1. 20

    Personally I’m afraid of my comments not contributing/decontributing. Especially because I don’t know about a decent amount of the topics posted.

    1. 24

      That is my concern as well. Personally, I’d rather this site didn’t become like HN. The discussion is what turned me off HN - too much negativity, too many uninformed, nitpicky or banal comments.

      Even most of the “good” discussions over there primarily provided a good way of killing some (or a lot of) time rather than learning opportunities. Nonetheless, it was pretty easy to get sucked into reading them!

      So in addition to the concern about the quality of my contributions, I’d also like to disagree with the OP - I actually like Lobsters the way it is now. I get interesting articles to read (but not too many), and I don’t waste time on reading comments.

      Consequently, this is just my second comment on this site, even though I’ve been visiting for months. And I’m not even sure these two comments exceed my quality threshold :)

      1. 8

        I’d like to see more posts on lobsters, the throughput is lacking. more comments would be nice, but more articles would be nicer.

        1. 5

          And the comments on HN can be belligerently uninformed, which is what really bothers me. A friendly but small community is better than a large and hostile community.

          1. 3

            Just please, let’s not get like HN and spend all our time worrying about turning into Reddit :-).

            Seriously, the problem is that on the one hand you want to have a friendly community feel and on the other hand keep the signal-to-noise ratio up. Maybe Slashdot were on to something with the whole +1 Informative vs. +1 Funny thing.

            1. 1

              I feel there was a time when comments on HN were generally a higher quality than they are now; there’s still plenty of insightful comments (especially from people who are deeply connected with whatever topic is at hand!), but you’re absolutely wright about the negativity; this has been my major reason for ceasing reading many comment threads. The top comment is often “This is so wrong and this is why!”; I’d love to see similar discussion here but without the nagativity.

              1. 3

                I’ve seen the same thing play out a few times (on Slashdot, HN and Reddit): first there are a few people having good discussions; this attracts more people, and the quality of discussion goes down; various technical measures are tried to no avail while the audience continues to grow and the quality of discussion continues to decline. It would be awesome if there was a solution to this, but I haven’t seen one emerge over the last decade, so I’m sceptical at this point. So perhaps the only winning move is not to play :)

                1. 4

                  This effect is called Eternal September, named after a similar incident on Usenet.

                  1. 1

                    You could be right, but I hope you’re not. I’ve noticed exactly the same thing, so I’m also weary, but I think that some discussion is better than none.

              2. 6

                Then ask questions instead of stating opinions. Nerd sniping is a great way to get conversations going. “Why do we need X anyway? I can’t see the point” will always get you someone explaining why, and often someone explaining why not. Often the discussions get a bit heated or childish, but there’s usually still some value to it and Lobsters provides the tools to let people know when they are getting off track.

                1. 2

                  There’s a fine line between nerd sniping and trolling. It’s like the difficulty, now well studied, of detecting irony in social media.[1][2]

                  If I were to try to start a conversation this way, I would make it clear that I was not trolling and not trying to put anyone on the defensive. Instead of

                  Why do we need X anyway? I can’t see the point

                  which sounds almost defiant (“Come at me, bro” seems to be a popular meme for expressing this attitude, but as a meme it carries an irony flag, which defuses the literal confrontation), I would ask:

                  Could someone explain the need for X?

                  making it clear that I’m actually looking for a conversational peer to weigh in on the subject and that I’m willing to give the response a fair hearing.

                  [1] http://ac.els-cdn.com/S0169023X12000237/1-s2.0-S0169023X12000237-main.pdf?_tid=4cc49444-d150-11e3-afd1-00000aab0f6c&acdnat=1398963036_a164f2a56dc5eb21d3e636d145eadc64

                  [2] http://www2013.org/companion/p635.pdf

                  1. 1

                    I’ve seen many a bitter HN/reddit comment war start over nerd sniping, and often enough over the medium of text, I find I can’t understand the intent of the author without an explicit qualifier like “I’m genuinely curious” and even that gets me a bit angry at times. I’m not a fan of nerd sniping at all.

                  2. 2

                    True, I never really thought that something that simple would bring about a lot, but when I think about it you’re definitely right.

                    1. 1

                      Then the problem comes to being able to come up with reasonable questions; often people find it hard to question what they don’t understand about a topic. hopefully we’ll learn though!

                    2. 2

                      You mean basically trolling to get a response? What a bad idea.

                      If someone has a legitimate question over the value of something, great.

                      Please do not encourage disingenuous behavior.

