1. 4

    GoBlog in and of itself would’ve been a more interesting submission, IMO. Looks like it supports ActivityPub, neat!

    1. 1

      Yes, it does! ActivityPub was kinda hard to implement and debug due to all the signing stuff.

    1. 2

      This is a really interesting project! It boggles my mind to think how I would use this to type though.

      What do people use chording keyboards for in practice?

      1. 6

        What do people use chording keyboards for in practice?

        Stenography, mostly.

      1. 14

        I just launched my first big side-project: https://forlater.email — an email-based bookmarking service! Going to add some more features for it over the weekend, and write up a quick blog post on the technical details behind it.

        1. 1

          Congrats

          1. 1

            Looks pretty cool!

          1. 1

            I didn’t see how this new setup, as good as it is (and it does appear to be a good set up) solves the initially stated issue of when employees leave and revoking their OpenVPN certificates? The same would still have to happen here, albeit just with a more friendly web interface. Does Tailscale support integration with things like Yubikeys (or other similar devices)?

            1. 5

              There is no “revoking” certs. We just deprovision their GSuite account and we’re done.

              1. 3

                The great thing a out Tailscale is that they do all authentication via external services like Google or even GitHub.

                While you can easily forget to revoke a client cert (plus: certificate revocation is still tricky), you probably won’t forget to revoke GitHub org access.

              1. 3

                Company: DeepSource

                Company site: https://deepsource.io

                Positions:

                • Software Engineer, Platform Engineering (Go, Python, Vue/Nuxt)
                • Software Engineer, Static Analysis (specialized in any one of: Rust, Ruby, Java, JS, C#, etc.)
                • See https://careers.deepsource.io

                Location: ONSITE: Bangalore, India; non-engineering roles in San Francisco, US

                Description: DeepSource is a platform for automated code reviews using static analysis; backed by Y Combinator.

                We build and maintain a bunch of in-house analyzers for various languages (Go, Ruby, JS, Rust (coming soon!), Python, Java, etc.) We solve a lot of exciting engineering problems on the daily — from PLT mumbo jumbo to building reliable and efficient systems to run our various analyzers.

                Tech stack: Most of the platform services are in Python and Go. Static analysis tools are well, in their own languages. Everything runs on Kubernetes.

                Contact: You can apply through the careers page linked above, or email me: anirudh@deepsource.io. I’ll pass on your details. Feel free to email me if you don’t see a role that you’d like.

                1. 2

                  Excellent post! I absolutely love writing bash—you can do some very golfy stuff with it. I’ve written shlide, a pure bash presentation tool. There’s a lot of funky shit in there, that you might find interesting.

                  1. 3

                    Used this for a few presentations during my internship, excellent tool! You can get very creative with shlide and a Quake-style terminal, my code demos turned out awfully smooth. :)

                    1. 1

                      That’s awesome to hear. ;)

                    2. 1

                      Fab, definitely going to check it out, the name has me hooked already! :)

                    1. 18

                      No doubt a couple of readers will be thinking “well this is what Apple/proprietary software is like, what did you expect?” I’m extremely familiar with that argument and I don’t like it very much.

                      You may not like it, but it’s happening and you can’t change it, however many blog posts you write about it. The walls are closing in, and your only out is running nonproprietary, free software. Simple as.

                      Among the many restrictions on iOS which make life difficult for developers I can usually see a direct reason why this helps the end user in some way. Often it’s related to privacy or protecting their battery from runaway apps.

                      No, don’t try to spin this any other way. It is exactly what it is — a bigcorp exercising their power and locking you in.

                      1. 24

                        your only out is running nonproprietary, free software. Simple as.

                        I’ve come to view this perspective as a cop-out. It’s trivially, banally true. It lets you be right without putting in the work to understand the needs of people for whom computers are only a means to an end. If I recommend iOS to someone they can’t install an untrustworthy browser extension, they can remove any app they dislike and it will be gone, and they will be reliably prompted to get security updates for approximately the working lifetime of their device. Walled gardens must be understood as both a blessing and a curse, or they are not understood at all.

                        As for me, as a nerd, I’m mostly de-appled now because I can see what’s going on.

                        1. 11

                          It’s trivially, banally true. It lets you be right without putting in the work to understand the needs of people for whom computers are only a means to an end.

                          As for me, as a nerd, I’m mostly de-appled now because I can see what’s going on.

                          I think it has value even for nerds. Computer scientists want to write compilers, not shell scripts.

                          1. 7

                            Even software engineers want their computer/phone/blah to not randomly start BSODing/be overtaken by malware/what’s that, you apt upgraded? hope you don’t mind wasting a morning on getting the nvidia kernel module working again!/etc. on a good day. I just want to be productive and then do something nice.

                            1. 2

                              How long ago have you used free software? 20 or 30 years? ;)

                              1. 4

                                About 20 years now, yes. I do not know what your point is.

                          2. 3

                            Totally agree. However, there’s different levels to this. Google, for all their flaws, actually strikes a pretty good balance here a lot of the time. On e.g. Android installing from non-Play Store sources is disallowed by default, but can be enabled after you get a warning from the device. On the hardware side Pixel devices are secure by default but bootloader unlocking is an officially supported feature (even if whatever you do next isn’t), and Chromebooks have developer mode for the same purpose.

