Threads for j4m3s

  1. 2

    This is a good solution. I don’t think storing IP addresses would provide much benefit except for checking on device logins/sessions.

    1. 2

      Maybe some kind of rate limiting protection ?

    1. 5

      A bit disappointing that this uses GoogleAds. Not sure what ads add to this website.

      1. 1

        Sorry, I have Ka-Block! and I didn’t notice any ads on the site.

        1. 1

          Well I didn’t either, I looked at the JS loaded to show these pages (with umatrix) and saw that googleads was included. :) I can understand the usage of some kind of tracking to improve the website (which it might be used for), but not sure overall of the point of googleAds here.

          1. 4

            but not sure overall of the point of googleAds here.

            It’s similar to the point of ads on most pages: the people who publish the page are hoping to make some money.

            1. 1

              Indeed, although on these kind of sites, there isn’t any ads usually so I was surprised.

      1. 2

        But where is the brainfuck version ? /s

        1. 33

          A title describing the same problem from a different angle would be “The mess we’ve gotten ourselves into with single-page-applications

          1. 6

            How about “The proliferation of JavaScript and our failure to prevent servers from acquiring vast stockpiles of such code

            1. 4

              Can you elaborate? Classic SPAs don’t have this problem because all their functions are “client colored” (to borrow the terminology of the post).

              1. 7

                I guess the answer is that Classic SPAs are good until you need some SEO which is probably very common. Hence SSR. Although technically speaking SPA per se don’t need SSR (maybe for performance but shouldn’t be an issue if things were developped correctly by default I’d say).

                1. 15

                  I was thinking the same thing. The title could easily be “The mess spawned by organizing the web economy around a search monopoly”.

                  1. 9

                    IMO, this is the wrong intuition. Categorically, pages that need to be SEO-opitimized are those that are informational. You don’t need SEO for a desktop app, nor would you need that a web app because a web app is the same thing but distributed through the browser (but sandboxed, not making users require a download executables, and on a highly portable platform available on almost every OS and architecture). These two concepts are not the same thing despite both being delivered through the browser; you shouldn’t use a SPAs tech stack for a basic page because information category pages don’t require the same shared state management and usage of device feature APIs that an application might. I can use Wikipedia from a TUI browser because it’s 95% information. It was the exact same issue in the Flash days of not using the right tech and society has permanently lost some content from its internet archive.

                    So it’s not “when you need SEO”, but SEO should be a requirement from the get-go in helping you choose a static site or dynamic, multipage application where the server always did the rendering.

                    The problem is the tooling. The NPM community instead of having an intuition about the right tool for the job and stating “do not use this tool for your static content”, we have tools that try to solve everything and hide the mountains of complexity that should have scared devs away from the complex solution into the simple one. It should be hard to make a complex pipeline like that of server-side rendering for a SPA. And that easy tooling is riddled with bugs, megabytes of node_modules, and might invite you to start involving more complexity with tech such as ‘cloud workers’, but people don’t find out until they are way too deep in the Kool-Aid. Many don’t seem to see this issue because influencers are pushing this stuff to get GitHub stars and have, ironically, gotten all of the top ranks when searching for a solution (or people were asking the wrong questions without knowing).

                  2. 3

                    Not the poster you’re responding to but it might be because SSR is a fairly natural leap from SPA-style apps. They might also be implying that it’s my fault, which would be nice, but unfortunately isn’t the case.

                1. 2

                  Although I really agree with this post, sometimes the context is unfavorable. For instance in “startup’s” scenarii where time to market is sometimes the most important thing, time becomes a constraint and goes against “Doing things right”, unfortunately. (If anyone has experience dealing with this kind of scenarii, I’m all hears.)

                  1. 4

                    If time to market is the most important thing your business is undifferentiated and doomed anyway. Successful startups often do move fast, but it’s no so fundamentally essential as this

                    1. 4

                      After working in a startup which initially skimped on QA and then started taking it seriously (not playing at taking it seriously, but rather a new tech lead came in), I think it’s naive for startups generally not to worry about tech debt. The problem is, if you’re building anything even remotely complex you can get to crippling tech debt in weeks, long before you are anywhere close to an MVP.

