Threads for jwk

  1. 8

    Suggested the rant tag because the first sentence includes the phrase “shitty takes”

    1. 1

      For a simple job queue I reach for Beanstalkd. Fast, boring, just works.

      1. 4

        I think the point of the article is to stay away from additional infrastructure.

      1. 0

        Is there an good alternative to switch to?

        1. 2

          In the thread you can read solutions

          1. 1

            I’ll write one if my kickstarter gets funded.

          1. 1

            AFAIK libpostal is the best open-source library for address parsing.

            1. 7

              I remember the first time I re-configured a Linux system by editing a text file, when doing the same task on Windows required clicking through a wizard. That was a big “aha!” moment for me.

              1. 2

                Great concept!

                1. 26

                  I find the ‘I need to edit in a web browser’ argument pretty weak.

                  I run a static website. It’s repository is currently hosted on GitLab GitLab has a web interface to edit files. Changes are automatically tested and pushed to the public through CI. And best of all, as I use markdown I usually prefer to edit in Vim, but I can use a million other tools if I’d like.

                  I’m not too sure about this workflow on an iPad, but I’m sure it isn’t as bad as the article author states for a static website.

                  1. 15

                    GitHub also allows you to edit, preview, and commit directly from their web UI. So no, I don’t buy the argument either.

                    1. 5

                      If he really wanted the pragmatic approach on iPad, he could’ve used Working Copy app, which allows you to edit your code and push it up to your Git repo. Then at this point he could have the setup that is described above, where it’s all automated.

                      1. 3

                        Another aspect that’s important with a setup like this is having a deploy pipeline keyed off changes to the master branch.

                        Between github/gitlab webui PR authorship, and circleci deploying the changes, we don’t need a webui either for our static blogs.

                        1. 2

                          does GitHub have CI pipelines? because you would need to create a CI pipeline to deploy changes from your repo to production in order for the web UI to be usable for this use case.

                          1. 3

                            I don’t use their CI, but apparently yes they do have this.

                            For a team blog I’m working on at the moment, I’m using GitHub’s GitHub Pages mechanisms to automatically deploy whatever is on the gh-pages branch of the blog’s repository. It’s free, it’s easy, and it works.

                            1. 1

                              Yeah, it’s not as robust as GitLab’s but is fairly easy to set up. I was able to go from never using actions to having a commit trigger build and FTP everything over in about two hours [0] and most of that was figuring out sftp command line quirks between Mac, Ubuntu and my host.


                            2. 1

                              I was able to teach a retired journalist to use this workflow (and Markdown) without much trouble. The website was simple, he had a lot of time on his hands, and he was eager to learn.

                            3. 10

                              Agreed, compared to that workflow my argument in regards to using a web browser is weakened. I’ll edit the post to reflect that. Thanks for the feedback.

                              1. 8

                                I think there is still an important point in that argument. The only alternatives that have been presented have been ad-hoc solutions like a headless CMS – yet another separate component that you need to setup – or GitHub/GitLab’s in-browser editing – yet another external service that you need to rely on. With an actual CMS like WordPress, you have a single consistent interface that you can totally own and control yourself.

                                1. 1

                                  That’s true, thanks.

                              2. 5

                                I don’t think this is an easy option for everyone. You still have to know a thing or two about git, github/gitlab, and continuous integration. It might be easy for you, but it’s not easy for everyone. You wouldn’t need to learn an insane amount of stuff, but I imagine it’s still more work than using WordPress.

                              1. 3

                                Embrace, extend, extinguish?

                                1. 1

                                  Scalar is a .NET Core application

                                1. 8

                                  I’m confused. This post says that crypt is limited to 8 character passwords, but the recovered password is 22 chars long. Wouldn’t it have been recovered much sooner?

                                  1. 18

                                    I was confused by this too. I think the part before the colon is the hash, and the part after is the decrypted password.