                            The problem isn’t walled gardens. The problem is walled gardens without doors. Nothing you just mentioned is incompatible with giving the user choice, behind scary warnings, because the user is always free to pay attention to the warnings and keep the restrictions turned on.

                            (Edit: missing word, typos)

                          3. 10

                            The walls are closing in

                            Ah yes. Apple are terrorists who hate our freedoms and hate us because we are free! That is why they are waging a War on General-Purpose Computing! Tim Cook holds meetings every day asking his staff how the “destroy all freedom everywhere and ruin everyone’s computers while you’re at it” project is going. And when new employees ask why, he lectures them on how freedom is evil and must be ended.

                            Or… this is probably going to end up having a fairly boring explanation to do with security policies and threat models whose prioritization you and Apple don’t agree on. But it gets more upvotes when you spin it the other way, same as how the “War on Christmas” plays well on cable news despite being objectively as real as the “war on general-purpose computing”.

                          1. 17

                            I tried this and it actually is pretty darn fast. Coming from completion-nvim, it’s a massive difference in speed. If only the author licensed it properly

                            1. 19

                              Everything about this ‘edgy’, meme marketing reeks of immaturity – down to naming it Coq right after news of Coq realizing it probably needs a new name. While there is room on the scale for more fun/serious (no, putting emoji in the docs or CLI is not ‘fun’), I think this well overshot into gawdy and something I can’t take seriously.

                              1. 8

                                I’m not a huge fan of the copy, but it is pretty good software so I’ll judge it by that metric.

                                1. 5

                                  I wouldn’t want to raise an issue or collaborate with the project though

                                2. 3

                                  Very edgy. I respect the author’s choice to represent their project however they like, but it all comes across very unprofessional to me. Profanity aside, the commit log alone makes me wonder about the quality of the project.

                                  1. 6

                                    I don’t get why professionalism matters here? This is a personal project they made in their spare time and released for other people to use if they want. There’s nothing professional about it.

                                    1. 6

                                      Profanity aside, the commit log alone makes me wonder about the quality of the project.

                                      Ouch… I just took a look at it, and yes, I understand your reluctance… I never look at the commit log of projects to assess their quality, now I’m thinking that I should start doing that.

                                      Thanks for saying this!

                                      1. 4

                                        I think icy’s point is a good one. If its good software, then who cares. The commit log being organized says nothing about the quality of the software. If the author is working on a thing primarily by themselves, then it doesn’t matter too much if the commit log is clean as they are the only ones that are hurt by it.

                                        If the software solves a problem, then that’s a worthy reason for its existence imho

                                        1. 2

                                          You’re welcome! The log certainly isn’t the only indicator of project quality, but when the readme concerns me I like to check the logs.

                                          1. 1

                                            The r/vim sub didn’t take kindly either https://redd.it/p5931v considering it’s Neovim only and the react doesn’t inspire confidence

                                            1. 1

                                              If it’s good software, isn’t that evidence you should care less about the commit log?

                                              1. 5

                                                Reading commit logs is a great first step towards contributing to the project. Whenever I’m learning how a project works, often times I’ll look at the log messages, especially when I want to run git blame or git annotate.

                                                Proper log messages not only help others, but yourself, too. I’ve forgotten a lot of the code I’ve written over the period of my hobbyist/career. I’ve needed to go back and make changes to code I’ve written. So that I can provide the best fix possible, it’s helpful to understand the “why” of a commit. The changes a commit produces the “what” and log messages (should) provide the “why”.

                                                1. 2

                                                  None of that is an argument for why a chaotic commit log is evidence that a project is not good or that the software is bad

                                                  1. 2

                                                    That’s not the point I was making.

                                          2. 2

                                            Moreover… I don’t know if you understand French but “gawdy” is probably a good adjective to describe the linked video at the beginning of the readme.

                                          3. 8

                                            I wrote a github comment on that license issue: https://github.com/ms-jpq/coq_nvim/issues/15#issuecomment-900956033

                                            Usually I don’t care too much, stuff like the WTFPL is a bit stupid but ultimately mostly harmless. But this “license” is really dangerous and could end up getting people hurt, if any part of it turns out to be enforceable.

                                            1. 4

                                              Yeah this neovim completion engine has me shaking in my boots.

                                              I find it all refreshing that this guy doesn’t care about using his github as a linkedin or about people who think his license is dangerous.

                                              1. 2

                                                Are you making fun of the idea that giving up your rights to sue anyone ever can be dangerous? I don’t think I’m understanding you.

                                                1. 3

                                                  Interpreting this as “can’t sue for any reason ever” should definitely and obviously be unenforceable right? If that could ever work, that’s not an issue with the license, rather that’s a huge issue with the legal system in question.

                                                  1. 3

                                                    I mean, I agree. It’s probably not enforceable. But I don’t know, I’m not a lawyer and neither is the author - and I’d not be willing to test it.

                                                    I have a lot of confidence that the “you can’t sue me” part of the license is unenforceable, so users of software under this license are probably safe. I assume. Again, not a lawyer. But the part where the license author promises not to ever sue the licensee? I have no idea how that works in court. Could a lawyer argue that the author of the license didn’t know what they were doing so that the license he wrote doesn’t apply to himself? Are there other protections in place to protect license authors from themselves? I really, really wouldn’t want to find out if I was in his shoes.

