Threads for jee
-
Hey Drew, signed up for sr.ht a while back. Loved looking through the wonderfully blueprinted Flask code to see what was going on. What motivated you to put each of the separate functions on their own sub-domain as separate apps, rather than a monolith? Was it to distribute outage risk or something?
-
-
https://defn.io - I mostly write about Racket.
-
-
-
I remember your post about using Racket to write an e-commerce platform. I thought that was awesome!
-
-
-
Hey! So I’ve used and/or tried out Jekyll and Hugo. I can confirm that Hugo is not for the feint of heart and seems to regress quite often! My set up is dead simple. It includes editing content, code, and deploying all in the same browser screen, and its free!
My site https://www.towardssoftware.com is hosted on repl.it! It’s awesome because I can make edits on https://repl.it and click run, and my site is updated instantly, in dev and “production”. The site’s theme is barebones because I don’t really care about the look, but hopefully this gives you a different perspective.
It’s great to have editing, and hosting in one GUI interface for simplicity. If you are more focused on writing, you want to make edits as frictionless as possible. If you are more focused on using a shiny site generator and running scripts to deploy it after every edit, there seems to be a tool to do that written in just about every programming language.
-
Since a JSON API — a hash/map of strings — is often the eventual interface, it’s even more reason to skip the abstractions and work with values directly.
This is a pretty good way to accidentally leak secrets.
-
-
I mean it’s common for a web application to need to be able to provide both internal and external representations of data, e.g., the password field of a user object. Stuffing all this logic into a database would be both a maintenance and operational nightmare.
-
I mean it’s common for a web application to need to be able to provide both internal and external representations of data, e.g., the password field of a user object
The real mistake is commingling public and private data together.
Don’t do that.
Just because a pattern is common doesn’t make it right.
Stuffing all this logic into a database would be both a maintenance and operational nightmare.
Funny. I think having global variables that are UPDATE and INSERTed all over your code base is worse.
The best possible scenario is that you don’t have to learn what kind of security and maintenance features your database has and you can just treat it as a serialisation point. That’s the best: that you don’t have to learn what code already exists (so you get to invent it yourself!) and it’s slower.
What usually happens is someone makes a change, adds a private element to a table that was previously completely public and forgets to review every update/insert/select in their codebase (since they’re all over the codebase, and possibly spanning multiple concurrent branches – impossible to get right for big teams!) so you get security vulnerabilities. Almost certainly.
Or they try to implement their own security features (like putting password fields in “user” objects) and get them wrong in subtle ways, then blame their tools.
-
Argh, yes.
password(orencrypted_password) does not belong in the user table. It belongs in anauthentication_methodstable.Why? It lets you handle situations like:
- Adding (multiple?) API keys that act on behalf of a user (ex: fastmail has ‘app passwords’ which are functionally per-mail-client api keys).
- A customer complains that their account was taken over by an attacker who managed to reset their password. They’ve taken it back over and want to know what the attacker did. Your audit trail is linked to the password, and reveals which actions were taken by the hacker and which were taken by the customer as they used different passwords to authenticate.
- Was this failed password attempt because they entered their old password? If so, tell them that their password has changed and to contact support if this was not them!
- Was this new password the same as any old (now-inactive) password? One that might have been leaked? Pick something else!
-
-
-
-
-
https://www.towardssoftware.com - Only HTML and CSS, nothing fancy, just text to convey what I want. One day I’ll make it more modern, but for now, it’s just plain HTML that I can edit from anywhere. I use repl.it to edit, and host, my flask project for free. Basically flask just provides some basic templating and routing, it’s mostly just handwritten HTML!
-
Ah “hacker” “news”, where “hackers” go to bikeshed about 737s and shitcoin “news”.
-
I know it’s hip to be snarky and you’re of course partially right. (The same could be applied to any community, even here, to a much lesser degree).
I still stand by the point that it’s perfectly reasonable to skim HN, dig into a few technical topics, ignore the vitriol, and learn a lot or find interesting stuff. Before I was active here I wrote a weekly digest of links and stuff that interested me, and a really big chunk of this was found on HN.
I was never really into the startup culture, despite working there. (German startups are unlike Valley ones, tho) - it’s a good chunk of the content there, yes. But in no way the majority.
-
-
-
This is the type of article that gets responses from people supporting or denying it based on which camp they are in.
There are happy exceptions to both camps. It probably doesn’t matter all that much in the end😄
-
With simple fix you can make it simpler and more accurate:
def monte_pi(n): points_in_circle = 0 points_in_square = uniform(0.0, 1.0, (n, 2)) for x, y in points_in_square: if (x**2 + y**2 < 1): points_in_circle += 1 circle_area = points_in_circle / len(points_in_square) return circle_area * 4It simply calculates area in the first quadrant and then multiply result by 4. Additionally it uses unitary circle to minimise the rounding errors.