                      1. 1

                        No, that’s not what I meant at all, I’m not sure how you read that from my comment either. My suggestion is that if you don’t understand something, then instead of feeling stupid, ask the question and hopefully someone will try to explain it. Or perhaps, pose a related problem (like the XKCD example) and see if people can solve it; lots of people have a lot of fun solving problems and sharing how they reached their solution.

                  1. 20

                    In other words, if you don’t conform to HN groupthink, you get throttled. That will promote good discussion, right?

                    1. 11

                      For a startup community, there are some seemingly heavy handed things that happen there: hell-banning, hidden mods, privilege classes of users, and now this. I can imagine with all the celebrity of YC, there ends up being a lot of spam and craziness. This still “feels” very exclusionary to me though.

                      I guess if nothing else, this could be an interesting experiment.

                      1. 5

                        “Could be”? The experiment has run, and the result is right here. On this site, my comment gets upvoted. Had I posted the same thing to HN, it would have been deleted.

                        But of course I wouldn’t post it to HN. I’m hellbanned and slowbanned for having posted prohibited opinions.

                        1. 7

                          I marked yor comment as “troll” and would not have approved it on hn. It lacked any useful information and was nothing more than an inflamatory rant. That it got so many upvotes makes me wonder where the groupthink is.

                          1. 3

                            Why do you say it was a troll comment? It expresses exactly what many of us feel concisely. Just because it doesn’t go into 3 paragraphs and 5 sources doesn’t mean it’s not useful. And that is exactly why I am against you having power to moderate comments on any forum I read.

                            1. 1

                              “Why do you say it was a troll comment?”

                              It lacked any useful information and was nothing more than an inflammatory rant.

                              Sorry if I did not make that clear.

                        2. 4

                          I don’t think that there’s anything about “startups” that precludes a toxic environment. I enjoyed YC, and I like Paul, but his hammer is startups, and he sees nails everywhere. Too, he’s not the world’s most introspective guy. Like any charismatic, he attracts a lot of smaller personalities who are even less likely to think hard, and internet message boards are not places that encourage empathy or reflection.

                          I don’t think there’s a technical solution to the problem that they’re trying to solve over there – there are only so many tweaks and nudges available to try and reshape culture.

                          1. 3

                            Maybe it was all an experiment from the start. Kind of a soft Milgram. The full HN logs may be rich with insights into what happens when you give parts of a community power over other parts.

                        1. 1

                          That posf says they have a partnership, not that they have been acquired. Did I miss something?

                          1. 5

                            It wasn’t until I saw a link to a post that had Clojure in the title that I realised the lisp tag was being used for Clojure and not just Common Lisp. Common lisp isn’t really of interest to me and so I expect I’ve skipped over plenty of posts that would’ve actually been quite relevant to my interests. I’m in favour of introducing a Clojure tag to avoid this confusion.

                            1. 2

                              This was my response. I’m more inclined to look at a Clojure post than a Lisp post. I’d like to see this tag as well.

                            1. 7

                              Turning off Javascript leads to a broken browsing experience. Many sites today will not work without Javascript, plain and simple. Whether it’s Google Analytics usage, single-page apps, or Bootstrap dropdowns, you’ll find out, like I did, that almost every site is broken slightly by disabling Javascript. I applaud the author for fighting the good fight, but I just got tired of things not working.

                              1. 2

                                Conterdote: I use NoScript so scripting is off by default for any new site and most sites work fine.

                                When I browse on my tablet where ijs runs by default and routinely encounter modal popups and view-blocking Share This bars I am reminded what a better experience it is to pick and choose when scripts run.

                              1. 1

                                Anyone else here a fan of trackpoints? It’s become a must-have for me. First Dell then Lenovo laptopss, and the last two keyboards I bought had the built-in trackpoint.

                                One of them was a model M clacky thing but the construction ended up to be poor and a few keys either stopped working or would stick. I replaced it with an external Thinkpad keyboard sans trackpad (but with trackpoint).

                                1. 2

                                  I am! I really enjoyed having a trackpoint when I had a thinkpad. Made the mistake of getting a Surface Pro and the keyboard is horrendous. What I really want, but can’t find, is a tenkeyless mechanical (with Cherry reds), with a trackpoint and extra usb port. No such keyboard exists…

                                1. 3

                                  Question for the audience: should such sites make it clear that an affiliate code is attached to all the Amazon links?

                                  I don’t begrudge anyone using such links but prefer to be told about it someplace on the site.