                                                    If there are any lawyers out there who could bring some clarity to this, I’d love to hear it. But the obvious practical solution is to pick a real license.

                                                  2. 2

                                                    Yes

                                              2. 6

                                                It has now been relicensed as GPL v3

                                                1. 2
                                                  1. 1

                                                    Have you compared it to coc-nvim?

                                                    1. 2

                                                      No. I’m using Neovim’s built in LSP.

                                                  1. 10

                                                    FWIW, I’ve personally enjoyed email hosting by Migadu.

                                                    1. 1

                                                      Same here. Switched after self-hosting mail for a couple years. Can absolutely recommend Migadu.

                                                      1. 1

                                                        I’m the author of the post. I hadn’t heard of Migadu before, but it almost looks like it would work. The only issue is their Micro plan ($19/year) only allows 200 inbound emails per day. I guess that may not be an issue most of the time, but there are days where I receive more than 200 emails. The inability to control how much inbound email you are receiving makes me hesitant to use such a service.

                                                        1. 3

                                                          I also use migadu for a family account. The thing I really like about it is that you can add as many accounts as you like for your domain: this@my.domain, that@my.domain, theother@my.domain, it’s so nice.

                                                          But yes, the 200-in limit has been my concern too. I subscribe to a few mailing lists and have a worry that one day some big heated mailing list conversation will put me over. This FAQ answer suggests they are lenient and that emails won’t actually be lost (assuming senders follow correct email practices!), but my tentative plan has been to wait and see if I ever get a warning email, and upgrade to the next tier if it becomes an issue. It hasn’t so far, after a year or so.

                                                          1. 3

                                                            For what it’s worth, it’s not a hard limit. They won’t block the 201st email — if it’s a recurring thing, they’ll ask you to upgrade. This is mentioned in their docs, somewhere. cc @jeremyevans

                                                            1. 1

                                                              I checked and it is in their documentation. So maybe that would have been a simpler option. I might have switched to Migadu instead of using a VM if I had known about it first. I think the only issue is the next level up from the $19/year plan is the $90/year plan, which is a pretty significant jump. But for someone who isn’t likely to go over their limits, Migadu looks like a really nice option.

                                                              1. 1

                                                                It’s mentioned in the FAQ answer I linked to

                                                                1. 1

                                                                  Ah, didn’t notice you’d done that.

                                                              2. 1

                                                                Re: using multiple addresses at the same domain:

                                                                Which email client(s) do you use? Last time I checked, Thunderbird doesn’t put design thought toward this use case. As such it is clunky to use for sending emails from different addresses.

                                                                I’m on Evolution now, but always looking for better options.

                                                                1. 1

                                                                  I primarily use mutt, which I have configured with 4 different email accounts: 1 work, 1 gmail, 2 migadu. So I don’t actually send from different addresses exactly (although I think that is easy to do in mutt), but have commands which switch me completely to a different account and inbox.

                                                                  But what I meant about migadu is not that they give you multiple email addresses to send to and from within your domain, but that they let you add as many accounts as you like within that domain. So my daughters get their own email addresses and passwords and can sign into them on whatever mail client they like. And I can give these out to as many of my family as I like (the domain is a play on our surname), as long as I don’t hit the 200/20 limit.

                                                              3. 2

                                                                Thanks for posting your setup. I’ve been sniffing at things adjacent to this for a while, looking at some other providers for SMTP. mailroute was the one that had looked most promising, but their definition of a “user” would have had me paying heavily for all the aliases I use, so I had not made the jump yet. Tuffmail’s EOL is going to force my hand.

                                                                Right now, I’m deciding between Migadu and a setup similar to what you’ve done. I had almost given up on the self hosted setup. Sendgrid could work for me, though. My only heartburn about it is, if they decide to kill off their free plan, it’s a huge jump up to $15/mo while I work out an alternative. Where I’d be flirting with the 200 in/day limit on Migadu, the jump up to the next tier isn’t as nasty if I need to do that.

                                                                1. 2

                                                                  Really sad to hear about Tuffmail. They were truly the best option.

                                                            1. 24

                                                              This is getting tiresome. It’s always the same points rehashed. Why beat the same dead horse?

                                                              1. 12

                                                                Because they are beating a dead horse and ignoring that Go is an excellent pony.

                                                                Many languages are weak at limiting ever expanding dependencies and build times. Go addresses this, and also has an excellent deployment story.

                                                                Go was created partly out of frustration with C++ within Google and addresses many things that takes years to see that are problems in the first place.

                                                                1. 6

                                                                  This. Go does a lot of things wrong, but it got so much things right, ebough to make itself relevant.

                                                                  1. 6

                                                                    … addresses many things that takes years to see that are problems in the first place.

                                                                    Very eloquently said. Throwing the kitchen sink into a language means supporting a ton of problematic patterns and footguns.

                                                                    For example, even though I think everyone, even in the Go community, accepts that generics are pretty useful, doing them well means trade-offs. When you’ve seen some of the bizarre ways people abuse them in C++, it should give you pause that they’re always-good-no-caveats. Which is why the Featherweight Go paper that forms the model for Go’s eventual generics plan is heartening — it may not be perfect either, but it applies some wisdom to the right way to go about it without jumping into the deep end.

