1. 7

    I think this starts well and speaks to some real problems, but I’m less than convinced by the conclusion. Usernames that can be typed are useful, and in several ways. I’ve attempted to sort these examples in ascending order of elementarity.

    • They can be roundtripped through clipboards and email/notepad/etc apps
    • Legacy software understands them
    • They can be processed by generic tools
    • They’re compatible with assistive technology
    • They can be roundtripped through physical writing
    • Humans can remember and copy them

    I’m not sure where to put it, but a point that’s relevant to me is that it’s much faster for me to type things that don’t involve roundtrips. There are a few reasons for that, and some of them—like the fact that most interfaces are pretty laggy—are eminently fixable, but one feels fundamental: I’m usually typing a few words ahead of what I’m reading back, if I’m reading back at all. Using an interactive username selector, even a hypothetical perfect one, breaks the pipeline, so to speak.

    1. 7

      The way Discord (and Blizzard) address both use cases is mentioned offhand in the article. IMO it’s really nice. You pick a friendly username (e.g. “Richard”). This does not have to be unique. The system automatically generates a few decimal digits to make it unique (e.g. “Richard#123456”). The sequence of digits is usually 4 digits long, but can be longer if a given friendly username is common.

      In “local” contexts like a chat channel, the friendly username is almost always unique so you can identify me by just that.

      In “global” contexts like adding a friend, you’re asked for the full globally-unique handle with the digits too.

      1. 9

        The Blizzard system is also great because other users’ numbers are always hidden, and you can’t send someone a friend request without either playing a game with them or knowing their secret number. That makes it a really nice spam prevention tool as well – you have this secret part of your identity that is both a disambiguator for your username but also a small secret that lets you be selective about who gets to send you messages. I’m a huge fan of the system and miss it when I play other social games!

        1. 1

          I forgot that aspect. Yeah, that’s nice.

        2. 2

          It’s good that the globally-unique handles are human- and print-friendly, but a little disappointing to me that Discord’s UI for mentioning people is still roundtrippy.

          1. 2

            Oof yeah I got this part not right - Discord’s UI for mentions doesn’t actually work quite as nicely with local name uniqueness like I was thinking.

            I believe that in principle it could but it isn’t quite that nice.

      1. 17

        “This is Rust, running at 60fps.” Immediately below that: “FPS: 18.5”

        Snark aside, is it really necessary to render every frame when there have been no I/O events? Maybe redraw only on mouse click / drag, or when the control under the mouse changes?

        1. 10

          No, it’s not necessary, but it does make it far, far easier to write the GUI and also easier to write the code using it as long as it doesn’t get too elaborate. The opposite model to an immediate mode GUI is “retained mode GUI”, where you build a data structure representing your GUI, and generally only redraw parts of it that change state; this model is used by Real Gui Libs(tm) like Qt, Cocoa and WinAPI. Imgui’s such as Dear Imgui or Nuklear are particularly popular in gamedev as debug interfaces, since the performance is generally Good Enough and it’s easy to throw them together and modify them.

          1. 17

            Another reason why immediate GUIs are popular with games and other 3D visualization tools is that you’re typically dirtying your whole window on every frame and making frames as fast as you can anyway; they’re already pegging your CPU drawing the application, so pushing into that peg a little more for a nice UI library is fine :)

            1. 6

              You can have a mix though, where you write all your GUI as if it was immediate mode but then you just pause the render loop when nothing at all is happening.

              1. 4

                I find the modern chiasmus from retained mode UI (Win32 et al) and immediate mode graphics (OpenGL 1.x) to immediate mode GUIs (React) and retained mode graphics (modern GL) amusing.

                1. 2

                  There’s nothing about immediate mode GUIs that requires them to render at 60fps in the absence of input events. Games do this because they naturally have a realtime render loop, but desktop applications don’t and there’s no reason to impose one.

                  1. 1

                    I think you can do immediate mode but then render that through HTML / CSS. You can then style from outside the code with CSS, and submit HTML immediate mode from your code. Keeps the game-code-friendly ergonomics. I was trying this out and it’s actually been kinda fun: https://twitter.com/snikhilesh/status/1275945505168584704?s=21

                    You can even reuse existing “web components” and whatnot that way. I think I’ll end up building the CSS up from scratch though cuz it’s fun. :D

                  2. 1

                    It runs at 75fps for me :)

                  1. 10

                    And? Why do we need to discuss iCloud in reference to zoom?