-
Hey! Thanks for sharing. That was actually my original solution, but I realized some non programmer people might be a little confused looking at the code if it didn’t perfectly represent what I explained. Nice with the errors. I certainly didn’t know the most precise approach to use for this!
-
-
I’ve been telling my family for several years about the impending collapse of the gigantic house of cards of modern software based on what I’ve seen. They don’t believe me.
The #1 thing we need to do is to do is apprentice and case-study based training of developers. Start training developers using case studies with real programs instead of just abstract ideas like “encapsulation” and having them write from scratch without having seen what production software looks like. Literate programming book such as Pharr and Humphreys’ amazing “Physically based rendering” are good steps in this direction.
-
http://www.pbr-book.org for those interested in following the referral.
-
-
I really wished my college days were spent more on building and less on learning about polymorphism and encapsulation.
That said, the author misses the point that we are in the middle of a huge boom where entire industries are just now looking around and saying, “How can we make our business more efficient with software?” Of course software is ideally supposed to ship bug free, of course Catalina shouldn’t have bugs, but at the end of the day we live in a world where user growth and utility drives value, not code quality.
Century old industries are just now coming online and trying to integrate software into their business models, so they likely are either going to make low quality software that solves immediate needs. Not all companies view software as a revenue center.
For most companies in the world software is just a way to lower costs. Not a money maker. Many of us are biased by the fact we work in tech and work on software products/projects that are money makers. Some of the companies in the post are giant tech companies.
Imagine the total lines of code count at any of the companies mentioned. It’s easily in the hundreds of millions or even billions. Of course there are examples of bad code!
-
-
Wondering if Java is worth learning. I see a lot of jobs requiring Java experience. I know to write code in C++ and Python. Never was attracted to Java. I see no point in it especially since it is slower than C++ by reputation.
-
Lots of strong opinions in this thread. Java is more than a language; it’s a platform. Java and JVM are used interchangeably a lot. Java is verbose, probably a little slower than C++ in some cases, but the JVM is the platform for almost all, modern day data engineering libraries. Hadoop, Spark, etc. You don’t have to write Java code, you can use Scala or Clojure if you want a different language on the JVM, but still want to interop with the vast ecosystem of Java libraries.
Java and C# still seem to be pretty prevalent for enterprise development, so it’s up to what you want your career path to look like. If you are wanting to do data engineering the JVM will be useful to work with. If you want to work in enterprise apps, Java or C# are useful.
tl;dr Don’t learn Java just to learn something fast. The virtual machine (JVM) is a powerful platform to use, which can leveraged by learning Kotlin, Clojure, or Scala. If an interviewer refuses you a job because you haven’t done Java, you probably are looking for the wrong job(E.g. senior java developer) or looking at the wrong workplace(e.g. you must check all the boxes to get this job)
-
A thousand times this.
If you were going to work with java day-to-day, I’d suggest learning any of the following over studying the language:
- An IDE, in depth (java and c# are the only languages I’d use an IDE for; they need it).
- How code gets loaded (dependency management, the classpath)
- A smattering of JVM bytecode (relevant if your code needs performance or you are integrating with non-java code).
-
-
This may be more of an advanced topic, but instead of trusting reputation of being ‘slower’, I’d recommend playing with tools and techniques for benchmarking and profiling. It’s not only relevant to choice of programming languages: even within the same language you might have different opinions on performances of algorithms, data structures and language features. (e.g. lambdas are slow! virtual functions are slow! etc.)
Different parts of different systems require different performance, and in many cases it doesn’t matter which language you choose at all. Being able to measure what actually matters and justify your choices would make you more pragmatic and essentially give you higher ground in arguments over choice of languages and technologies.
-
-
Arguments this bold are rarely true… I don’t write Java and I do vaguely agree with the sentiment, but I also would write C before C++ so.
-
-
I suppose it may just be a knee jerk reaction, I don’t like it when people say “Don’t learn X” without even proposing an alternative. I never did enjoy Java, it was quite verbose and quite ceremonious. Still I’m hesitant to say that someone shouldn’t learn it at all.
-
-
-
-
I’m not recommending either learning java or not, but java is hardly slow. there’s a good reason many large companies with performance requirements swear by it. The jvm is underrated in general and the JIT is especially underrated.
-
If you’re coming from C++, there isn’t that much to learn. My opinion..learn something new like a functional language if you want to broaden your horizons. If you need Java experience for a role, you can obtain enough in a short period to pass their “test” and learn the rest on the job.
-
Lots of code is in Java, and there is a career path in knowing a JVM language.
Lack of speed is overrated, and Java’s JIT is reasonable.
I am not a Java Guy though I would become one for a job. The standard library is too massive and ever expanding for my tastes, and I refuse to spend time memorizing obscure classes that will make a possible future job easier. I’d rather have Google when I need it.
-
Java is slower and more memory intensive but it’s also easier and faster to write correct code. It’s a conscious trade off, and depending on the task may be a worthwhile trade. Rust is a good compromise, but I think it is important to be mindful that it is a compromise.
