1. 2

    My company is finally (about 3 months overdue now) going to celebrate our launch with a small party for family and friends. It’s funny how quickly time flies when you’re try to get a business off the ground.

    1. 3

      Because I must’ve missed it if it was linked at all in the blog text, a link to the source for the GLB “director”: https://github.com/github/glb-director

      1. 1

        It’s in the second-to-last paragraph which talks about our open sourcing it, but it does deserve a link in the first paragraph.

      1. 4

        I much prefer the idea of using something like transparent content negotiation or other similar means of letting the client and server of a website determine which content is necessary given a device’s preferences and capabilities.

        I’ve never actually seen this implemented unfortunately (outside of certain APIs, but not web pages), but I can dream…

        1. 1

          Unfortunately, despite browsers and servers supporting negotiation, most CDNs do not obey the Vary header even if you set it.

        1. 4

          About 25% into Bad Blood, which is the insane story of the biotech startup Theranos, from it’s early days all the way up into the ongoing investigation into how it faked it’s way into tens of millions of dollars in funding from VCs without a working product.

            1. 4

              Ahh! I’ve been waiting for him to finish that book. Thank you for reminding me.

              Have you read Ellen Wood’s book “The Origins of Capitalism”? I found it to be adjacently interesting.

              1. 3

                Haven’t heard of that one, sounds interesting.

              2. 1

                I really liked this book, but only to a certain extent, after which it became a bit repetitive at times. But overall very fun read with incredible stories from the folks who work in bullshit jobs themselves.

                1. 1

                  Good to hear you liked it, I look forward to reading it.

              1. 2

                I haven’t actually used this much, but I’ve been very curious about LessPass, which is meant to be “syncless”. I’m no security expert, so I’m not 100% confident in the exoticism here, but I’d suggest checking it out in any case as an alternative perspective at least.

                1. 7

                  Semi-shameless plug: my company builds software to help automate clean energy project development, which at this point, given the rapid decline in price for hardware (solar modules, batteries, etc.), is really the last major hurdle in getting the biggest consumers of energy (commercial and industrial facilities) to transition over.

                  On the one hand, you could say that my work will benefit from this impending doom. But really, my team sees this more as a ticking countdown to motivate our progress.

                  Also, though I can understand how broadly speaking this may be off-topic, I’d love (perhaps selfishly) to see more energy-tech-related topics on the front page :)

                  1. 2

                    Catching up on sleep, because startup life.

                    Also going to continue working on my educational talk for Incognito Conference, which although is pretty far out from now, I know it’s going to creep up on me and I’ll procrastinate otherwise.

                    1. 3

                      Back to working on a hacking simulator side-project. It’s a “game” per-se with the intent of being a rogue-like (systems are hacked through for some purpose). Exploits can be employed as counter-measures to system security, with the UI being a console with a chat window to lead the “player” along. Commands are UNIX-like, but simplified.

                      1. 2

                        Neat! I was working on a very similar game back in the day, but never really got too far past the initial UI (for time commitment reasons, frankly). I actually arrived on the idea of making the UI accessible by SSHing into a game server, which would then put you directly into a shell process, which itself was the game. This provided a zero-installation game experience that I thought would be neat.

                        Anyway PM me if you want to chat more about your ideas!

                        1. 1

                          Very cool! Deploying through SSH is a great idea and could open the world up to multiplayer (network attack and defend).

                          One area that I’ve struggled with is how to achieve balance. One of the first exploits that you can apply in the game is the “sleeper” exploit which puts a security process (like a sentry) to sleep so that it can be killed. Once security is removed, other operations are possible like getting files (bitcoin) or pivoting to other nodes accessible from this node. I assume that other security processes would have higher security and the sleeper exploit would not work. But finding that balance between measures and counter-measures is difficult (outside of simple rock-paper-scissors mechanics).

                      1. 1

                        I’ve been doing this for years using nanoc with kramdown support, which I’m quite happy with, so I’m not 100% sure how much of this idea overlaps with it.

                        Fulrthermore, kramdown also allows you to render your content for different output formats beyond HTML, which I use for creating both a PDF and a web page for certain content.

                        1. 3

                          …rather not have their digital privacy unknowingly violated

                          The internet is a dangerous place to attempt that! I’m not sure self-reported tags would put a significant dent in it.

                          …I’d like to know the author’s real intentions before clicking on one of these said links

                          That’s unlikely to ever be fully revealed and will most certainly become something we bikeshed to death because there is so much gray area with figuring out someone else’s intent.

                          1. 2

                            And there’s a lot of gray area even when intentions are clear. Some of the best articles submitted (and, yes, the worst) are content marketing. Pretty much everything with a newsletter signup form or on a company domain.

                            1. 1

                              I guess the way I view it is that authors can self-report, but just as with any other tag or curation, the burden is on the community to best annotate these things.

                              1. 1

                                I would benefit from an ad tag.

