1. 3

    I gotta correct something about the article. Spotify doesn’t use Electron itself. It uses a lower level and faster relative to Electron, the “Chromium Embedded Framework”(https://en.wikipedia.org/wiki/Chromium_Embedded_Framework). I think it consumes less memory and power than a standard Electron App.

    1. 5

      But it’s still running a chrom(ium|e) instance, which is way to heavy for some older/low end systems.

    1. 1

      When I saw the word Kinds I was expecting something more in the tone of Haskell’s Kinds.

      1. 3

        It looks like they have gone full circle here: services -> microservices -> services (macroservices)

        1. 3

          It’s not a circle, it’s a pendulum. Just like moving more stuff to external dependencies vs. into your own code base. Or like moving functionality to a network service vs. shipping it as a library. Or mono-repo vs. a repo per library.

          Such pendulums exists because there aren’tt really that many architects able to find a Goldilocks zone. Instead most teams follow hype, overdo it, then overcorrect and create more hype for others to follow.

          1. 4

            It’s a pendulum because it’s not well understood to be fundamentally a set of cultural practices supporting an organisational model.

            Instead, senior leadership (mistakenly imagining development practices to be portable with only moderate effort) attempt to copy the tooling/practices of whichever organisation has communicated best about how tooling/practices enable their success - regardless of how poorly that fits the organisational model.

        1. 3

          Regarding a more detailed feedback and code review. I’ve had bad experiences before.

          I did a code review for a candidate applying for dev. He asked for more detailed code review and then didn’t take the feedback well. I suspected something like this could happen so I actually asked a very Senior dev to check my feedback before sending it.

          After a couple similar cases, HR stopped sending detailed feedback

          1. 1

            While it’s a nice idea that even when you don’t get the job, the company can still give you feedback to help you learn something from the experience, I can’t imagine it ever really working out:

            1. Can you be sure that the person reviewing your code is suitably experienced? You’re potentially just getting a random employee’s opinions.
            2. Do you expect a thorough code review, given that it requires the company to continue investing employee time in a candidate they have decided not to hire?
            3. Besides the waste of time, there are potential legal pitfalls for a company giving any sort of feedback: Better for them to say nothing or quote an HR-approved response than to risk anything that could even suggest discrimination in their hiring process.
            4. Assuming you get some feedback, at least part of the feedback will be focussed on why you/your code aren’t a good fit for that particular company, and won’t necessarily apply anywhere else.

            Put all this together and I can’t see why you’d even bother asking for feedback. I would, however, be interested to hear from anyone who has received useful feedback after an interview or similar.

            1. 1

              I agree that this isn’t a great idea. There are too many things that can be used against you as a company. On the flip side, I’ve been in scenarios where I wanted to know why they passed and wished they would’ve provided information. It ended up making me seek out help outside of my own circle though, and got me involved (briefly) with some open source stuff.

            1. 1

              What would Jesus do?

              1. 18

                I have the impression that under many companies standards, Dan wouldn’t be hired. I’ve made a couple of interviews and probably I wouldn’t recommend him either (that is if I wouldn’t know he was Redux’s creator). I know that Jack of all trades and master of none is something that in general few companies (if any) would be hiring for. But, this has made me re-evaluate how the process and criteria should be handled. Awesome post!!!

                1. 14

                  I know that Jack of all trades and master of none is something that in general few companies (if any) would be hiring for.

                  As a jack of all trades, I find/found work just fine ;)

                  1. 5

                    Same here, I change jobs every one or two years to some kind of software developer I haven’t tried before. Every company seems to want one or more tech generalists.

                  2. 3

                    Some of the best interview advice I ever read (can’t recall where) was along the lines of - “Your job as an interviewer is not to just find out what the candidate doesn’t know, but to find out what they’re really good at”

                  1. 1

                    I like the examples, I never really touched a large code base in C++ so this comes as an enlightening. However, it might be too late for c++ considering that Rust has gained so much traction for most of the scenarios where c++ was the de facto tool. I just started to learn Rust and so far looks like a good mixture between C++ and Haskell, at least on the conceptual part

                    1. 7

                      it might be too late for c++ considering that Rust has gained so much traction

                      This is probably a biased view based on what you’ve been reading. Echo chambers and such. You won’t see me in online discussions putting so much time into research and careful comments about C or C++ because they’re useless languages that better ones will beat in a few years. Quite the opposite: beating them, if even possible, will be an uphill battle.

                      Although I’m a C++ opponent, I will gladly admit it has massive usage with even new projects doing big, performance-sensitive stuff often defaulting on it due to all the work done on compilers, libraries, education, and so on. Lots benefits from prior investments and social/market inertia. Rust is a drop in the bucket in uptake compared to where C++ is at. They could even grow at the same speed with the kinds of improvements C++ is getting. Who knows.