                    1. 1

                      (I’m not here to start a flamewar ; I know that people here are not the greatest fan of Kubernetes, I’m just trying to bring my takes on this subject)

                      I completely agree with the part that microservices are an easy trap that many fall into too easily. However as an ops working on Kubernetes cluster, I sometimes feel like it has its perks and I really like to use even on small scale setup. Using it forces you to use containers, which decouples Host and applications, making machine management really easy. One of the problem usually being handling applications dependencies. (I know Nix can be a solution, but most companies I know are more accustomed to containers than Nix. Containers used are kinda “mostly reproducible” which usually is - or seems - good enough.) I know we can use containers w/o Kubernetes, it just makes working with container more bearable by “filling the gaps” between just running containers and proper setup for the rest (storage / logging / backup / network access / load balancing / …) The other is decoupling storage / network / logging. Although you need to setup a new stack for this, they are handled by the “platform” which makes applications (imo) easier to develop / work with.

                      I completely agree that Kubernetes is complicated however (especially bare-metal environments since you also need to handle the storage part). But having a generic, well documented, well thought out (imo) system for handling applications, instead of a custom badly made in-house system is a good thing. It definitely isn’t for all setup as it’s a complicated system, but it makes handling a lot of machines very easy to work with. Once you have enough machines I find it has a net advantage.

                      1. 3

                        Deezer web still leaks 10’s of MBs every minute. This makes it unusable as it craches the tab way too often.

                        This has been going on for years with a lot of people complaining. But the devs are busy worsening other things instead.

                        A good example of how this is still very relevant.

                        1. 2

                          I’ve reported this, but it seems like it’s a Linux only problem … I’ve had no problem on Windows 10. (And I have no idea how they manage to leak memory differently on a cross-platform environment, maybe something related to DRM ?) And obviously, since it’s linux they don’t want to investigate nor fix it.

                        1. 12

                          even for long-lived SPAs that the user may habitually check in on (think: GMail, Evernote, Discord), there are plenty of opportunities for a page refresh. The browser needs to update. The user doesn’t trust that the data is fresh and hits F5. Something goes wrong because programmers are terrible at managing state, and users are well aware that the old turn-it-off-and-back-on-again solves most problems. All of this means that even a multi-MB leak can go undetected, since a refresh will almost always occur before an Out Of Memory crash.

                          Then these same devs/orgs develop so-called “native” applications running under Electron and the F5 escape hatch is lost and your system is brought to its knees by the same SPA that “runs fine” on the web.

                          Desktop developers have to absolutely think differently about everything in their app’s lifecycle. It’s not just that desktop devs traditionally didn’t have a language as easy as JS to develop in and Electron is leveling the playing field, it’s that desktop devs developed apps along desktop thinking (you can’t get away with memory leaks like that when everyone and their mother knows how it launch task manager and see the resource consumption) and used languages and tools suited to r the job which made them inherently more complicated than your average webstack - out of necessity, not because of gate-keeping.

                          1. 3

                            Ctrl + R still works on Electron (slack, discord at least) :).

                            1. 2

                              TIL! Thanks, amigo. (But in all cases, users aren’t (yet) trained to do that.)

                          1. 1

                            It says that grub doesn’t verify secure boot signatures on the files they run, but the last time I worked on it (2 years ago), the kernel had to be signed by the SB keys and all the files (initrd, configs, kernel, grub modules) had to be signed with GPG to work. Is this different now ?

                            1. 1

                              There have been ~220 patches and around 30 (or something) CVEs for secure boot issues in GRUB so it’s more complicated. When I was looking at this around the same time (2019) grub allowed you to boot unsigned kernels.

                              These days grub isn’t suppose to be used in secure boot without utilizing a shim.

                            1. 1

                              Excellent article. I have always considered “right tool for the job” as one of the most important principle. To my ind, building software is a far nuanced conversation with shades of gray, than being black and white.

                              1. 3

                                In my experience, “right tool for the job” is a two-edged sword. If pushed too far, you tend to have dozens of unique solutions to similar problems in the same company, and you may loose the benefits of having more similar solutions/approaches to similar problems. I prefer to see things as “global optimization” VS “local optimization”. As you say, this is a continuum anyway. Curious if you’ve been bitten by “right tool for the job” too ?

                                1. 1

                                  I think we need to understand “right tool for the right job” also as what people who designed the tool have used / know. (Because of insights of how a tool work in opposition to what we may think a techno/framework/tool works).

                                  I guess the answer is always “well, it depends” and being pragmatic and open minded about things.