-
-
In the article, the author included a picture with his login cookies digitally blacked out. Just an FYI if you ever do this, certain image formats like bitmap can trivially remove the black mark while keeping the data it’s obfuscating intact. Look up bitmap watermarking if you want to know more!
-
-
-
-
-
Surely no one does it this way though? You just open the image in a photo editor, paintbrush over the top, export the result.
-
Yeah most people use compressed formats, but it’s something to be wary of if you are posting credentials online. And with PDFs many programs let you draw over the pdf if you want to hide specific info, but when you open that pdf somewhere else, the drawing is gone. This isn’t something to do with bitmaps, but something worth noting.
-
-
-
Not sure if anyone else has mentioned AWS light sail yet, but it’s the exact same price as DO/Linode. You’re comparing VPS instances right?
-
Lightsail was something I was vaguely aware of but didn’t really know about and so didn’t think to include. This omission has been pointed out by surprisingly few people (I think you are only the third of all the comments on various sites). I don’t think people consider LightSail enough (I’m guilty of this too) and I plan to update the article to include it when I get a minute. The honest truth is that most people are still using either EC2 (or equivalent, especially in-VPN equivalents). That’s certainly the case on GCP.
-
Yeah, I don’t disagree. I almost only hear of people using EC2, but I have personally used light sail and had good experiences. It’s not fully integrated into the AWS world like EC2, but it does offer a few managed databases and such. I suppose you can always wire it up to other AWS services yourself, but it might not be as simple as EC2
-
-
-
Can anyone elaborate on Angular being killed? I’m not big in the front end world, but I thought Angular was here to stay, along with the likes of React and others. Why is Angular going LTS? Am I just missing some other context?
-
Angular and AngularJS are two separate projects. AngularJS was the original framework, and Angular was a complete rewrite and departure from the original. AngularJS was being actively developed separately for a while.
So, Angular is here to stay. AngularJS is in LTS and won’t have new development going forward.
-
-
-
I don’t buy this piece. Cloudflare might have some susceptibility to centralizing traffic, but internet infra is already centralized at several layers. The real money is extreme caching of large static assets, so don’t forget that many developers would rather sacrifice some centralization to gain features that are hard or costly to roll yourself.
-
internet infra is already centralized at several layers
This is not a justification in any way.
-
-
I’m working on a digital time capsule app that currently just a single Python file, and I’m also trying to start doing consulting work as a software dev. No luck yet!
-
Clojure - so elegant and fun to write coming from an OOP background. I constantly get hung up when you need to bring in new dependencies due to classpath weirdness. Sometimes, restarting the repl is the fix, other times not.
Python - Love the brevity of it, but I would love some editor help with parameter types. I have to try out mypy still. I use PyCharm, and I’m constantly surprised how little autocomplete and keyword highlighting helps me make sure I am using valid keywords, types, etc. Maybe I’m just underwhelmed with the tools I use….
-
Clojure: Its inconsistent treatment of nil remains hands-down the most common source of errors for the codebases I work on. Also tends to be a memory hog. Also bizarrely omits pattern matching from the core language, which is very silly.
Fennel: Shame that the runtime doesn’t support concurrency. The zero-overhead design goal means that it can’t add creature comforts like map/filter/etc; you need to bring in a library for that.
Elisp: Having functions split out into the lisp-2 namespace makes higher-order functions usually too tedious to be worth it. The built-in functions are inconsistently named with weird historical quirks.
Racket: No matter what the question is, the answer will always be “write a macro”.
-
-
Racket: No matter what the question is, the answer will always be “write a macro”.
Hello, I’m a relatively new Racketeer here and I’ve yet to find a good reason to write a macro and in fact, have read a section of a delightful blog post that suggested reasons to prefer core Racket library functions over macros.
In your opinion, how and why are macros the answer to questions with Racket? Thanks :)
-
There are a lot of things which can be done at runtime in other lisps which have to be done at compile-time for Racket. For instance, Racket wants you to use structs instead of hash tables, which means you can’t do things like deeply nested updates with arbitrary field names; the fields need to be known at compile time. (Lenses help a lot with this, but Lenses don’t ship with Racket; they’re a 3rd-party library) For the most part it’s worth the trade-off to not have to deal with nil and for the errors it catches, but it’s awkward coming from languages that offer more flexibility. (I wrote a bit about it at https://technomancy.us/185)
-
-
-
Doing a demo for work in south Texas! Disadvantages: south Texas, in August. Advantages: I get to see my code fly.
-
I’ve been highly interested in Lua after following the performance of Lua Jit, and seeing how a higher level scripting language can get perf results on par with C. Now I really want to know what all of you are using Lua for! Work, games, embedded?
I mostly use it as a host language for Fennel. I use that to write games in LÖVE. I’ve also done some experimenting with web programming using OpenResty.