                      So, I focus on the cost-benefit analysis of what each brings with my preferences leaning toward Rust for its high baseline of safety with low-cost abstractions. A better C++. Far as stable ones, Ada and D are also contenders here. I push Rust since its backing by Mozilla with great, community approach have gotten it further than the others by far. Considering social and market forces, it’s the best C++ alternative so far.

                      1. 1

                        I haven’t looked closely at Rust recently so maybe someone can correct me, but Rust does not appear to have anything as powerful as C++ templates which allow for some advanced metaprogramming and compile-time computation and code generation. Generic programming is the most beautiful part of C++ which many competitors fail to deal with (except D, which has great support for generic programming).

                        1. 1

                          It has macros, which I understand can do that sort of thing, but I don’t know how easily.

                      2. 2

                        Rust has a lot of people talking about it but not nearly the same amount of people using it. It’s one of the much-talked about less-used languages. Haskell used to dominate that position. C++ still has much more usage than Rust, by a very wide margin.

                      1. 14

                        It’s worth to note that it was long ago that uBlock had a commercial owner. Therefore, the recommendation was to use uBlock origin, which was a fork from the original co-author of uBlock. So, as long as you use uBlock origin… Dismiss this story

                        1. 6

                          If I recall, was it not gorhill who made uBlock, and in an alien event, handed that over to Chris, which in turn made uBlock the monster it is today? Please correct me if I’m wrong.

                          1. 1

                            That’s my recollection of that history too

                        1. 2

                          Idris is an awesome language to dive into dependent types or go beyond Haskell. The book takes you by the hand with great examples. I’m thinking that the reading CSV example couldn’t benefit much from using dependent types.

                          1. 2

                            I think that the idea behind using Lodash is to avoid having to rewrite many functions. Yes, with the new ECMA standards you can actually write them in a neat way. But, it doesn’t mean that we should be reinventing the wheel every time.

                            Also, I replaced Lodash with Ramda a long time ago. Maybe because I came from Haskell and I really needed the base library functions.

                            1. 1

                              ES6 features also allow to do away with the need to use a function altogether, for example omit is unnecessary in the presence of destructuring. They are even removing it from lodash in the upcoming version.

                            1. 1

                              Sincerely, I didn’t see why it was useful to make this example with clojure if at the end they would simply make and FFI

                              1. 2

                                I think a big advantage is that all the steps along this process have well documented installation mechanisms, even if its heavy handed.

                                The C++ example would be great, except that now you are managing C++ builds. And for a lot of people this is tricky! I still remember suffering a lot when trying to learn game programming purely from build-related issues. Stuff that gets a bit nicely handled in newer ecosystems

                              1. 0

                                A group of Lobsters? on LinkedIn, count me in. Just sent a request

                                1. 4

                                  Since no antivirus will do something and some adblockers won’t block it. I’ll just post my five cents

                                  127.0.0.1 coinhive.com www.coinhive.com
                                  
                                  1. 2

                                    I’ve been trying this for a while, and was happy to find coinhive already in it when I heard about it a few weeks ago.

                                    1. 1

                                      Awesome, I had never come across a curated list of that kind.

                                  1. 4

                                    Why are we just knowing this. Networking, drivers and web servers, basically a bunch of vector attacks to gain control over the CPU which has lower ring than Ring 0. Could we assume that people (NSA, white/black hackers, etc) with this knowledge are already taking advantage of this?

                                    1. 11

                                      Everybody who read the manual knew about this (except maybe the fact it’s minix based). https://www.intel.com/content/www/us/en/architecture-and-technology/intel-active-management-technology.html

                                      1. 1

                                        I beg to differ. For the record, not even Tanenbaum knew about it. That is, of course, until he read this link

                                        1. 1

                                          except maybe the fact it’s minix based

                                          That’s what the thread is about. I agree on the other point as I hated arguing about Intel randomness instructions and such when the manual said it was backdoored in another way.

                                        2. 4

                                          Minix wasn’t being used until the ME transitioned to an x86 core, which happened with Skylake.

                                        1. 3

                                          It should be enough by salting the password with a site secret before hashing the password, right? Or Am I missing something

                                          1. 10

                                            He is not sharing compromised hashes. The list is full of passwords that were associated with one or more account in plaintext or otherwise cracked. The reason he gives out the information as SHA1 hashes is to increase the effort required to have the full list of passwords in plaintext. This allows people knowing their own passwords to hash them and see if the hash is in the gigantic file but someone else wanting to use this ie. as his john the ripper seed would need to spend significant time on brute-forcing all of those first.

