1. 5

    This link is more useful: https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html

    By all accounts, Twitter did the right thing here. They’ve owned up to it are advising people to change their passwords. They seem pretty open about the whole thing so far. This looks like an “honest bug.”

    @tptacek even agrees with Dan Kaminsky about it: https://twitter.com/tqbf/status/992202949018431491

    1. 1

      I mean sure lets say it’s an honest bug. How was this even a possible bug?

      1. 8

        lots of frameworks will go ahead and log the entire request params hash by default, and while many will automatically filter fields with “password” in the name, not all do! Who knows if this is it, but there are certainly a bunch of ways with infinite middleware layers, dozens of intermediary proxies handling request data, etc.

        1. 2

          somebody accidentally left a log statement somewhere while testing something and it made it into a pull request would be my guess

          1. 2

            I hope that they provide some insight into that.

        1. 2

          Does anyone know what they’re using for SNI?

          1. 8

            Can you clarify the question? I can find out; do you mean what software we run at the SSL termination layer?

            1. 1

              Yes, that’s what I meant.

              1. 1

                The outer-most layer is Fastly, so they terminate it for us. (Looks like they run varnish, but no idea what’s in front of that doing SSL.)

                1. 1

                  Thanks, could it be varnish subproject “hitch”? Edit; looked at fastly website, difficult to decipher, marketing copy ftw!

                  1. 1

                    It could, but I have no idea. This page seems to suggest it might be a separate service, going by the wording of “separate from the caching engine”.

          1. 1

            As an American, I was really confused by the date of this article. I kept thinking to myself, “Wow, this post is from January and it just now made it to lobste.rs?” Then I clicked on the News homepage to see what other news they had, and promptly realized they’re using the European format (01.05.2018) on the article, but a less ambiguous format (May 01, 2018) for the News homepage.

            1. 22

              It’s not the “European” format. It’s the international format. The US, of course, needs to be a snowflake.

              1. 18

                YYYY-MM-DD is the one true international date format! :-)

                DMY is definitely more widespread than MDY, I’ll agree, but it isn’t used in most of East Asia, besides the US. People in countries that don’t use either of those often find it ambiguous whether a year-last date was intended as a “European-style” or “American-style” date (which in my limited experience is what Japanese and Chinese call those two formats), since both styles are foreign. You can even find examples of all three styles on Chinese universities’ English-language pages…

                1. 5

                  Going by user population size, by international standards, and by rationality (sort lexicographically!), YYYY-MM-DD is probably the only format that deserves to be called international. It’s also much less ambiguous than month-first and date-first, given that the US and Europe do the opposite thing but write it the same way. I suppose someone could write YYYY-DD-MM but I don’t remember having seen this, while I definitely am confused about whether someone is writing in the European/US style from time to time.

                  This is as an American, born and raised. :) I still prefer to write MM/DD, though, because we speak dates that way. Maybe it’s different in other languages.

                  EDIT: Actually, according to Wikipedia, DMY is used by the most people! https://en.m.wikipedia.org/wiki/Date_format_by_country

                  1. 4

                    Other than ISO 8601, I prefer DMY with the month written as a three-letter abbreviation. ex: 01 May 2018. It prevents the confusion over whether 01 is the first day of the month or the first month of the year, and reads in the order one typically cares about while preserving the rank order of the components. When I need a checksum I put the day of the week in front: Tue 01 May 2018. That lets me be confident I didn’t make a transcription error and lets the person I’m communicating with check my work if they need to.

                    1. 2

                      Good point, I definitely think the day of the week as checksum is underused. I always try to include it in scheduling emails in case I mistype a number.

                      1. 2

                        MDY and DMY are equally unambiguous when the month is written as an abbreviation, but a numeric month papers over language differences: It doesn’t matter if you call it “Aug” or “八月”, it’s 8.

                        (That requires everyone to standardize on the Hindu-Arabic numerals, but, in practice, that seems like it’s happened, even in places which don’t use the Latin alphabet.)

                      2. 3

                        In Hungary, though we are in Europe, we don’t use the “European format”. The hungarian standard format is “YYYY. MM. DD.”. I prefer the ISO format for anything international, as it is easy to recognize from the dashes, and avoids confusion. (In my heart I know that our format is the one true format, but I’m happy the ISO has also recognized it! 😉)

                        Edit: To me the D M Y format can be justified, though for me Y M D seems more logical. (specifying a time instance from the specific to the generic, or from the generic to the specific range can both be ok) What I cannot grasp is how the M D Y format appeared.

                        1. 3

                          What I cannot grasp is how the M D Y format appeared.