                    1. 24

                      I think the author’s idea is, “why do we hold other companies blatantly accountable (like Zoom), and not Apple?”

                      1. 26

                        I guess I don’t see the need to equivocate both. They’re different threat models and different situations.

                        If the goal is to attack icloud, just note its flaws. Just like people did when they originally were known. Zoom is in the line of fire due to their current issues. If we’re going to start “yes and”ing every security failure I’m ditching both of these tags in lobsters. It is as bad as the constant arguments about countries doing bad things and hearing people bring up every other countries other problems as reasons why we shouldn’t care. We can legitimately care about both without constantly comparing between companies or countries.

                        The constant comparison really rubs me the wrong way like propoganda at derailing conversation away from the actual problems on their own merits.

                        1. 12

                          The one-word-ism for this is “whataboutism” and I too would like to see lots less of it all over the internet, but especially here!

                          1. 3

                            this type of argument is a critique of media and our collective ethical standards, rather than a critique of the situation as such. there’s nothing wrong with this type of critique, and i just as often see people dismissing such valid forms of critique as “whataboutism,” thus derailing the conversation away from examining media and ethical standards.

                            this goes for /u/haldean’s comment as well

                          2. 12

                            we’re holding zoom accountable? huh?

                            1. 1

                              “accountable”

                          3. 4

                            Zoom and Apple are both companies that claim to be end-to-end encrypted, yet this person is claiming that they are not.

                            1. 19

                              Apple does not claim to be end-to-end encrypted for backups or notes or photos or videos. Apple’s own weasely KB article on the topic is linked from TFA.

                              They also fail to mention that backups include your complete conversation history with everyone you’ve ever texted or iMessaged with on your device.

                              This is me, shining a flashlight on that.

                          1. 2

                            I’ve noticed this a coupe of weeks ago, but mentally filed it under “crates-io already has a squatting problem” and didn’t think of reporting it.

                            1. 2

                              I wonder what would be a good anti-squatting approach. Keep track of requests for packages that aren’t there (hmm, caches would interfere) and then alert if someone creates one with that name? And then what, edit distance stuff?

                              1. 5

                                I mean github doesn’t have a problem because packages are user/package . It seems that would have been better than what crates.io does imo.

                                1. 6

                                  Original rationale for not using namespacing:

                                  https://internals.rust-lang.org/t/crates-io-package-policies/1041

                                  1. 1

                                    Interesting to read, don’t agree with it, but thank you for linking.

                                    1. 2

                                      The discussion comes up every now and then to the point where everyone gets annoyed. That’s obviously a bit unfair to people that don’t have the history.

                                      Not that I don’t see the point (and it’s fine to raise it), but mostly because the discussion does not move forward and every argument was there already.

                                      I do, btw. not agree that the GH model solves many things, there’s an additional bit of info you need: whether a repos is a fork or an orginal, etc. It also has problems, as it uses that namespace as the only way to differentiate, GitLab, with it’s habit of using teams and tags, is much better in that regard, IMHO.

                                      1. 1

                                        I specifically meant to stop name squatting and impersonation in the parent comment, there are tradeoffs sure.

                                2. 1

                                  In this particular case crates-io could have blocked/reserved renamed crate names. Someone has grabbed getrandom_package already (the juiciest target — name used in the top rand crate). Unfortunately, crates-io doesn’t want to get involved in crate ownership disputes/squatting/spam (I get why — it’s a slippery slope & huge resource drain on “customer support”, but I’d prefer them to at least show some teeth in the most obvious cases).

                                  For squatting in general there’s no good solution. Some people called for GitHub-like namespacing, but that a) moves the goalpost from grabbing good crate names to grabbing good usernames, b) popular crates are by users with bizarre usernames you wouldn’t remember, c) is a huge question mark what to do with existing 30000 crates, without ending up with some 2-tiered/legacy system.

                                  The closest one that I could think of was allowing people to reserve name prefixes, such as tokio-*. That is backwards compatible with existing Cargo and Rust syntax.

                                  1. 2

                                    You can grab a good username, but you can’t steal a name from an existing account.