                                            1. 3

                                              I don’t honestly see much difference than just releasing the passwords, I know people in the competitive password cracking scene will chew through the vast vast majority of these in days time. I actually use the hashes.org leaked list on penetration tests, and they have a wonderful % cracked statistic for each of the password lists as well as the plaintext download. I predict that it’ll be 95% cracked by the end of the weak.

                                              1. 5

                                                know people in the competitive password cracking scene will chew through the vast vast majority of these in days time

                                                People in the competitive password cracking scene most likely already have access to this data - it’s all publicly accessible anyway somewhere or other.

                                                1. 2

                                                  Troy said some passwords reveal personal information. I can only imagine what could potentially be around behind those hashes.

                                                  I predict that it’ll be 95% cracked by the end of the weak.

                                                  It at least gives the general public a week to check if their re-used password is there, with an easy web interface to test that. People who know what they are doing are not really impacted by that release… but it can serve as a nice way to make some less technical people more aware.

                                                  1. 2

                                                    Passwords that “normal users” use almost exclusively have personally identifying info (pets, family, street addresses, phone numbers, job titles, etc). I feel like this is just casting FUD about whether accounts are compromised, the effect of showing someone a hash vs showing their passwords in plaintext is surprisingly psychological in my experience. Plus, if I have learned anything since things like the linkedin dumps, no one actually checks to a degree that attackers normally care.

                                                    HIBP has been around for ages, this isn’t just a week thing, and it hasn’t changed much in my experience. I always like HIBP because Troy didn’t release it, it always made the barrier to attack having to first find the user information, enter it into the API, check if the list for a match of compromised account with public wordlist, actually match the account. This is essentially releasing it without a couple percent of passwords.

                                                2. 1

                                                  Thanks, i missed that part

                                              1. 1

                                                Wow, I didn’t expect to find monoids there. However, I would have loved if there was a link to more information or how the monoids are used there. I missed that part between monoids and how they are useful for those probabilistic algorithms

                                                1. 1

                                                  MapReduce is actually in the monoid wikipedia entry. Not that this is exactly MapReduce but the idea mostly holds. The Summingbird framework was also based heavily around monoids IIRC

                                                  https://en.wikipedia.org/wiki/Monoid#MapReduce

                                                1. 2

                                                  This is specially interesting considering that with little effort other languages can be integrated with electron. So, in theory somebody would only need to compile for the different platforms the executable (in other language) and add it the corresponding distributable from electron for each platform. I was watching this meetup from somebody ate WagonHQ https://youtu.be/mUAu7lcgYWE. I’m gonna try to create something

                                                  1. 2

                                                    We’ve been using BEM exclusively for all new projects in my department and love it. It has much clearer and simpler rules to follow than most other CSS naming conventions.

                                                    It’s true, you are not going to have a proper grid layout and other styles the CSS frameworks provide.

                                                    There isn’t anything inherent to BEM that prevents you from using a CSS grid. For example:

                                                    <div class="grid">
                                                        <div class="grid__row">
                                                            <div class="grid__column grid_column--3"></div>
                                                            <div class="grid__column grid_column--6"></div>
                                                            <div class="grid__column grid_column--3"></div>
                                                        </div>
                                                    </div>
                                                    

                                                    I realize that the above may look excessively verbose. But there is a good reason for the repetition, which is that it keeps specificity very low.

                                                    1. 2

                                                      Sure, but you could still extract those classes grid__column to something more meaningful to understand the content and structure of the HTML. Later, you could move all that grid logic to an inner class, with a better description of the HTML, by putting it inside a mixin (later imported with a include and most encouraged way) or in the class (later imported with a extend). In any case I usually decouple the grid logic from the classes in my HTML. Because, in the end, using classes that can actually describe the content and structure will make it agnostic to any grid we want to use (CSS grid, Bootstrap, etc) just by adding it to SASS or LESS mixins later (when using preprocessors, of course).

                                                      1. 2

                                                        Yeah. I totally understand why you might want to avoid putting the grid into your HTML. It is pretty fantastic for rapid prototyping by non-frontenders, though. :-)

                                                        1. 1

                                                          My company recently recorded a podcast interview about how we organize our CSS - spoiler alert, we use BEM as a part of our system. We also DO use grid css classes, however, without converting them to mixin into more-semantic classes. I think it’s just easier to see how the content maps to the layout that way.

                                                          It’s been proving a really nice system for growing applications, though. It’s seldom we get caught in specificity wars, and the structure we throw on top of it makes it fairly easy to guess where you’re going to find css class definitions.