                          The tentative progression I pieced together last time I looked into it, though note that this is definitely not scientific grade historical research, is something like this:

                          1. When talking about a date without the year, English has for centuries used both “May 1st” and “1st May” (or “1st of May”), unlike some languages where one or the other order strongly predominates. Nowadays there’s a strong UK/US split on that one, but in 18th-19th century England they were both common;

                          2. it seems to have been common for authors to form a fully qualified date by just tacking on the year to however they normally wrote the month/day, so some wrote “May 5th, 1855” and others “5th May, 1855”;

                          3. fairly early on, the “May 5th” and “May 5th, 1755” forms seem to have become dominant in the US for whatever reason; and finally

                          4. much later, when writing dates in fully numerical format became a thing, Americans kept the same MDY order that they had gotten used to for the written-out dates.

                    2. 1

                      In my mind if it’s not the American standard it must be the European standard. Even it encompasses more than Europe. I understand that’s probably not the best way to think of things.

                      1. 6

                        As an Australian, I get pretty annoyed every time I read a US article and have to deal with the mental switch. Even worse because I work for a US company and people throw around “we’re doing this 6/5”, and that doesn’t even look like a date to my eyes — we never just do D/M, so “number/number” looks like a fraction. once I work out it’s a date, I realise it’s an American thing and realise it must be M/D.

                      2. 1

                        I use YYYY-MM-DD for no other reason other than it’s sorts files nicely in a folder.

                    1. 12

                      I thought it would actually be about std::optional, not workspace issues that have nothing to do with the problem at hand.

                      TL;DR: keep your toolchain up to date if you want to use recent language features.

                      1. 3

                        yeah. I suspect better article naming would be better at not leaving people feel like they kept on expecting the article to go somewhere it didn’t.

                        1. 9

                          I think it’s funny because the reader’s experience parallels the author’s experience of wanting to get someplace.

                          1. 4

                            Somebody gets me! :)

                          2. 2

                            Sorry folks :(. But std::optional works as one expects - you can write functions to accept std::optional and you just check early on if it evaluates to true and just return empty as needed, so you can chain functions neatly.

                            Now, if only we could have pattern matching …

                            1. 3

                              I think the consensus of languages with options and pattern matching is “don’t use pattern matching, use combinators”.

                              1. 4

                                Hmm as a full-time Haskeller “don’t use pattern matching” is news to me. Do you mean “don’t use pattern matching for fundamental vocabulary types like Maybe or Either? In which case it’s a reasonable guideline. For types representing your business domain, pattern matching is perfectly good practice. IMHO exhaustiveness checking of pattern matching is an indispensable feature for modelling your domain with types.

                                1. 1

                                  Do you mean “don’t use pattern matching for fundamental vocabulary types like Maybe or Either?

                                  Yes.

                                2. 3

                                  Consensus, really? I’m a big fan of combinators, but I’ll still match on option types sometimes if I think it looks clearer.

                                  1. 2

                                    Ooh, this is interesting to me - can you expand on this (or point me to some writeups)? Thanks!

                                3. 2

                                  Agreed. I read all the way down and nothing significant about std::optional.

                                  I thought it was going to be some sort of piece about how using std::optional could lead to yak shaving or something :(

                              1. 2

                                Nobody likes typing Float::INFINITY or 1.fdiv(0) over and over.

                                uhhhhhhhhhhhhhhhhhh

                                this seems dangerous

                                1. 4

                                  .. does it?

                                  1. 2

                                    OHHHH, fdiv uses floating point semantics I guess. That’s less scary. (And also makes sense - guess I missed the F the first time :))

                                    1. 2

                                      :D Right!

                                1. 5

                                  From a comment:

                                  let gopher stay simple

                                  This. I see interest in Gopher again, but they way they talk about it, they want to talk shit on like Markdown (read; HTML) parsers and essentially turn it into the web over port 70; all because the web sucks. (It does though, so I’ll give them that.)

                                  Gopher’s strength and charm (why we talk about it in the endearing sense today) is its simplicity. Basically having something like the web just without HTTP isn’t very interesting after all.

                                  1. 3

                                    There’s some good threads on this on gopher phlogs arguing over what “simple” constitutes, what makes sense as a natural extention of the protocol and what feels like reverse engineering the web. The way Alex’s wiki page on encryption started feels very much like the latter to me. It was too much as soon as he started talking about adding persistent connections, which undermine the core principle of gopher. He eventually settles on adding TLS, though, which I think falls into a more natural fit. It’s easy to implement on both client and server and can fall back easily enough. It doesn’t fundamentally change the way you interface with gopher, just makes sure that anyone listening in the middle can’t read along. I like it!