                                    On crates.io I can just take hyper2, on github I can’t take hyperium/hyper2 . To me that is a pretty big difference.

                                    1. 1

                                      Spitball idea that no one wants: Add a “checksum” to package names. You might typo “foobar” as “foobaz”, but you won’t typo “foobar-2js” as “foobaz-z1h”. :-P

                                      1. 2

                                        We should just name every package a GUID, that way no one will confuse them!

                                        1. 2

                                          The 2 is not a typo, it is a successor version. Similar to how sqlite is actually sqlite3. I’m not sure how your checksum idea would help at all.

                                          1. 1

                                            Ah, yeah, wouldn’t help with successor versions, that’s a good point.

                                  2. 1

                                    An implementation of a tiered namespace wouldn’t be too hard to implement. You just use double-underscore in the crate name as a name separator, which could be translated to / as sugar in Cargo if you want. Crate names remain valid Rust identifiers and Everything Just Works. There’s no real legacy problem ‘cause there’s a grand total of one crate that has __ in its name, and existing crates just live in their own top-level namespace separate from user namespaces. A proof of concept wouldn’t even be hard, ’cause you just reject crates from user foo that titled foo__cratename.

                                  1. 1

                                    While interesting, this guide is severely outdated. GitHub supports changing the base branch of a PR. While I agree that it’s nice to use stacked PRs, I can’t agree with the approach here, for it advises to merge into PRs, making the history a total mess.

                                    1. 3

                                      I think the merging they’re talking about is merging changes made in response to review comments “down” into the downstream PRs; they’re then squashing and merging back up the chain, so in the end on master you get the whole series in a single commit.

                                      1. 1

                                        Oh, I miss the last squashing. But that kind of defeats the whole purpose of having small, isolated commits. Now, when there is an issue in production, and bisect pinpoints to this commit, good luck to whomever needs to deal with it to pinpoint the exact change that caused the failure.

                                    1. 3

                                      This looks pretty great! Moving to CMake seems like the smart move, and I’m super psyched at their continued level of investment in Python.

                                      Kinda sad about their intent to move away from OpenGL and to Vulcan, Metal and Direct3D though. I guess the idea of one 3D graphics API to rule them all is dead?

                                      1. 4

                                        Apple claims that they’re going to remove opengl support from MacOS at some unknown point in the future, Qt is just preparing for that I guess.

                                        1. 4

                                          Apple is super annoying these days :) (I mean, I know they always have been, but lately I feel like they’ve turned it to 11, or maybe just in areas I care about!)

                                          I wonder if Vulcan is a possibility on OSX. Betcha it will be once all the game studios start writing for Google Stadia (Ungh.)

                                          1. 10

                                            There is moltenvk, which implements (a subset of) vulkan on top of metal.

                                            1. 8

                                              And gfx-portability too.

                                        2. 2

                                          My understanding is that OpenGL is a pain to use in general, not just cuz of driver stuff but that the API itself is not something that (notably) game developers enjoy using.

                                          So there aren’t too many people going to bat for OpenGL

                                          1. 1

                                            I thought that Vulcan is supposed to be the new “one 3D graphics API to rule them all”?

                                            1. 3

                                              Not without Apple’s buy-in it won’t be.

                                            2. 1

                                              Moving to CMake seems like the smart move

                                              I’m a little disappointed that they’re dumping QBS development on the “community”. My impression is they went straight from “Technology preview” to “We’re not going to continue developing QBS because noone’s using it” without any sort of “QBS is ready now, please try it” announcement.

                                              1. 1

                                                Aren’t you supposed to be able to throw away prototypes?

                                                1. 1

                                                  Absolutely, but not with the justification that customers weren’t using them.

                                                  Edit: “details” can be found in this mailing list thread if you’re interested: https://lists.qt-project.org/pipermail/development/2018-October/thread.html#34023

                                            1. 3

                                              I’m at SIGGRAPH this week! If any other graphics lobsters (or geo-ducks) want to grab a coffee or something you should message me.

                                              1. 1

                                                Generally, there’s a way to ‘work-around’ warnings like that on a case-by-case basis. For instance, [[fallthrough]] (or __attribute__((fallthrough))) for fallthrough in switch; or if ((a=b)) instead of if (a=b). Will there be such a thing for this? If what I actually want is 2^32? I saw proposed in the thread that the warning shouldn’t be present for hex/binary literals, but I don’t consider that a full solution.

