CEO’s compensation is often largely in stock. So there are some limits on the self-dealing… but, on the whole, executives take away a lot, not only financially, but also in terms of intangibles, e.g. using the corporate power and reputation to further their own branding and to take care of personal and family needs.
If you include executive takeaway, these companies are way more profitable than what you see on the balance sheet. It has nothing to do with them being well-run organizations. There are just a lot more feedback loops (rich getting richer, power accumulating) in human societies than most people want to admit.
Reported profits, however, tend to be mediocre because executives take the best stuff for themselves, just as startup equity often ends up worthless even when founders and C-words get $5 million signing bonuses and VP+ positions at the acquirer.
-
If you include executive takeaway, these companies are way more profitable than what you see on the balance sheet. It has nothing to do with them being well-run organizations. There are just a lot more feedback loops (rich getting richer, power accumulating) in human societies than most people want to admit.
What executives take is only profit to the extent that they can take it efficiently though. If a company returns $1000 to shareholders then we can call that producing $1000 of value; if a company spends $1000 providing a first-class flight to an executive that might be only $100 of value to them.
-
-
It’s hard to say much solid about macroeconomics at that level of abstraction, or at least I don’t feel confident saying much about it. :-) I’m somewhat skeptical though. Not that the small fast-moving companies aren’t likely to be more profitable, but what the impact on the economy in aggregate is. It’s quite easy to construct situations, at least in economic models, where the profitable decisions for individual companies don’t necessarily optimize the economy as a whole (if anything it’s somewhat tricky to construct models where that isn’t the case). It’s hard to measure empirically, though. I could hypothesize that some of these boring, less-profitable companies play an outsized role in propping up the whole system, by keeping infrastructure working smoothly, but that’s hard to empirically test.
I do think such organizations are necessary for long-term maintenance, anyway: either it’ll get done by boring, slower-moving organizations (or at least, organizations with some divisions/groups within them fitting that description), or it just won’t get done at all. In terms of a world I’d like to live in, I do like things being maintained by utility-like organizations, or even the nonprofit or public sectors, that are interested in ensuring long-term stability and usability of things, especially things I’d classify as infrastructure.
-
-
-
-
-
-
At home, some Rust operating system fun. Porting a microkernel I last worked on eight years ago; it’s so much nicer to use something-that’s-not-C.
At work, working on our new Markdown parser (… in C) and the transition of our existing user content from old-non-specified-Markdown to an actual spec.
-
Since you are using Rust outside of work I figured I would share this markdown parser I saw a while back. Perhaps you have some special requirements at work but it’s a nice library.
-
Thanks for the link! I was looking around a little while back to see what the Markdown/CommonMark ecosystem for Rust was like; this is probably something I’ll be looking to use or work on more in the future!
edit: ah, I remember why I didn’t end up going with this when I was looking at some implementations – the spec compliance is not quite there. Perhaps I’ll try to help it along!
-
-
You have a write up on or link to the microkernel?
-
Not yet — it’s really babyish.
The very old one can be found at http://github.com/kivikakk/akari — it did your usual hobby kernel things (multitasking, separated kernel/user space, ELF loader, harddrive access by DMA). There was a terribly slow IPC implementation that made its design (separate processes for the harddisk, VFS ‘driver’, FAT32 ‘driver’, etc.) a bit laughable, but it was still fun to do. An old (short) blog can still be found in the Wayback Machine: http://web.archive.org/web/20110202221708/http://akariproject.com/.
-
-
-
I have been using a Model S keyboard for about a year now and I couldn’t imagine using anything else at this point. Mechanical keys really do have a distinct feel and I have noticed I have much more accuracy.
The Model S comes only in a wired option but it has two extra USB ports on the side that can be used. I can’t say I dislike anything about it other than the noise but that can be solved with having brown keys instead of the blue ones.
-
Between this and the Xi editor, I am impressed how Raph has shown Rust’s strengths for system software. I hope these projects continue gaining traction moving beyond a useable proof of concept.