                                                                    1. 4

                                                                      C++ templates are also unusually terrible as far as templates go. I don’t think this is a strong argument.

                                                                      I think this is less “Templates let you write really bad code” and more “C++ lets you write really bad code with templates.” For instance, D templates are much nicer - and more powerful.

                                                                  2. 9

                                                                    This is getting tiresome. It’s always the same points rehashed. Why beat the same dead horse?

                                                                    As someone who changed languages from PHP to Go, after all these years I … still have no clue why people feel the need to do that.

                                                                    But I’ve learned to smile. In my imagination I pat the “smart” developer on the head and just continue with my day. You know, making useful stuff that people like. If people need to vent, let them vent. But don’t take a blog post as gospel, just because it contains a lot of strong opinions.

                                                                    1. 6

                                                                      Why beat the same dead horse?

                                                                      Usually because someone is forcing them to write Go and the terrible pain it causes them squirts out in a blog post.

                                                                      1. 3

                                                                        I do not see how anybody is “forced” to write Go. The market is so hot right now that anyone can just switch jobs if they are forced to program in a language they do not like.

                                                                      2. 2

                                                                        It looks like the author is a D-lang person.

                                                                        You know the meme, about D programmers, misunderstood who think their language is the best, etc.

                                                                      1. 17

                                                                        I know the author doesn’t want to use Tailscale, but they’re really, and I can’t stress this enough, really good. However, I understand that cost is a concern — perhaps headscale, an open source reimplementation of the coordination server (the proprietary stuff in Tailscale) can possibly be used instead.

                                                                        1. 1

                                                                          Or you can use good old OpenVPN. For remote access to a university network it’s more than sufficient. It’s an old, somewhat clunky tool, but it does the job.

                                                                          1. 7

                                                                            Most VPN technology, OpenVPN included, has the idea of ‘sessions’. Sessions are great in some ways but not great in others, because sessions can get broken and then you have to start over, which can often cut off any existing connections you have over the VPN session (such as ongoing ssh connections). WireGuard is appealing partly because it is completely session-less (and as a result can roam freely; your client can shift IPs without the WireGuard connection exploding). If we could provision WireGuard, I suspect this would make it a better experience for some of our users.

                                                                            (I’m the author of the linked-to entry.)

                                                                            1. 3

                                                                              I’m not sure I know exactly what problems you’re trying to solve, but you might be interested in innernet as a self-hosted wireguard provisioning option.

                                                                              1. 1

                                                                                What do you think of

                                                                                https://github.com/seashell/drago

                                                                                1. 2

                                                                                  Something like Drago could eventually automate provisioning clients, but it’s hard to tell how it will evolve as it gets developed more, and the tricky (and time consuming) bit is supporting a UI and integration with WireGuard clients on all of the major platforms (Windows, macOS, iOS, Android, and ideally Linux). Drago also seems to support more flexibility than we’d use, which might be a drawback in practice.

                                                                              2. 3

                                                                                For some reason, I can’t get OpenVPN to generate wireguard certs.

                                                                                And for that matter, OpenVPN usually relies on a local CA to generate OpenVPN certs, which is an exciting premise of its own.

                                                                                1. 1

                                                                                  wireguard used to have a line like “Don’t even attempt to generate anything with non-wireguard tools” - which at the point was really annoying for one use case I had…

                                                                            1. 6

                                                                              This is so cool. I had no idea I could extend bash this way. Will be really fun to see if this can be extended to higher level languages too.

                                                                              1. 5

                                                                                I’m glad you enjoyed the post and I’m also glad to hear you had not heard of Bash’s custom builtins before. As I mention at the end of the post I would love to see more builtins being built and improvements in how you deploy a custom builtin along with your Bash code.

                                                                                1. 2

                                                                                  I’ve worked with my fair share of Bash, leaning on it rather often, and I too didn’t know about this! Thanks for sharing this info!

                                                                              1. 6

                                                                                I get the point of these arguments and I feel for your views, but the overall market has just changed from creation to consumption. The average person really doesn’t care what their computers run as long as they’re able to work with the restrictions that are put on them (use these apps, talk to these people, socialize here, etc). I get the philosophical point about free software being a moral imperative (this is something I whole-heartedly agree with) but overall that doesn’t pay the bills. You can’t exactly make rent purely on doing the right things or giving things away with nothing in return. It’s not economical, unfortunately. I really wish this wasn’t the case but the “starving artist” trope exists for a reason.

                                                                                1. 2

                                                                                  That’s not entirely true. Drew DeVault is a good example of using, building and making a living out of free software. He’s proved that it can, in fact, pay the bills.

                                                                                  1. 2

                                                                                    His software caters almost exclusively to other developers, so, far from “the average person” as a market.

                                                                                1. 7

                                                                                  Discord basically already serves this function with how easy it is to spin up and invite people to servers. Spawning channels within the server to focus on specific topics keeps the conversation focused. Sure, people frequently get invited to or join servers that are just too noisy to function, and they invariably get all traffic muted (and therefore fall into disuse) but I’m on a handful of servers that are just friends and they manage to keep my attention.

                                                                                  There’s stuff in this post that just doesn’t matter to people.