                                  1. 2

                                    I just assume that any site tying in with Amazon is doing it just to make money from referral links, though I would appreciate seeing it mentioned upfront.

                                    1. 1

                                      I assume the same as well. Of course, Amazon does require that the disclosure appear somewhere on the site:

                                      You must, however, clearly state the following on your site: “[Insert your name] is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to [insert the applicable site name (amazon.com, amazonsupply.com, or myhabit.com)].”

                                      https://affiliate-program.amazon.com/gp/associates/agreement/

                                  1. 2

                                    Nice. A few years ago I wrote one called pivotal slacker. Github seems to have swallowed the repo, and when PV stopped the easy free stuff I stopped using them.

                                    http://github.com/Neurogami/pivotal_slacker. (But come up 404 for some reason)

                                    1. 9

                                      Who are all these wonderful people that are going to sign up and contribute but haven’t yet only because they don’t know any existing members? And if you know about them, why haven’t you invited them?

                                      I don’t think there’s a big mob of people waiting at the door trying to get into this site. If they wanted to be here, they’d be here or they’d easily be able to get an invitation. I have a twitter search for “lobste.rs” subscribed to in my RSS reader and any time anyone mentions the site, I go out of my way to find their e-mail address and invite them.

                                      I believe that the current model of invite-only is what is keeping the site on-topic and civil so far. If it’s changed to an open signup policy, it’s going to bring off-topic stories, spam, voting rings, and snarky anonymous comments. Hacker News already has that covered.

                                      1. 1

                                        HN has it’s problems but it also has discussion threads of some substance. If not the occaisional open enrollment then something else needs to be done to move Lobste.rs from being a news feed with the rare comment.

                                        1. 5

                                          I still don’t get who all these people are that are going to flock to the site and spark discussion. There’s 842 accounts on this site, and it only gets the “rare comment”. Adding dozens of lurkers who didn’t care enough to ask for an invitation previously is not going to trigger meaningful discussion. Neither will allowing spambots to come in, or people who don’t really care about this site but just want to submit their blogspam and never come back.

                                          This site gets daily activity and continues to grow, but it’s slow enough that you don’t need to monitor it every hour to see what’s new. If it only acts as a news source and not a heated-discussion forum, that’s fine by me.

                                      1. 2

                                        “The instance_variable_set method is the bane of anyone who wants to truly protect their object’s state. Because of it’s existence, it is basically impossible to truly hide your objects’ internal state in Ruby.”

                                        Why not override that method if you don’t like how it behaves?

                                        1. 1

                                          Even if you override that method, someone trying to break into your object can still grab it from elsewhere using the “method” method, and then reattach it to the object. But regardless of instance_variable_set, you can always reopen the class and add a method that accesses the instance variable. E.g.

                                          class PreviouslyDefinedClass
                                            def get_protected_variable
                                              @protected_variable
                                            end
                                          end
                                          

                                          Basically, if you use a variable with the @ symbol, it’s just about impossible to hide.

                                          1. 1

                                            Good point.

                                            Still, if someone is so willing to jump through hoops to get around access control they can do the essentially the same in JavaScript too.

                                            It’s not “instance_variable_set” that’s the problem, it’s just the nature of dynamic languages and reasonable expectations.

                                        1. 3

                                          I’m pretty certain the majority of users that switch from a default to a higher port know enough about security to know it doesn’t afford any extra protection, but rather do it to keep their logs from getting too noisy. I’m not surprised that people are port scanning (and I don’t think this is a new thing) but it’s way easier to deal with opposed to the deluge you get by operating on a standard port.

                                          1. 1

                                            I also use a nonstandard port, but also with additional tools that block repeat offenders. It’s the latter that counts the most, the port choice is more reducing the thoughtless attempts that fill the logs.

                                          1. 1

                                            How is this a Rails issue?

                                            1. 1

                                              Because Rails lets you send integers directly to MySQL by way of XML or YAML. In most other scenarios, every piece of data from the user is a string, which, when passed to MySQL, doesn’t have (m)any weird effects. Passing an integer directly to MySQL has some unexpected results, like NULL being equal to 0 (but not = ‘0’).