                                    1. 11

                                      It is clear if you follow the link to the passwd(5) file in the post - yes, the part before the colon is the hash :^)

                                      1. 8

                                        Interesting to see that file, where e.g. a user’s username is ken and the name field shows & Thompson. Apparently that’s a substitution marker:

                                        The full name may contain an ampersand (‘&’), which will be replaced by the capitalized login name when the gecos field is displayed or used by various programs such as finger(1), sendmail(8), etc.

                                        I had no idea.

                                        1. 8

                                          Yup - on OpenBSD, you get emails from Charlie Root! ;^)


                                          root::0:0:daemon:0:0:Charlie &:/root:/bin/ksh
                                          daemon:*:1:1::0:0:The devil himself:/root:/sbin/nologin
                                          operator:*:2:5::0:0:System &:/operator:/sbin/nologin

                                          I also use it for accounts on my machines.

                                          I wish Linux used the same format :^(

                                      2. 4

                                        Oh! That clears up my second question too, which is “why would it take so many characters to describe a single chess move”. :-P

                                    1. 1

                                      > rcpt from:

                                      mail from:

                                      250 2.1.0 OK b26si1910042pgs.432 - gsmtp

                                      How do I do this part? When I hit return after the rcpt line, I immediately get a 503.

                                      1. 2

                                        I think this may just be a typo in the OP. Leaving out the rcpt from: line and just using the mail from: line worked for me.

                                        1. 2

                                          Sorry, it should be mail from:

                                          The second line is actually the command being echoed back at the user but for some reason, I ended up with “rcpt from” instead of “mail from”. It should be fixed now

                                        1. 1

                                          Wasn’t sure about reading this but the Dune quotes hooked me.

                                          1. 5

                                            tl;dr: use Alpine Linux images if you can

                                            1. 8

                                              In the past few years flat user interface design has become the predominating visual style of operating systems, websites and mobile apps. Although flat design has been widely criticized by HCI and usability experts, empirical research on flat design is still scarce. We present the results of an experimental comparative study of visual search effectiveness on traditional and flat designs. The following types of visual search tasks were examined: (1) search for a target word in text; (2) search for a target icon in a matrix of icons; (3) search for clickable objects on webpages. Time and accuracy parameters of the visual search, as well as oculomotor activity, were measured. The results show that a search in flat text mode (compared with the traditional mode) is associated with higher cognitive load. A search for flat icons takes twice as long as for realistic icons and is also characterized by higher cognitive load. Identifying clickable objects on flat web pages requires more time and is characterised by a significantly greater number of errors. Our results suggest replacing the flat style user interfaces with interfaces based on the design principles developed over decades of research and practice of HCI and usability engineering.

                                              1. 7

                                                I did this two or three years ago with Ubuntu. It worked rather well even if a few ordinary tasks like printing over the network were somewhat complex to troubleshoot for her (not sure if Windows is better here though, but hopefully Google Cloud Print did help a lot) and using LibreOffice after years of MS Office 2007 was like taking a step back into the past (yes I showed her Google Docs but she kept using LibreOffice). It was still much better than Windows Vista (I also tried to install Windows 10 but it wasn’t stable at all on her old hardware).

                                                Eventually I switched her over an iPad a year ago. This is a very non-Free-as-in-Freedom solution but it solved almost all Windows issues and all of the few Linux issues :)

                                                1. 2

                                                  Same story here. It’s an easy transition with a Bluetooth keyboard, Google Docs, and an AirPrint printer.

                                                  1. 2

                                                    I did this initially ~10 years ago with Ubuntu, but switched distros because Ubuntu will commit suicide[1] by never removing old kernels, so older partition schemes that had a separate /boot will eventually fill up. It’s very hard walking someone non-technical through the steps, remotely, to clean up that mess.