                            1. 3

                              Work:

                              • Trying to make our convex optimization for energy storage controls run more efficiently and quickly (likely just tweaking these parameters until I get better run times with slightly lower precision)
                              • Continuing to try to raise money in a land where shitty scooters and fruit juicers can raise tens of millions of dollars, but a small clean energy analytics company cannot

                              Home:

                              • Continuing to learn more about quantum computing and planning on writing a basic quantum computer emulator to make sure I understand the fundamentals
                              1. 34

                                It’s a hipster-free

                                This may just be the most hipster thing I’ve seen since COBOL on Cogs

                                1. 6

                                  COBOL on Wheelchair also exists.

                                  1. 5

                                    do not forget bash on balls: https://github.com/jneen/balls

                                  1. 3
                                    • OpenVPN with DHCP options to point to my own CoreDNS with custom ad-blocking filters
                                    • Ghost blog instance with an nginx frontend that plugs directly into Let’s Encrypt for SSL
                                    1. 3

                                      Interesting solution, though I think the problem here is that most of these social media giants provide API access via OAuth authorization schemes (insofar as I know, this is the only way most of these bots could possibly post on social media) allowing non-humans to post on behalf of the human. This largely isn’t for nefarious purposes either–think of all of the cross-app integrations that exist out there that post an update to your Facebook whenever you’ve met a personal running goal or something similar.

                                      So provided a human has generated personal access tokens or OAuth-authorized credentials, a non-human would be able to act on the behalf of the human and post any content it wanted to.

                                      1. 1

                                        Thinking about the use case of automated users (non-nefarious bots), one approach would be to label those accounts explicitly, like Slack does when you use a Slack bot.

                                        1. 2

                                          I haven’t been on Facebook in awhile, but if I remember correctly this is already implemented in Facebook.

                                          Near the time stamp there (used to be) a string that linked back to a website for an app-originated update.

                                      1. 1

                                        I expected this to include syntax specific to Python 3 vs. 2, but in fact it looks like most of this cheat sheet applies to both.

                                        1. 7

                                          Having taught a couple of introductory programming classes to previously non-technical folks, I can’t stress this point enough:

                                          Requiring students to construct their own strategies as they practice applying a skill can result in unproductive struggle. Instead, we can explicitly teach a strategy and properly equip students to learn more from their practice.

                                          It seems like today, a lot of the interviewees I talk to who come out of get-rich-quick bootcamps still treat code like a magical black box because the practice of trying to teach students purely through “doing”. I think by adding just a little bit of this strategy lesson, it can be much more beneficial for longer term development of skills.

                                          1. 2

                                            I’ve done some similar things to speed up my builds and deploys, but for codebases that rely on other system runtime dependencies (libpq, BLAS, etc) I haven’t found a great solution yet outside of using Alpine.

                                            Does anyone else have similar issues?

                                            1. 4

                                              Effective behavioural advertising requires hods of data, and nobody can gather sufficient data enough to compete against Google’s “superprofiles”

                                              I doubt if it’s effective. I see completely unrelated ads all the time, mostly for mainstream things that I hate (mobile games, Hollywood movies, cars). Also I see lots of ads for cosmetics and local nail coloring services despite I’m male. Sometimes I think collected data is completely unused (or used to fit very primitive models) and data collection is just for deceiving advertisers that their ad networks are highly targeted and hi-tech, and for data hoarding.

                                              1. 6

                                                For the most part, when it comes to these sorts of ads, you’re looking at either pricing at a keyword/slot level or in”real-time bidding” with blind auction. Basically, despite having all this data to target (which honestly could happen way better with Google’s dataset) most of it gets destroyed by the heavily-skewed financial incentives of advertising.

                                                1. 5

                                                  Some of the misfires I’ve seen:

                                                  • “He searches a lot about programming and reads a lot of programming stuff… let’s advertise coding bootcamps!”
                                                  • “He just wrote a case study of how his employers use X and the pros and cons of that. I know, let’s send him ads for X!”
                                                  • “He JUST bought Spotify. Let’s advertise Spotify more. And Google Play.”

                                                  A few years ago I did a bunch of research into various robo-advisors and in the end decided to stick with Vanguard. I still get robo-advisor ads (and payday loan ads…) to this day.

                                                  1. 1

                                                    I get similar ads too, but usually for no longer that 1-2 days after searching/visiting sites. This means that they are really using collected data but algorithms are very far from understanding this data.

                                                  2. 2

                                                    For professional reasons I want at least some awareness of the current state of advertising, so I will occasionally disable my adblocker. When doing so, I am always shocked at how irrelevant the ads are. Similar to @hwayne, many of them are for things I have already purchased, and for which a near-term repeat purchase does not make sense.

                                                    Funniest of all is YouTube, where I consistently get ads in five languages, only two of which I could be said to understand.

                                                    1. 1

                                                      Absolutely! This probably is the biggest secret in the world kept in plain sight. To this day, I’ve never really observed two searches with the same terms from two different google accounts differing in any meaningful way.

                                                    1. 2

                                                      Related, “Understanding Computation” 1 has a great chapter on doing lexical analysis and building parsers purely from the perspective of finite state automata.