                                                1. 2

                                                  If what I actually want is 2^32?

                                                  2^32 == 2 | 32, so why not just use the latter?

                                                  1. 1

                                                    10^7 != 10|7, so what do you do there?

                                                    1. 2

                                                      It’s 13.

                                                  2. 2

                                                    It is hard for me to imagine a use-case for 2^32, and very easy for me to imagine use cases for 1 << 32; when are you thinking you would use int-constant '^' int-constant? I could see xor-ing bitfield flags or something, but then usually you’re doing something like MASK1 ^ MASK2 using names instead of literals.

                                                    1. 1
                                                      #include <stdint.h>
                                                      #include <stdio.h>
                                                      int main() {
                                                         printf("%u\n", UINT32_MAX);
                                                      }
                                                      
                                                    1. 2

                                                      This is great, I’ve wanted something like this for almost a decade!

                                                      1. 2

                                                        I love the word “hobbiest” in the print ad; it feels like they’re trying to distinguish it from the others, which are presumably not as hobby as the hobbiest one.

                                                        1. 1

                                                          There seems to be no way to open/close the details element based on display dimensions (css media queries), which is a real shame.

                                                          My intent is to have a collapsible navigation (nav) element that only defaults to opened, when there is enough space. My current approach is using a heavily styled/misused checkbox elemen with onclick event handling, which feels a bit wrong to me

                                                          1. 1

                                                            You should be able to do the checkbox hacks method with no JS (clickable area is a label, checkbox itself is adjacent to the bit that needs unrolling). Pretty yuck though.

                                                            1. 1

                                                              I did that with just CSS before, following some online guide. It works, even if it feels hacky.

                                                              But at least there is no JavaScript.

                                                              1. 1

                                                                Ah, true. But still a bit meh :)

                                                              2. 1

                                                                Another Bad Hack you could do is put the same content in a details tag and a <div class=nodetails>, and use a media query to display:none either details or .nodetails depending on browser size, but that also kind of sucks, because now you’re sending two identical copies of the same data.

                                                                1. 1

                                                                  It’s just a tiny navigation element. I’ll consider it. Thanks.

                                                              1. 3

                                                                I am really not a fan of the “considered harmful” trope that people seem to love now, and the reasons presented here (matching ASR and a vague notion of “singularity”) are not motivations I find especially convincing, but I do agree with the pragmatic reasoning in the appendix thing: floored division/modulus makes array indexing a lot easier. I end up doing a lot of

                                                                int idx = v % list.size();
                                                                if (v < 0) v += list.size();
                                                                return list[idx];
                                                                

                                                                When it sure would be nice to do list[v % list.size()]. I do wonder what the reasoning behind the default of symmetric division is; this article doesn’t get into it much, only focusing on the downsides, but I feel like smart people made this decision and they must have had their reasons, too.

                                                                1. 4

                                                                  Personally I use floored division - but I get the reasoning. This will be surprising to some people:

                                                                  Math.floor(-7 / 3);
                                                                  -3
                                                                  

                                                                  versus the current status quo:

                                                                  Math.trunc(-7 / 3);
                                                                  -2
                                                                  
                                                                  1. 2

                                                                    Oh right, of course. Put another way, symmetric division has the property that it is the truncation of the proper real-number result, because truncation as an operation “rounds” towards zero. Thanks!

                                                                1. 2

                                                                  One thing that hasn’t really been mentioned yet is Apple’s deprecation of OpenGL; when you’re playing catch-up (like MacOS is in the desktop gaming market), a good way to scare developers off is to signal that your distant-second platform is going to require more maintenance than the one most of your players are probably already using. Whatever you think about the reasoning behind the OpenGL deprecation, I think it’s bad dev-marketing to signal that you’re willing to get rid of really core APIs. It’s kind of similar to the complaint often lodged against Google when they shut down products: if you’re willing to shut this down, why would I trust you to not shut down the next one?

                                                                  Meanwhile in Windows-land, the APIs are rough around the edges and there’s a million ways to do everything because of all of the built-up cruft, but I can still run Age of Empires 2, a game that came out 20 years ago, on my Windows 10 machine. It’s definitely a different philosophy and there are reasons to prefer both, but I can certainly see the appeal of Windows’s strategy for game devs.