                                                    1. It doesn’t brick the system, it’ll still boot. But no updates will succeed because the kernel package fails due to running out of space. This is, more accurately, a debian-ism more than a ubuntu-ism.
                                                  1. 7

                                                    From the essay, on cathedral and bazaar models of software development:

                                                    Because a cathedral can coordinate, a cathedral can create – acting at a scale above individual action. A bazaar is very useful, but a bazaar does not create. It can grow; it can heal, harden, extend, and expand; but creation requires an individual or a coordinated group.

                                                    and, after admitting an unfair but honest and not corrupt distribution of Urbit space:

                                                    Property is always and everywhere a kind of amnesty. It says: whatever happened in the past, this is now what is. When we all agree that everyone has what they now have, however they got it, we have a formula for peace. When we say that everyone should have what they deserve, we can never expect everyone to agree – which means we have planted permanent seeds of discord.

                                                    1. 8

                                                      I used to work from home as a freelancer and now work on-site for a small family-owned local business in a mid-sized Midwestern city. I would recommend making a similar switch. It doesn’t sound like relocating to work on-site at the startup is an option for you.

                                                      My advice: prioritize your physical, mental, and spiritual health over money. Premature optimization is the root of all evil.

                                                        1. 10

                                                          So much truth on that. That’s THE reason I always tell friends working for startups to stop the hype with graphql, react, go and stuff, and advocate for darn simple Laravel or Rails app.

                                                          The message in the end is KISS or just take the first boring tech that will give you enough time to prove your business to be successful!

                                                          1. 3

                                                            Funny aside: I wanted to contribute to a Laravel app, and damn is it annoying to have to set up a full LAMP stack to do PHP development.

                                                            It’s pretty interesting how PHP is probably the easiest language to get production stuff running, but nowhere near as easy as Python/Ruby/Javascript’s “run the included watch script and you’re good to go” for local development.

                                                            that said if you know how to use the language, definitely worth just using that. Use what you know, and you can always change things later

                                                            1. 2

                                                              Laravel has made this process easier through homestead, if you want to set up LAMP on your native OS it takes a while longer.

                                                              1. 1

                                                                It’s not particularly hard to setup a LAMP stack on your native OS using MAMP or XAMPP.

                                                              2. 1

                                                                Laravel Valet is a Mac-specific option that is more lightweight than the Homestead VM. Both make local Laravel development simpler.

                                                                1. 1

                                                                  Yeah I was trying that out. Still felt pretty uncomfortable with needing that much software to have a dev server working, but the process was a lot better than doing old LAMP stack stuff in Windows.

                                                                  I’m glad that PHP has improved so much over the years, and hope it can keep on improving.

                                                                2. 1

                                                                  Isn’t php -S enough for development?

                                                                3. 4

                                                                  Well Go is also pretty simple, imo. In the “Go Programming Language” book, they already show you how to create a web server in the first introductory/overview chapter, since the ability is quite well integrated into the overall structure (and standard library) of the language. I, personally, would say, when one looks at all the real-life use-cases of Go, that it has passed it’s hype phase.

                                                                  1. 10

                                                                    A web server is nice, but where’s the battle-tested ORM, routing engine, middleware system, view rendering engine, asset handling system, authentication layer, background job handler, countless other built-in parts, plus roughly a kajillion gems that can drop in to provide various functionality?

                                                                    Go is interesting and has it’s place, but it’s got a long way to go before it’s competitive for getting a moderately complex site up and running fast.

                                                                    1. 2

                                                                      I’m gonna preface this by saying that I thoroughly dislike go for many reasons, but criticizing it for it’s “web stuff” capabilities seems really weird, since that’s like the one thing it’s good at. Out of the things you mention:


                                                                      Not really an ORM but equivalent functionality:

                                                                      routing engine, middleware system

                                                                      Provided in the standard library.

                                                                      view rendering engine, asset handling system

                                                                      I’ll admit Go’s handling of this is pretty bad.

                                                                      authentication layer

                                                                      Depends on what you need to do, but this is definitely covered by /x/crypto or /net/http.