                                    1. 3

                                      Wanting to adhere to the core principles of gopher, but try saying persistent connections are useless when you’re not in a tight geographic area like gopher would’ve been when its core principles were conceived. (Basically: try living in Australia. Latency sucks.)

                                      1. 2

                                        Yeah, TLS is simple - you just wrap the existing connection. It’s an easy adaption (either via stunnel or via adding a library) and fits other stateless protocols like HTTP fine.

                                        1. 1

                                          I still maintain that the most gopher-ish way to support encryption is via public anonymous gopher proxies which take requests over plain gopher, encrypt them, and tunnel them to an exit node on the other side.

                                          This means:

                                          1. no existing clients need to be modified – even netcat still works fine, and produces plaintext results
                                          2. the IP a request comes from is known only to one of the two proxies

                                          The mechanics of implementing the encrypted gopher proxies is beyond me, unfortunately. (I made an attempt, but ultimately couldn’t figure out the tooling.)

                                          1. 1

                                            …but this doesn’t protect against anyone snooping on your end of the connection? They still have, in plaintext, what server you connect to, your request, and the response. You don’t even need to be a nation-state, just some guy in a coffee shop with a laptop.

                                            1. 1

                                              If this is part of your threat model, I recommend running a local encrypted gopher proxy on localhost and chaining it with a remote pair (preferably having a pair of remote proxies that are forwarding your encrypted stream).

                                      1. 4

                                        It is very likely that AWS, or Linux, or many other services/projects are used by governments for doing bad stuff. I don’t understand what is so different in this case.

                                        1. 7

                                          In this case, you are being personally enlisted to aid directly in the immoral activities, not just using a service that other people also use.

                                          1. 2

                                            In this case, you are being personally enlisted to aid directly in the immoral activities

                                            In the same vein, you’re personally enlisted to aid in killing innocent Afghanis through paying taxes. Oh, and ruining people’s lives for possessing a certain plant, etc.

                                            1. 5

                                              These are obligations imposed on you by the state, which cannot be opted out of, and are quite indirect compared to contributing to a database of pattern recognition whose only purpose is targeted murder.

                                              1. 1

                                                Not sure what you mean, but the fact remains: through taxation, we’re all enlisted to aid in doing all kinds of nasty/crazy/immoral shit that we wouldn’t voluntarily aid in doing. That’s why they need to take our money by force.

                                                1. 2

                                                  Yes, that fact remains. This article is talking about opting out of something voluntary. I’m not seeing the point of confusion.

                                            2. 1

                                              Thanks for the reply. I read the article couple more times but still don’t see the connection.

                                              As far as I understand, if you use AGPL there are thousands of companies who won’t use your library either.

                                              The author’s open source projects don’t seem to be directly used for drone technology, either. Even then their argument looks weak to me.

                                              I support protesting Google for their actions in involving in immoral projects. And I appreciate the author of this article for suggesting one another way to do that but it looks a very weak one to me.

                                              1. 1

                                                I support protesting Google for their actions in involving in immoral projects. And I appreciate the author of this article for suggesting one another way to do that but it looks a very weak one to me.

                                                I certainly don’t disagree that its persuasive power is low; I only argue there’s a big difference in “participating in directly aiding an morally defective project (like reCaptcha hypothetically asking you to select drone targets) with ones own abilities (human image recognition)” and “using a service or project (like AWS) that is also used by morally defective actors (like governments)”. The latter is impossible to avoid (like taxation, as @rama_dan points out), the former possible.

                                          1. 4

                                            There are a few reasons for me clinging to MacOS for work (I’m a network engineer, and I code a bit too). The overshadowing first reason is called Microsoft Office. I wish I didn’t have to use it, but I have so far not been able to properly dodge it and my current employer is entangled beyond belief in the whole Microsoft ecosystem with OneDrive, Teams, Yammer, OneNote et. al. that I’m aware of nice cross-platform replacements for, but stuck with.

                                            Similarly, I’m depending on OmniGraffle to display and create visio (compatible) drawings.

                                            So why not just run Windows? Well, I had a go at that although not by personal choice when I started my current employment half a year ago, where I was handed a mediocre HP laptop while waiting for my Macbook Pro to be available, and it was quite terrible to work with. It became bearable when I had my emacs setup tuned, and I could sort of live inside emacs, but it was a poor substitute for the terminals and unix tools I’ve come to depend on.

                                            Another reason, and that may just me being scared from previous experience running Linux for work, and that’s the whole multiple display thing. I have multiple displays at my home office at different rotations, and a widescreen monitor at work. Switching between multiple displays was never painless when I ran Linux, but that may have improved since then Still the point about different DPIs have been raised elsewhere here, so I believe it at least partly still applies.