                                                                  1. 4

                                                                    I’m so excited for this. WSL is great, but I’ve gone through four or five different third-party console applications and none of them have been quite as good as my favorite terminal emulators from Linux-land; I just want a bare-bones, good-looking window, and most Windows consoles only give me one or the other (who wants two toolbars full of icons on a console?!). Here’s hoping Microsoft delivers!

                                                                    1. 6

                                                                      Ditto. cmder comes closest, but a good shell can’t hide the underlying suck that is the Windows CONSOLE in all its MSDOS compatible glory.

                                                                      1. 2

                                                                        I’ve enjoyed using mintty with WSL. It’s been able to handle most of my cases well (fancy colors/italics/relatively low latency).

                                                                        1. 1

                                                                          Yes but can it handle cutting and pasting huge multi-page blocks of text without falling on its face?

                                                                          1. 3

                                                                            I regularly cut multiple page log outputs (stdout), and paste large chuncks of text into vim. I’ve not experienced any problems.

                                                                            1. 2

                                                                              That sounds like an XY problem. If you need something like that you should probably be using a file input, or redirecting the clipboard to standard input, or writing a script. I’m not excusing slow terminals but there is just not a good use case that I can think of, where pasting a big chunk into terminal is the best way to do it.

                                                                              1. 1

                                                                                I agree totally, this is a particularly sub optimal workflow which I have no choice but to use. We’re working to get away from it but for now we’re stuck.

                                                                                1. 2

                                                                                  Why not a windows equivalent of pbcopy on MacOS? You can pipe anything to it and it goes straight into your C&P buffer.

                                                                        2. 3

                                                                          Alacritty worked great for me, and it is the same terminal emulator as everywhere

                                                                          1. 5

                                                                            I had no idea alacritty worked on Windows! That’s what I use on Linux and I love it. Thank you thank you myfreeweb :)

                                                                        1. 4

                                                                          If it’s a reputable organization, they’re serious about hiring, and you want this position then do the exercise.

                                                                          I ask folks all the time in interviews how’d they build something practical that I’m currently in the process of building. Or more precisely I’ll ask about a difficult piece. I want to know how the applicant thinks compared to myself.

                                                                          Now I don’t believe in giving homework. Any coding/design exercises done onsite.

                                                                          1. 1

                                                                            That makes sense to me, and I’ve done the same as an interviewer. I was willing to go with the questions that they asked me during the interview, because I understand that I need to demonstrate my expertise. I wonder, though: do you feel like there’s a line where that sort of questioning (pointed “how would you solve this problem that we’re stuck on” type questions) becomes unethical, or at least questionable?

                                                                          1. 35

                                                                            If they want you to do consulting as part of your interview, they can pay.

                                                                            1. 8

                                                                              This is how I feel as well. I emailed them saying basically this: that I would be happy to prepare the presentation for my standard consulting rate. We’ll see what they say.

                                                                              1. 3

                                                                                This is what we do in our hiring process. We give the candidate 3 options:

                                                                                • Pair-program/discuss a side-project of their own
                                                                                • Pair-program/discuss our codebase (which is open-source)
                                                                                • Pair-program an exercise like exercism.io (with follow-up discussion) We still didn’t decide on paying the other two, but we pay for the work they do on our project.
                                                                                1. 3

                                                                                  This sounds fun, please interview me lol

                                                                                  Honestly, I have found that companies that offer a slew of offerings like this are usually have some of the best workplace cultures.

                                                                                  1. 2

                                                                                    I definitely feel like we do. The tech team is remote and it’s still early-days in building team culture (company is around 18 months old), so we have a lot of challenges ahead.

                                                                                    1. 2

                                                                                      Good luck!

                                                                              1. 8

                                                                                For the next two days, I’m gainfully unemployed, and then on Wednesday I’m starting a new job writing Kotlin for a small nonprofit, which will be a pretty big shift from my past few years of professional experience mostly writing CRUD apps in Java for large for-profits. Today has been mostly relaxing with a few household chores thrown in; tomorrow I think will be bootstrapping my knowledge of Kotlin (which I’ve never used before), with a few household chores thrown in.