                                                                                  Per the post:

                                                                                  you control the computer that runs the site

                                                                                  you can modify the software that powers the site

                                                                                  you get to make the rules and policies

                                                                                  Nobody (at large) gives a shit about those first two things. Some of my friends might be convinced to get on some of the self-hosted social media options, but only because I bully them into it, not because they care that I would be the one administrating it. People really only need the third point, and discord already provides that agency. Any platform that lets you self-congregate does.

                                                                                  The main reason to run a small social network site is that you can create an online environment tailored to the needs of your community in a way that a big corporation like Facebook or Twitter never could.

                                                                                  You know what the needs of my community are? Posting text, links, and images. End of list. I’m sure there’s some communities out there with specialized needs, but I’d be interested to hear why existing solutions don’t meet them.

                                                                                  Your small social network site can have its own rules about, for example:

                                                                                  what speech is acceptable

                                                                                  what actions are considered violence

                                                                                  what actions are considered protected speech or expression

                                                                                  Ah. I see where this is going.

                                                                                  1. 6

                                                                                    Discord basically already serves this function with how easy it is to spin up and invite people to servers.

                                                                                    I read the Discord privacy policy when LLVM started talking about it and there’s absolutely no way that I’d agree to it. Discourse is a lot better in this regard: the privacy policy for hosted instances is pretty reasonable and the system is open source so you can run your own if you disagree with it.

                                                                                    1. 9

                                                                                      Ah. I see where this is going.

                                                                                      And where’s that? I think that’s the best part about running your own social network. Discord on the other hand, is known to censor — both users, and entire communities that they deem as “bad”. They can literally nuke your “server” (that word still gets me) off the site without reason.

                                                                                      1. 4

                                                                                        I’m going to go out on a limb and guess the communities they deem “bad” aren’t “bad” in scare quotes, but actually bad and harmful communities.

                                                                                        Like, say, this kind.

                                                                                        1. 8

                                                                                          If you want an example of the company’s moral code getting in the way of non-hateful communication, I have been personally affected by Discord’s ban on game hacking discussion & promotion.

                                                                                          I would hardly call distributing trainer programs harmful.

                                                                                          Ultimately, it’s their platform. I still use Discord regularly, and it’s easy to convince an already-technical group to switch to Matrix, which works just fine.

                                                                                          1. 3

                                                                                            Would you say most NSFW communities are bad and harmful? Because Discord censors them on iOS. (Telegram doesn’t, there is a switch on Telegram Web to enable this kind of content on iOS.)

                                                                                      1. 4

                                                                                        I like how systemd brings all these features, but I don’t like how this makes this not portable to other operating systems, as systemd only supports Linux. I know that not all operating systems support all the underlying features needed by systemd, but I believe it is a shame to be Linux-centric.

                                                                                        I am not a user of non Linux-based operating systems myself, but I prefer having common standards.

                                                                                        1. 22

                                                                                          Personally, I’m completely fine that Systemd-the-init-system is Linux-only. It’s essentially built around cgroups, and I can imagine reimplementing everything cgroups-like on top of whatever FreeBSD offers would be extremely challenging if at all possible. FreeBSD can build its own init system.

                                                                                          …However, I would prefer if systemd didn’t work to get other software to depend on systemd. It definitely sucks that systemd has moved most desktop environments from being truly cross platform to being Linux-only with a hack to make them run on the BSDs. That’s not an issue with the init system being Linux-only though, it’s an issue with the scope and political power of the systemd project.

                                                                                          1. 11

                                                                                            The issue is that it’s expensive to maintain things like login managers and device notification subsystems, so if the systemds of the world are doing it for free, that’s a huge argument to take advantage of it. No political power involved.

                                                                                            1. 6

                                                                                              With politcal power I just meant that RedHat and Poettering have a lot of leverage. If I, for example, made a login manager that’s just as high quality as logind, I can’t imagine GNOME would switch to supporting my login manager, especially as the only login manager option. (I suppose we’ll get to test that hypothesis though by seeing whether GNOME will ever adopt seatd/libseat as an option.)

                                                                                              It’s great that systemd is providing a good login manager for free, but I can’t shake the feeling that, maybe, it would be possible to provide an equally high quality login daemon without a dependency on a particular Linux-only init system.

                                                                                              I don’t think the “political power” (call it leverage if you disagree with that term) of the systemd project is inherently an issue, but it becomes an issue when projects add a hard dependency on systemd tools which depend on the systemd init system where OS-agnostic alternatives exist and are possible.

                                                                                              1. 5

                                                                                                Everybody loves code that hasn’t been written yet. I think we need to learn to looks realistically at what we have now (for free, btw) instead of insisting on the perfect, platform-agnostic software. https://lobste.rs/s/xxyjxl/avoiding_complexity_with_systemd#c_xviza7

                                                                                          2. 18

                                                                                            Systemd is built on Linux’s capabilities, so this is really a question of–should people not try to take advantage of platform-specific capabilities? Should they always stay stuck on the lowest-common denominator? This attitude reminds me of people who insist on treating powerful relational databases like dumb key-value stores in the name of portability.

                                                                                            1. 5

                                                                                              I believe the BSDs can do many of the things listed in the article, but also in their very own ways. A cross-platform system manager would be some sort of a miracle, I believe.

                                                                                              1. 9

                                                                                                The big difference is that systemd (as well as runit, s6, etc.) stay attached to the process, whereas the BSD systems (and OpenRC, traditional Linux init scripts) expect the program to “daemonize”.