                                              mysql> select count(id) from users where email_verification_token = '';
                                              +-----------+
                                              | count(id) |
                                              +-----------+
                                              |         0 |
                                              +-----------+
                                              1 row in set (0.03 sec)
                                              
                                              mysql> select count(id) from users where email_verification_token = '0';
                                              +-----------+
                                              | count(id) |
                                              +-----------+
                                              |         0 |
                                              +-----------+
                                              1 row in set (0.02 sec)
                                              
                                              mysql> select count(id) from users where email_verification_token = 0;
                                              +-----------+
                                              | count(id) |
                                              +-----------+
                                              |       464 |
                                              +-----------+
                                              1 row in set (0.03 sec)
                                              

                                              By passing XML/YAML to Rails, you can get an actual integer value in params. If params[:token] is a string of “0”, this:

                                               User.find_by_password_reset_token(params[:token])
                                              

                                              is executing:

                                                User Load (3.0ms)  SELECT `users`.* FROM `users` WHERE `users`.`password_reset_token` = '0' LIMIT 1 
                                              => nil
                                              

                                              but when it’s an actual 0, it becomes:

                                              irb(main):002:0> User.find_by_password_reset_token(0)
                                                User Load (0.2ms)  SELECT `users`.* FROM `users` WHERE `users`.`password_reset_token` = 0 LIMIT 1
                                              => #<User id: ...
                                              

                                              which returns the first user with a null password reset token.

                                              For what it’s worth, all of this came straight from the Lobste.rs console. This problem would have been exploitable on this site’s password reset page but I’ve been running with:

                                              ActionDispatch::ParamsParser::DEFAULT_PARSERS = {}
                                              

                                              on all of my Rails applications since the first YAML vulnerability was announced. None of my apps need to parse incoming XML or YAML or any other stupid stuff.

                                              1. 1

                                                “Because Rails lets you send integers directly to MySQL by way of XML or YAML. In most other scenarios, every piece of data from the user is a string, which, when passed to MySQL, doesn’t have (m)any weird effects. Passing an integer directly to MySQL has some unexpected results, like NULL being equal to 0 (but not = ‘0’).”

                                                Do people write apps where they allow user-provided data to pass-through unchecked? If true, is that the fault of the framework?

                                                Am I misunderstanding something here? This looks more like poor security practices coupled with goofy database behavior, compounded simply because Rails makes it easier to do.

                                                1. 1

                                                  Do people write apps where they allow user-provided data to pass-through unchecked?

                                                  Yes, because the data is properly escaped, so there is (usually) no harm in passing it through to SQL. That’s often how the checking is done — whether SQL returns records or not. If you have to double up each check with a regex or some kind of pattern match first before sending it to SQL, it becomes pretty tedious and error-prone.

                                                  One way around it is to explicitly cast everything to a string before doing anything with it, but the framework should really not be allowing other stuff in there to begin with.

                                                  I should mention that this particular piece of code from Lobsters is written like this:

                                                  if params[:token].blank? ||
                                                  !(@reset_user = User.find_by_password_reset_token(params[:token]))
                                                    [...]
                                                    return redirect_to forgot_password_url
                                                  end
                                                  

                                                  so it makes sure that params[:token] is not blank before passing it to SQL. Since it’s not null (or a blank string), it should stand to reason that any other string is ok to pass to SQL as a possible password reset token. However, because of this XML problem, it can be an integer 0.

                                                  irb(main):001:0> "".blank?
                                                  => true
                                                  irb(main):002:0> 0.blank?
                                                  => false
                                                  

                                                  So now it bypasses the blank? check and gets passed to SQL directly as a 0, which compares to NULLs which are casted to integers (becoming zeros), and matches the first user record.

                                            1. 7

                                              I really sympathize with the author on this one. I used to fear publicly releasing code because it might not be ‘good enough’. It was the attitude displayed in these tweets that I caused this fear.

                                              1. 6

                                                I was a bit surprised to see Steve being the one bashing on this, especially being someone that teaches programming. She even asked Steve for feedback and just got this snarky reply.

                                                1. 5

                                                  I’ve specifically been staying out of ALL of these threads, but what I will say is that when I wrote that tweet, I did not know she was the author. They’re different usernames.

                                                  1. 3

                                                    I see nothing snarky about that reply. At all. One person’s snark is another person’s matter-of-fact directness. But it helps make my point.

                                                    I feel bad for Steve. He made a mistake. But now, for at least some, he’s just an asshole, regardless of everything else he has done so far. This is what I find so amazing.

                                                    There’s a thread about this over on HN (of course) and the level of vitriol is staggering. Suddenly he’s completely defined by a mistake. He’s pigeonholed with invective worse than what he said about someone’s code and coding skills.