                              1. 1

                                Currently having one of these “Impossible bugs”, so I can relate…

                                1. 4

                                  Yes, it’s a known problem that languages don’t respect the cgroup limits. AFAIK some languages do it correctly. Java for example does it automatically IIRC.

                                  1. 10

                                    We have the absurd situation that C, specifically constructed to write the UNIX kernel, cannot be used to write operating systems.

                                    That’s the money quote for me.

                                    1. 2

                                      Well. Considering kernels like Linux use non standard C (Gnu99 if I’m correct, or C99 with some compiler extensions), I’m not surprised. Some compiler extensions are really handy for kernel/low level development like inline assembly for instance.

                                      1. 1

                                        Yeah, I’m curious about that. And the following text:

                                        Linux and other operating systems are written in an unstable dialect of C that is produced by using a number of special flags that turn off compiler transformations based on undefined behavior

                                        I wish they’d given (or linked to) more details. What flags? What makes this an “unstable dialect”?

                                      1. 4

                                        Flakes are one of those things that feel like they could really simplify a lot of NixOS stuff (including being able to split stuff out of the massive nixpkgs monorepo), but the experimental status around them has me feeling a little nervous.

                                        1. 2

                                          Me too. I tried to flake-ify some of my repos near the end of last year, and couldn’t make head or tail of what needs to go where. I’m aware of a few Tweag blog posts, and not much else in the way of good documentation. Has the documentation situation improved?

                                          1. 5

                                            I have found the flakes wiki page to be a good reference that I still consult regularly:

                                            https://nixos.wiki/wiki/Flakes

                                            1. 6

                                              This and https://zimbatm.com/NixFlakes/ are quite good.

                                            2. 4

                                              Not really. One of the traps of it being “experimental, but merged” is some people have suffered through and figured it out… and others haven’t, but not much documentation is happening because it is “experimental” and could “change at any moment. Of course, it would be nice if there was something a referer could provide.

                                              That said, nix flake --help has a good bit of stuff.

                                              1. 7

                                                I feel this might also be the general curse of the nix documentation, which typically has very thorough reference docs, but lacks simple guides for folks which just want to do things, without necessary understanding how it works under the hood.

                                                With flakes, I feel that RFC and the series of tweag posts are an excellent reference, but I didn’t find a simple guide for my simple use-case. The docs are “here’s how you setup NixOS container” or “here’s how you use home-manager”, while what I want is a minimal diff to switch from minimal /etc/nixos/configuration.nix to minimal flake.

                                                1. 2

                                                  That’s a shame. A sprint to document flakes as they currently are may help break the deadlock.

                                            1. 6

                                              Besides Firefox and Servo, SpiderMonkey is also used by GNOME and MongoDB.

                                              1. 2

                                                Also polkit.

                                                1. 1

                                                  CouchDB also uses Spidermonkey.

                                                1. 4

                                                  So can we watch Netflix on FreeBSD now?

                                                  1. 3

                                                    I suppose it’s more about the use of FreeBSD inside the Netflix infrastructure.

                                                    1. 5

                                                      Yeah, that was the point. Netflix happily uses FreeBSD but couldn’t care less about FreeBSD users.

                                                      1. 15

                                                        Of course not. Why would a for profit media company waste (expensive) resources to support an OS that basically nobody uses on the desktop?

                                                        I know it sounds harsh, but Freebsd desktop use is irrelevant to any company.

                                                        1. 1

                                                          Gaming on Linux was mostly irrelevant until Steam found a reason to support/foster it (apply pressure on Microsoft + Apple and their app stores). Given that the PS4 (and presumably PS5) uses FreeBSD for it’s OS and Netflix supports that platform there’s probably some incentive there to upstream certain things. Though I presume Sony is happy to keep status quo for the moment.

                                                          1. 2

                                                            I imagine a lot of the PS4 graphics code they write is under NDA with AMD since they’re not just using off-the-shelf components, but I could be wrong. Has Sony given anything back?

                                                            1. 1

                                                              Has Sony given anything back?

                                                              Not that I know of but then I’m totally the wrong person to answer that question.

                                                        2. 7

                                                          Hey, at least they’re in the second largest donor class this year. I’d think FreeBSD Development would deserve more all things considered.

                                                      2. 3

                                                        Sure You can, In a Linux/Windows/Android VM under Bhyve :p