                                                                                                Aside from whatever problems systemd may or may not have, I feel this model is vastly superior in pretty much every single way. It simplifies almost everything, especially for application authors, but also for the init implementation and system as a whole.

                                                                                                A cross-platform system manager would be some sort of a miracle, I believe.

                                                                                                daemontools already ran on many different platforms around 2001. I believe many of its spiritual successors do too.

                                                                                                It’s not that hard; like many programs it’s essentially a glorified for loop:

                                                                                                for service in get_services()
                                                                                                    start_process(service)
                                                                                                

                                                                                                Of course, it’s much more involved with restarts, logging, etc. etc. but you can write a very simple cross-platform proof-of-concept service manager in a day.

                                                                                                1. 4

                                                                                                  Yes and no. Socket activation can be done with inetd(8), and on OpenBSD you can at least limit what filesystem paths are available with unveil(2), although that requires system-specific changes to your code. As far as dynamic users, I don’t think there’s a solution for that.

                                                                                                  Edit: Also, there’s no real substitute for LoadCredentials, other than using privdropping and unveil(8). I guess you could use relayd(8) to do TLS termination and hand-off to inetd(8). If you’re doing strictly http, you could probably use a combo of httpd(8) and slowcgi(8) to accomplish similar.

                                                                                                  1. 3

                                                                                                    Then I’m imagining a modular system with different features that can be plugged together, with specifications and different implementations depending to the OS. Somehow a way to go back to having a single piece of software for each feature, but at another level. The issue is how you write these specifications while having things implementable on any operating system it makes sense of.

                                                                                                    1. 2

                                                                                                      Hell, a Docker API implementation for BSD would be a miracle. The last FreeBSD Docker attempt was ancient and has fallen way out of date. Have a daemon that could take OCI containers and run them with ZFS layers in a BSD jail with BSD virtual networks would be a huge advantage for BSD in production environments.

                                                                                                      1. 3

                                                                                                        There is an exciting project for an OCI-compatible runtime for FreeBSD: https://github.com/samuelkarp/runj. containerd has burgeoning FreeBSD support as well.

                                                                                                    2. 2

                                                                                                      But, are FreeBSD rc.d scripts usable verbatim on, say, OpenBSD or SMF?

                                                                                                      1. 8

                                                                                                        SMF is a lot more like systemd than the others.

                                                                                                        In fact aside from the XML I’d say SMF is the kind of footprint I’d prefer systemd to have, it points to (and reads from) log files instead of subsuming that functionality, handles socket activation, supervises processes/services and drops privileges. (It can even run zones/jails/containers).

                                                                                                        But to answer the question: yes any of the scripts can be used essentially* verbatim on any other platform.

                                                                                                        (There might be differences in pathing, FreeBSD installs everything to /usr/local by default)

                                                                                                        1. 2

                                                                                                          I wish SMF was more portable. I actually like it a lot.

                                                                                                        2. 6

                                                                                                          Absolutely not. Even though they’re just shell scripts, there are a ton of different concerns that make them non-portable.

                                                                                                          I’m gonna ignore the typical non-portable problems with shell scripts (depending on system utils that function differently on different systems (yes, even within the BSDs), different shells) and just focus on the biggest problem: both are written depending on their own shell libraries.

                                                                                                          If we look at a typical OpenBSD rc.d script, you’ll notice that all the heavy-lifting is done by /etc/rc.d/rc.subr. FreeBSD has an /etc/rc.subr that fulfills the same purpose.

                                                                                                          These have incredibly different interfaces for configuration, you can just take a look at the manpages: OpenBSD rc.subr(8), FreeBSD rc.subr(8). I don’t have personal experience here, but NetBSD appears to have a differing rc.subr(8) as well.

                                                                                                          It’s also important to note that trying to wholesale port rc.subr(8) into your init script to make it compatible across platforms will be quite the task, since they’re written for different shells (OpenBSD ksh vs whatever /bin/sh is on FreeBSD). Moreover, the rc.subr(8) use OS-specific features, so porting them wholesale will definitely not work (just eyeballing the OpenBSD /etc/rc.d/rc.subr, I see getcap(1) and some invocations of route(8) that only work on OpenBSD. FreeBSD’s /etc/rc.subr uses some FreeBSD-specific sysctl(8) MIBs.)

                                                                                                          If you’re writing an rc script for a BSD, it’s best to just write them from scratch for each OS, since the respective rc.subr(8) framework gives you a lot of tools to make this easy.

                                                                                                          This is notably way better than how I remember the situation on sysvinit Linux, since iirc there weren’t such complete helper libraries, and writing such a script could take a lot of time and be v error-prone.

                                                                                                          1. 5

                                                                                                            Yeah, exactly. The rc scripts aren’t actually portable, so why do people (even in this very thread) expect the systemd scripts (which FWIW are easier to parse programmatically, see halting theory) to be?

                                                                                                            Also, thank you for the detailed reply.

                                                                                                            1. 3

                                                                                                              I’m completely in agreement with you. I want rc scripts/unit files/SMF manifests to take advantage of system-specific features. It’s nice that an rc script in OpenBSD can allow me to take advantage of having different rtables or that it’s jail-aware in FreeBSD.