                                                    This is “someone’s wrong on the Internet”, with venom. If you choose the wrong words to criticize something (and I guarantee you that no matter how you phrase it someone will think you’ve been too harsh) you are become a target for the self-righteous to dump on you in ways far worse than whatever it was they think you did.

                                                    1. 7

                                                      I’d like more professionals to accept that often, their lauded “matter-of-fact directness” is as effective a communication tool as “no-nonsense single-character variable names”.

                                                      On the whole, humans prefer criticism to be couched in sympathetic language, and there is not one thing wrong with that.

                                                      1. 3

                                                        He’s pigeonholed with invective worse than what he said about someone’s code and coding skills.

                                                        It’s worse than that – by my reading Steve didn’t say anything about her code or coding skills.

                                                        The individual tweets linked here read differently alone than they did in context, but the context is impossible to link to.

                                                        Twitter is a bad place to discuss things.

                                                  1. 2

                                                    “Much like the Mac creators thought computers should be made to understand how humans work (and not the other way around), Fish observes your past behavior and suggests commands that it thinks you might be trying to execute.”

                                                    One reason avoid using my Mac in favor of Ubuntu or Windows 7 is precisely because OSX seems to require me to do things The One True Mac Way. Perhaps this is good fit for most users, or maybe it’s just habit, but I’ve never go the feeling that OSX was observing how I was trying to do things and then adapting itself to make me happy.

                                                    One problem with building things to act as people expect is that expectations change with usage; I do not want a system that is eternally primed for newbies. Id rather face a learning curve and then be able to do things as wish.

                                                    Basically the last thing I want in a shell is it to be Mac-like. I find the “Posix baggage”, ultimately, to be the best path for simplicity, consistency, and ease-of-use because I have far greater control over controlling its behavior to to suit me.

                                                    Overall I’m deeply skeptical of tools that are suppose to anticipate my actions and then help me. Sometimes they do, but when they don’t then it’s just time wasted with me fighting back.

                                                    1. 4

                                                      An art project I’m not ready to fully explain, but it’s a computer-generated book. Had to write my first parser to transform some TeX. Now shopping around for printers, and it is sort of super-weird for a project to end with a physical object.

                                                      Updating NearbyGamers from Rails 2.1 to current so that I can add features like gaming stores, events, and embeddable maps. This is kind of a slog.

                                                      1. 1

                                                        Anxiously awaiting details on the book.

                                                        1. 2

                                                          I’ll write a blog post about it once I have it in my hands. :) The to-do list is getting down to typographical tweaks and printing, so hopefully that will be late this month or early January.

                                                          And I’m sorry to be mysterious, but the whole point of it is to prompt discussions, so I know if I have those discussions before it’s done I’ll never finish, and I need that feeling of accomplishment.

                                                      1. 3

                                                        Self-publishing books on tech for artists. http://justthebestparts.com

                                                        1. 1

                                                          cool stuff! Have you considered selling these at all?

                                                          1. 2

                                                            Yes. When reasonably complete I'l have PDF/epub/mobi versions for sale. I’m hoping to wrap up the OSC book Real Soon Now and make it available for sale.

                                                          1. 2

                                                            Wow, thanks, that’s a good thread.

                                                            1. 2

                                                              Ah, the proggit days of yore…

                                                          1. 2

                                                            Nice post, thanks. By coincidence I was looking around for some good “learn some advanced JavaScript” links, and recalled there being some site that explained functional programming in JS. Except, as it turns out, that’s not what it was called at the time. The article (actually I found a few) was about higher-order programming, or HOP (as a few places referred to it).

                                                            It got me thinking how hip and cool functional programming had become, to the point that many people are keen to describe their pet language as a functional programming language. Or that their pet language lets you do functional programming. For example, JavaScript, Python, and Ruby (the languages I see most coming up in such discussions).

                                                            Thing is, none of these languages can assure immutability or referential transparency. What they offer, to varying degrees, is the ability to use functions as data (i.e. pass functions to functions, and return functions from functions), and for that the term “higher-order programming” makes more sense than “functional programming.”

                                                            This is the kind of thing that leads to flame wars over what defines a functional programming language, but data immutability is, for me, an essential aspect of it, and I’m glad this article jumps right in on that.

                                                            1. 2

                                                              Just got the book from Amazon. Did not know their was a PDF. That will come in handy. I’m not sure I really knew what the book was about when I ordered it, but it looks quite good. Almost makes me want to unpack the C=64.

                                                              1. 2

                                                                This sounded familiar to me. Sure enough: http://www.advogato.org/proj/Ruby.js/

                                                                I do not think they are related.