                                                                                In the spirit of giving and receiving advice, I’d like to offer: even if you’re happy with your current job, it’s worth it to look periodically at openings. I was happy with my previous job, but I’m far more excited about my next one. And I’d like to ask: what do people recommend when starting a new job? Little rituals, ways of making introductions or reigning in anxiety? I don’t have any plans more concrete than showing up, getting my laptop set up, and trying not to make an ass of myself in front of anyone who doesn’t know me yet.

                                                                                1. 4

                                                                                  How does one find a job at a non-profit, any tips? I think it would be a good job for the soul. Good luck with your new start :)

                                                                                  1. 5

                                                                                    Thanks! In my case, it was “know people who are there, and apply”. The application process was not meaningfully distinguishable from that at the for-profit companies I’ve applied to. Based on what I’ve seen so far, I think my advice would be to find organizations you like and then check their job listings, like you would do with a for-profit entity.

                                                                                  2. 3

                                                                                    I have a plant and a keyboard that follow me from desk to desk when I change jobs, I find having a little bit of familiar desk detritus makes a new place feel less imposing!

                                                                                    1. 2

                                                                                      My keyboard and mouse will come on Thursday; I like to scope out my workspace before I haul them in. I have a goofy funko pop Vivec who watches over my desk, but I should get an office plant. My jade tree at home has a bunch of seedlings I could repot.

                                                                                    2. 2

                                                                                      Altruism. Congratulations!

                                                                                      I’m planning to do the same. To find a non-profit where my design and development skills would be more useful than now, when they serve profit. Right, website selling ads.

                                                                                      Any tips where to look at? Thanks :)

                                                                                    1. 10

                                                                                      Interesting that Zig is now specified with a PEG!

                                                                                      https://ziglang.org/documentation/0.4.0/#Grammar

                                                                                      https://github.com/ziglang/zig-spec/tree/master/grammar

                                                                                      Congrats on the release – it looks like there is a ton of momentum on the project!

                                                                                      1. 8

                                                                                        And not just any PEG; a delightfully short one. It’s so nice when languages have simple grammars.

                                                                                      1. 6

                                                                                        Applying for jobs :( My company is going out of business in slow motion (CEO just went to prison, company has run out of money, people are being asked to work for free) so I’m pretty much a full-time job seeker now. I hate to be That Guy, but if anyone is looking for a person who knows software engineering, graphics and geometry really well, message me!

                                                                                        1. 5

                                                                                          Cross comment from HN:

                                                                                          Show us the server: https://github.com/keybase/client/issues/6374

                                                                                          1. 7

                                                                                            this is not really relevant to the security claims in the article IMO. It is important separately of course.

                                                                                            1. 6

                                                                                              I would love it if drive-by passive aggression like that comment from HN stayed on HN.

                                                                                              1. 12

                                                                                                That was painful to read. Such entitled attitudes.

                                                                                                1. 2

                                                                                                  yep, and unfortunately some of them come from lobsters.

                                                                                                2. 7

                                                                                                  This is important, IMHO. At this point keybase is yet another walled garden. Investing in them means that you are subjected 100% to their whims and future success (or lack thereof). It’s painful when your communication is shut down because a company decided to go do something else, or close up shop.

                                                                                                  1. 4

                                                                                                    It isn’t. If the claims are true, that things are encrypted on the devices, which they seem they are (and the source is open source) then it doesn’t matter what happens on the server from a security perspective.

                                                                                                    1. 1

                                                                                                      Nope, it definitely is. You may be able to recover your data, but you’ll then be searching quite urgently for a service to replace it since the proprietary server stuff is unavailable.

                                                                                                  2. 2

                                                                                                    How about you spend 8 hours a day and make a great library that Keybase will really want to use in their backend, and make your library use GPLv3. Then they will have to open source.

                                                                                                    That’s not true. If the backend is not distributed to anyone then it would not need to be open source.

                                                                                                    1. 1

                                                                                                      Is this also true of the AGPL?

                                                                                                    2. 0

                                                                                                      I don’t have a clear understanding of how keybase server works. Can someone provide details.

                                                                                                      1. 2

                                                                                                        https://keybase.io/docs/server_security has details about what the server is responsible for, and what clients trust and verify from them.