                                                                                                              I think there are unfortunate parts of this, since I think it’d be non-trivial to adapt provided program in this example to socket activation in inetd(8) (tbh, maybe I should try when I get a chance). What would be nice is if there was a consistent set of expectations for daemons about socket-activation behavior/features, so it’d be easier to write portable programs, and then ship system-specific configs for the various management tools (systemd, SMF, rc/inetd). Wouldn’t be surprised if that ship has sailed though.

                                                                                                          2. 2

                                                                                                            I don’t see why not? They’re just POSIX sh scripts.

                                                                                                        1. 6

                                                                                                          s-nail. It’s like mail(1) on steroids. It’s that one program that’s surprisingly packaged everywhere but no one’s heard of it.

                                                                                                          1. 7

                                                                                                            Tiny nit: Sentry is not open source. They use the Business Source License.

                                                                                                            1. 3

                                                                                                              Huh. I remember running it internally for a while, I wonder if they changed their license or if we were just abusing the license.. We never even got out of beta internally as it kept breaking and upstream seemed to have zero desire to make it stable(for us at least), even if we sent patches.

                                                                                                              1. 6

                                                                                                                idk when you had this experience but nowadays we (I am an employee of Sentry) have a dedicated team for open-source work that makes sure the issue tracker gets triaged and external PRs don’t fall under the table. We also have a docker-compose setup since the complexity of the service increased over time.

                                                                                                                We do still get a large amount of bug reports that we have a hard time remote-diagnosing, particularly around Kafka/Zookeeper and networking.

                                                                                                                Yup, we changed the license. Unless you were trying to build a direct competitor to Sentry you were probably not abusing either license, but IANAL.

                                                                                                                1. 2

                                                                                                                  This was all just for internal, and it was many years ago(5-ish or maybe more, I’m not sure). I’m glad they/you seem to be doing better around open source stuff! We just wrote our own, very simple system that basically amounts to an issue in our issue tracker with a stack trace attached.

                                                                                                                  When we were running it, there was no Kafka or Zookeeper, so before those dependencies came in. As I remember, it was strictly python, with maybe a redis or SQL dependency and that was basically it. It sounds drastically more complicated now.

                                                                                                                  I make no claims that it won’t work for someone else, just that it was(at the time) terrible for us, stability wise. People should evaluate it for themselves and if it will work for their use-case.

                                                                                                              2. 2

                                                                                                                Thank you very much for pointing this out. I updated the article adding this!

                                                                                                              1. 9

                                                                                                                The best interview I had was at the place I work right now. Absolutely no leetcoding. It was entirely verbal. 4 rounds:

                                                                                                                • Intro call, discussing the role, compensation, etc.
                                                                                                                • Chat with the lead engineer about my previous work (somewhat technical)
                                                                                                                • Chat with my potential teammate—this was technical, but mostly just open ended questions. I interviewed for an SRE role, so “what would you do in this scenario” or “how would you approach this problem”, type of questions. I didn’t prep at all for this. Felt like a friendly chat, really.
                                                                                                                • Final round—culture fit. My interests, what I think of the product, etc.

                                                                                                                That said, we also do take-home challenges for software engineering roles and I think that’s perfectly fine, as opposed to whiteboarding. A small task, something that can be solved in about 2–3 hours and not more; a call a few days after to discuss your solution.

                                                                                                                I’ve seen some companies have a “work day” interview, where you work with the team you’re interviewing for, for a day—starting from the standup call, doing your assigned task, and a review at the end of the day. This is a great way to assess the candidate’s fit with the rest of the team—that’s what ultimately matters at the end, anyway.

                                                                                                                1. 6

                                                                                                                  That said, we also do take-home challenges for software engineering roles and I think that’s perfectly fine, as opposed to whiteboarding.

                                                                                                                  I hate take home assignments with a passion. They’re so much worse than whiteboarding.

                                                                                                                  Either they’re so small they don’t show any more than a whiteboard session would, or they’re massively disrespectful of my time. And because the interviewer isn’t in the room with the candidate, it’s easy to do the latter: the time investment is one sided.

                                                                                                                  Many good candidates with jobs, families, and other commitments don’t have a day to be screened by every company they want to talk to.

                                                                                                                  1. 5

                                                                                                                    Basically, I wish companies offered both options. I get really nervous during interviews and would rather just spend a few hours beforehand working on the assignment, so I can come to the interview confident and ready to talk about my solutions. As long as the scope is reasonable I don’t mind it too much. For other candidates who might not have time, there should definitely be a self-contained option.

                                                                                                                    1. 3

                                                                                                                      I have gone through home assignments twice in my career. Both have asked for me to bill my time and paid it with a fair rate. I think that is the only correct way to do home assignments. Others should be rejected on the spot.

                                                                                                                      I spoke to a company the beginning of this year and they were doing an open source product. Their assignment was basically “pick one of these GitHub issues and send us a PR.” The issues were somewhat trivial - fixes in config file parsing [1], that mostly aimed at showing you could find your way around the code. It looked like half a day’s work. I rejected the company for other reasons and ended up not doing the work on that assignment, but I liked the setup nonetheless.

                                                                                                                      Many good candidates with jobs, families, and other commitments don’t have a day to be screened by every company they want to talk to.