                                                                      background job handler

                                                                      Goroutines are like the best part of go.

                                                                      countless other built-in parts, plus roughly a kajillion gems that can drop in to provide various functionality?

                                                                      Uh…I’m not totally clear on what else you think is missing for rendering a web app

                                                                      Go is interesting and has it’s place

                                                                      What do you think is go’s place? Cause I think go is awful for systems level programming, and really it’s only niche is “web stuff” and command line apps.

                                                                      1. 4

                                                                        Honestly, this seems to me like comparing an auto parts shop to a car dealership.

                                                                        ActiveRecord has its warts, but the Go SQL built-ins are super bare-bones, lets you execute hand-written SQL queries and that’s about it. No comparison IMHO.

                                                                        I will admit that I was not aware of Go’s ServeMux, which is a bit better than I thought. I only skimmed the docs for it, but they’re like a page long. The manual for the Rails router is at least 20 times longer. I sure don’t see a standardized middleware system, or where you would even put one, given how close to bare metal the web APIs are.

                                                                        And comparing /x/crypto to something like Devise… well, even the parts shop to car dealership analogy is woefully inadequate. There’s a huge number of ways to do web security wrong. Throwing Devise into a Rails app gets you automatic best practice implementations of almost everything. Pointing somebody at a pack of implementations of bare crypto algorithms and telling them to roll their own everything… that’s a security disaster waiting to happen.

                                                                        And yeah, goroutines are nice. Until you want to implement a job worker on another computer, or have some records of what jobs are running when, automatic retries with exponential backoff, failure logging, etc.

                                                                        I could start writing about some of the many other things, but honestly, just read through the Rails guide for an example of the kinds of things a good web framework should do. May the gods of code spare me from having to rewrite all of that stuff from scratch in another language to build a webapp, or from having to maintain a webapp where some other developer rolled all of that stuff from scratch and I have to figure it out.

                                                                        1. 3

                                                                          I use rails and go for several things, and this is a grossly inaccurate comparison.

                                                                          The sql packages are not even close to the query generation and object mapping in rails, and there’s nothing close to that level of functionality on GitHub.

                                                                          The standard library routing has no support for parameter extraction, nor separation between http methods. You can put together something useful by combining third party stuff, but it’s not orthogonal to middleware, so you have to glue them or pick middlewares designed for your router.

                                                                          For authentication, rails has straightforward ways to check auth before running an action; go has bits you can put together yourself and hope you got it right.

                                                                          Goroutines are great but are not a background job handler. Failure handling, retries, logging job state etc are all solved easily in rails; build those yourself in go.

                                                                      2. 7

                                                                        Okay, if you say so, but it’s far from providing you all those bricks the author is writing about.

                                                                        I feel you’re totally missing the point of my comment and simply reacting on me categorizing go as potentially hype.

                                                                        1. 1

                                                                          Maybe, I can’t say for sure. I am no webdev, and my interest for startups is nonexistent, maybe even negative. But what I understood you saying, and the author, was to reject the use of newer technologies, because they are new.

                                                                          Take for example the most highlighted passage from the article:

                                                                          Building a product is not about using the latest and greatest technology.

                                                                          All I wanted to point out, in regards to what you said is that this doesn’t “automatically mean to reject any newer, maybe even better fit technology (and that Go isn’t necessarily a complicating factor). I’d agree that one shouldn’t go overboard, and use some one-week-old language for everything, but that’s the same extreme as insisting to use COBOL on the other side. And after all: From what I was told, businesses are all about “risk”, so isn’t this a good example for that?

                                                                          1. 3

                                                                            Not exactly because they are new but because they lack the bricks Rails for example took years to have.

                                                                            A common bias too, Go is a language, not a framework (although it has nice primitives for web).

                                                                            But I get your point and I tend to agree to some extent.

                                                                      3. 2

                                                                        React can be treated as proven library, I think. And it speeds up UI development considerably. Of course if you require JS UI at all, and just static forms are not enough.