-
I’m finally back to Rust coding and picked up my work on a CouchDB client again.
I’m in dire search for a catchy name.
-
-
-
-
-
recline.rs - Not all couches are recliners, but it sounds like a nice name.
-
-
-
-
Are passwords ‘broken’ in general? I don’t see the need to fix them.
-
Passwords are pretty insecure. Most people reuse them. Compromising their password in one place (eg. Neopets) will allow you to assume their identity on most other services (Google, Facebook, Amazon, maybe a bank).
-
Is it passwords that are insecure or the person behind the password? If you use a password manager that lets you generate strong and unique passwords then I don’t see an issue. Then if a site gets compromised you just need to regenerate a new password for that site and not worry about the others you may have used the old password on.
At the end of the day, it comes down to making a conscious effort to be smart about how you maintain your online identities.
-
From a policy perspective, there’s not much difference between “this cannot be used securely” and “this is not used securely”. The net result in either case is poor security, and bemoaning the fact that people don’t pick secure passwords doesn’t solve the problem.
Obviously from a personal perspective, there’s a lot you can do to maximize the security of your passwords (starting with generating distinct long, random passwords for everything and keeping them in a password manager). But your good password practices don’t really matter to Google, or anybody else using those passwords to authenticate you.
-
-
The problem is that most people don’t do this, and there’s only so much a site can do to encourage its users to do this. In the end, it can’t tell if your password is used elsewhere, or from a password manager, or anything else. What they can do is look for some method of authentication that avoids or augments the password, to (hopefully) provide a greater degree of security by default.
-
-
-
Passwords are absolutely broken.
LinkedIn was hacked 4 years ago, 164 million accounts compromised, and we just find this out in the past month?
Https? There’s no way to ensure that it’s even set up properly. The DROWN attack and heartbleed are both great examples. https://thehackernews.com/2016/03/drown-attack-openssl-vulnerability.html
Depending on any multi-use token for authentication should be considered poor security.
-
-
They’re typically transmitted over HTTPS; doubly a problem if they’re reused.
-
If this is a problem for passwords, isn’t it also a problem for biometric data sent to a backend?
Edit: in fact, all biometric data is “reused”, so wouldn’t that be even worse because once someone captures whatever data your fingerprint is turned into they can use that with any system that uses the same type of data?
-
-
-
-
Korelogics analysis of the Linkedin hash dump shows some interesting issues with the use and generation of passwords.
I’m not sure what the solution is - but for me passwords are part of the problem.
-
Here’s the thing: You’d have a similar problem with storing biometric data. Biometrics are strictly equivalent to a reasonably strong password, from the server’s perspective.
They’re quite different from the user’s perspective, but I’d argue that they’re a step backwards because they’re immutable.
-
-
-
-
-
-
-
iconara
2 years ago
|
link
| on:
Thousands of Threads and Blocking I/O - The old way to write Java servers is new again (2008)
This should probably include “(2008)” in the title, it’s old enough that “the old way” has been new and then old again, again.
-
-
Rust lets you borrow stuff, just remember to always use the & and you’ll be fine.
This is what I had the hardest time coming to terms with when trying to break my code down into functions when I was beginning to learn Rust. But instead of thinking of the ampersand as the “address of” operator, remembering that it is the “borrow” operator makes a lot more sense. You are just giving that data to something else for it’s execution and then it’s your (caller) data again.
-
In the article this quote is clearly sarcastic, but this isn’t great advice in every case, in case you’re just skimming comments here. If you find yourself calling clone() on an argument passed in, you maybe should have required ownership on it instead of asking for a reference to it. This also communicates the internal semantics more clearly to callers.
-
Minor correction in one example:
The first comment should be
Create a buffered channel of unlimited capacity.. As you explain above this point, it would have to block when you send if it were unbuffered.Do you mean this with regard to the Go example? I think you’re right though and I’ll make that fix later.
I meant in the first crossbeam-channel example.