                                                                                                                      Those were not screens - I have gone through the screening steps beforehand. I agree that having day long screens is terrible. Unfortunately the alternative isn’t much better. I’ve went through “two hour” coding/algorithms screening tasks and, if you add the prep for that, you can easily land at half a day’s work. Yes, I hate HackerRank “exercises”.


                                                                                                                      [1] I know many people are reluctant to do “free” and “real” feature work for a company that they have not started actually working for, but in this case it was obviously not something that was a core product feature, and, as I already mentioned, was paid in full. If you are asked to do free work, run away and never look back.

                                                                                                                      1. 1

                                                                                                                        I think that is the only correct way to do home assignments.

                                                                                                                        If they’re asking you to complete real company-related tasks I agree. However, what if they’re asking you to do the type of meaningless problems you might find in an interview? Suppose we’re past the screening stage. Normally candidates aren’t paid for their time in a regular onsite interview, beyond travel accommodations, so I don’t see why it should be any different for a project done at home.

                                                                                                                        1. 4

                                                                                                                          Normally candidates aren’t paid for their time in a regular onsite interview,

                                                                                                                          Normally an onsite interview costs the company engineer hours. A take home interview costs the company nothing. When interviewing costs nothing, the tendency is to throw shit at the wall and see what sticks. This isn’t theoretical – I’ve seen people say “we don’t have the bandwidth for interviewing, let’s do take-home assignments before we bring them in.”

                                                                                                                          The money isn’t enough to make a difference in my life – but its a signal that my time’s not being wasted.

                                                                                                                          They’re still an interview format I find to be an unpleasant time sink compared to whiteboarding, but that’s a personal preference. If a company is paying, it at least indicates they’re trying to be thoughtful.

                                                                                                                          1. 1

                                                                                                                            A take home interview costs the company nothing.

                                                                                                                            That is not true at all in my experience. The company doesn’t have someone sitting in the room with you, so the time cost is invisible to you as a candidate, but someone has to evaluate your code after you submit it. I did a bunch of that at my last job and doing a thorough code review including coming up with followup questions typically took more of my time than an in-person interview slot would have. And we always had at least two reviewers for each submission.

                                                                                                                            1. 1

                                                                                                                              and doing a thorough code review

                                                                                                                              Replace ‘thorough’ with ‘superficial’ for all but the few applications you like the most, and you’ve got the approach I’ve generally seen taken (or advocated) with take-home interviews.

                                                                                                                              There are certainly places where this isn’t the case. Paying for the interview is a way to convince me that you’re one of those places.

                                                                                                                              1. 2

                                                                                                                                We do blind reviews. No resume. Just whether it’s product or platform, as those tests are different. I always read every word written and often take the time to figure out how much work would take to get it working. I approach it much like a random github project or PR. Is this something I can build off of? Can I drop it in and use it? Or is it mostly there and I can quickly fix a bug? On the other side of the spectrum, do I have to do most of the problem to get it working? Do I have trouble understanding how to even get started running or even reading the code?

                                                                                                                    2. 1

                                                                                                                      I see you’re working on some open source projects. Out of curiosity, what proportion of interviewers ask you to walk them through your contributions?

                                                                                                                      1. 2

                                                                                                                        It came up at most of the smaller companies.

                                                                                                                        However, the open source code I write is also not usually directly relevant to the work that I would be doing (intentionally, for a number of reasons, including being in a small niche, avoiding non-compete issues and burnout).

                                                                                                                        The better interviews I’ve done have been a mix of whiteboarding system architecture, and pairing on debugging and writing a project.

                                                                                                                        But the thing that really makes interviews fun is having a competing offer in hand. Highly recommend it as a stress reduction strategy.

                                                                                                                    3. 1

                                                                                                                      Chat with my potential teammate—this was technical, but mostly just open ended questions.

                                                                                                                      This approach works well for me both as an interviewer and as an interviewee when coupled with a code walkthrough. E.g. Walk us through a recent project. What does it do? How’d you start it? What was the hardest part to write? What did you learn? What would you do differently? What were the most frustrating limitations of the tools you used? Many of these questions lead to follow-up questions and then settle into an illuminating, non-adversarial conversation. Open source or otherwise unrestricted code is preferable, but a take home assignment suffices as a substitute.

                                                                                                                      1. 1

                                                                                                                        A small task, something that can be solved in about 2–3 hours and not more; a call a few days after to discuss your solution.

                                                                                                                        This was part of our interview process as well. After a brief phone interview we would have the candidate login to a remote system (this was all on clean VMs). You would do this alone. Then we’d call back and have the candidate walk through the code that they wrote, explaining the design choices made and their solution. This was for a web based software development shop so we had front end / back end specific tasks.

                                                                                                                      1. 22

                                                                                                                        I too do something similar:

                                                                                                                        for i in ~/.bashrc.d/[0-9]*; do
                                                                                                                            . "$i"
                                                                                                                        done
                                                                                                                        

                                                                                                                        You can control the order of sourceing this way.

                                                                                                                        1. 6

                                                                                                                          Your glob is nice because it limits valid names to a set which is very distinguishable from ordinary helper scripts (in order to be sourced, the filename must start with a digit).

                                                                                                                          In my particular experience, I have never hit a case where I had to bother with the sourcing order but, since bash globs are sorted by default, I could use this very same approach without changing the bootstrap snippet.