                                                                        “jQuery way” becomes painful really quick, even with very simple UIs. Server-side things like Rails or Django are usually good enough and not need to be replaced with something more “modern”, but js-side hype tech is born from pain and frustration, so I would not dismiss React, Webpack (Rails has integration for it now) and even fringe technologies like Purescript.

                                                                        1. 2

                                                                          Go is not hype, BUT for making CRUD webapps and not something that requires an application server I’d agree. Go is a good choice when you start needing to proxy data, do long running connections, write a chat server etc.

                                                                        1. 3

                                                                          I know nothing about economics. One thing I know - besides that a currency is only worth what people’s sentiment about it’s backer is (how liquid it is) - is that inflation is one of the key drivers of growth. If you think sitting on your pile of monetary instruments is going to make you richer, you’d rather sit on it. If people told me that my $1 today would be worth $2 in one year, I would hold. Instead I’m told that instead it will be worth $0.9 and if I put it in the stock market it will be worth $2 - taxes, so I do that.

                                                                          Governments also can influence the economy by printing more or less money. When done sensibly this can cushion the boom/bust cycle which has been with us for ever.

                                                                          What is the corresponding incentive in Bitcoin for spending bitcoin as opposed to hoarding it?

                                                                          1. 1

                                                                            The wealth effect. It’s the idea that as people become richer they will spend more.

                                                                            1. 1

                                                                              Note that inflation is a bad deal for low-income earners who can’t afford investments as well as lesser-clued people who choose not to.

                                                                              Maybe the best case against inflation is that because it narrows down on investments, we need inflation to keep startup bubbles and shit going, so we don’t have even more people in poverty.

                                                                              1. 2

                                                                                Inflation / deflation is tricky.

                                                                                Most everyone agrees that in a society that depends on credit to function - i.e. ours - deflation is bad. Not only does it disincentivise pure spending/investment, it also raises real interest rates, making existing debts very expensive to service.

                                                                                Too much inflation is bad too, because people will hesitate to lend money if they can’t get a decent return over a longer timescale.

                                                                                Moderate inflation is generally accepted to be a good compromise - people are incentivized to invest money in other ventures than just interest-bearing instruments, and it also keeps real interest rates manageable.

                                                                                You know who doesn’t like inflation? People with lots and lots of money. When you’re part of the 0.1%, there’s simply not that many ventures that give a positive rate of return that will beat inflation slowly eroding your net worth.

                                                                                Before people thought long and hard about this, credit crunches, booms and busts were just a fact of life. Then smart people realized that they could guide/manipulate the money supply and interest rates and thereby keep the variable “inflation” at an optimum.

                                                                                1. 0

                                                                                  (I meant to say deflation up there, that’s what might disincentivize investments)

                                                                                  The smart people did us all a real big favor with negative interest rates and all that, for sure. People here buying up apartments at ridiculous prices because the rates are so low. I mean, folks get tired of waiting when it’s taken a decade of crawling economy to buy a home. Especially when the media says we’re out of trouble though youth unemployment is in the double digits.

                                                                                  The smart move might still be to rent and invest on something that’s sure to give huge returns by retirement.

                                                                                  I’m sure there’s something out there worth investing in. Surely a pension plan has never failed anyone, just as inflation and interest rates, national debt, regulation and laws have never failed, because smart people (voted in by smart people in total agreement) thought about them.

                                                                                  Waiting for the troll downvotes, but I’m not entirely wrong on this.

                                                                                  1. 1

                                                                                    I’m not saying you’re wrong. There’s a lot of things that are dysfunctional in the global financial system when looked at certain axes.

                                                                            1. 3

                                                                              I use git add --patch when I have a lot of distinct changes to commit. That way git walks you through all changes so you can choose which to stage.

                                                                              1. 1

                                                                                Here’s a great overview of git add –patch and –interactive