                                            And then there’s stability. It is entirely possible to have a stable Linux environment, but not perpetually. Something will break between releases and you’re forced to tinker and be unproductive. I enjoyed that part when I was younger, and I still do for my hobby systems. But for work, I just want things to work.

                                            1. 5

                                              Multi monitor is definitely why I stay on OS X. Perfect it is not, but as someone that has hand edited x.org files in the past, i’ve never had a great experience with multiple monitors.

                                              And osx with nix basically solves all my needs for a unix os. I get emacs and anything else out of there.

                                              If I were to switch to linux on the desktop it would probably be nixos, least then I can easily move between stable islands of software at once with sane backing out of things.

                                              1. 1

                                                I’ve often ran multi-monitor setups on Linux, and the selection of monitors has usually been rather odd. I usually use arandr to arrange and set them up, and… it just works.

                                                Just curious what sorts of issues you had?

                                                1. 3

                                                  Mostly plugging things in and having the window layouts work sanely. Also at issue tended to be putting the laptop to sleep and unplugging the monitor and not having anything come back up until I rebooted the laptop etc…

                                                  In a nutshell, edge cases all over, not that osx doesn’t have its own similar problems it tends not to lose the ability to display a screen.

                                              2. 2

                                                Multimonitor support is 90% of why I’m planning to test drive moving away from OSX back to windows :)

                                                1. 1

                                                  Have you run into the bug where sleeping with a monitor attached causes everything to black screen forever? Haven’t been able to escape that :/

                                                  I’d want to move to Windows too, but the privacy policy creeps me out.

                                                  1. 1

                                                    Yes. It happens not very often, but just often enough to make me irritated at the best of times. (And I still get the occasional panic on plugging in or removing a monitor.)

                                                    1. 1

                                                      I get all my windows moved to one monitor 95% of the time the displays come back on, and there’s a bug in the video card driver (Mac Pro Toob) that crashes everything on-screen (except the mouse pointer) and also crashes displayport audio, but leaves every application running as if everything were peachy. That one gets me every few weeks or so.

                                                      Also, I used to run 2 * UHD displays at 60hz, a third at 30hz. But now I can only run one at 60hz, both others run at 30. It’s fucked and it shits me to tears. When I bought it this was the top-shelf you could get, and while I cheaped out on core count, I went for the higher-end video option.

                                                1. 3

                                                  I predict some ppl will get overexcited & start rewriting

                                                  That really kind of put me off the article… I’ll read it, but I really don’t believe such SMS speak is appropriate for a blog post.

                                                  1. 0

                                                    SMS speak? Language evolves!

                                                    1. 2

                                                      Language evolves, but I don’t recognize ppl as a valid alternative spelling of people yet. Maybe in a few more decades.

                                                      1. 2

                                                        I just figured OP meant Probabilistic Programming Language.

                                                  1. 23

                                                    The funny thing was, most engineers at the company (myself included) had no idea this happened until people started linking this article in chat! Amazingly well-handled by our SRE team.

                                                    1. 0

                                                      In the story submission guidelines:

                                                      When submitting a URL, the text field is optional and should only be used when additional context or explanation of the URL is needed. Commentary or opinion should be reserved for a comment, so that it can be voted on separately from the story.

                                                      1. 26

                                                        I like the fact that posters take the time to put in an abstract. I use that to judge if I should click on the link. I support this use of the text field.

                                                        1. 9

                                                          Abstracts, link to other forms of same submission, Github, and so on have all been favored by Lobsters in votes or comments so far. If anything, we might need to update the guidelines to get it up-to-date on that. Far as abstracts, that’s also a time saver for readers where they can invest just a few seconds in deciding whether to invest a lot more time in main content.

                                                          1. 2

                                                            I’ve no problem with the abstract, I’m just not clear that the submitter is the author. (Is the submitter Peter Edwards?)

                                                            1. 2

                                                              (n00b OP here) I wasn’t sure if I should add the abstract and slides in there, since they are just copy / paste from the video description, but considering the replies, I’ll keep doing this. I think it helps people decided if they should spend an hour watching a presentation or not :)

                                                              1. 1

                                                                +1ing other replies here; I think commentary is quite distinct from “commentary” or “opinion” as a comment should be.

                                                              1. 6

                                                                As a (primarily) C programmer who has been eyeing Rust from a distance with some interest, the author makes a number of compelling points – but from what I’ve read elsewhere…

                                                                No integer overflow

                                                                Enough said.

                                                                No, very much not enough said – if this is an issue you care about, this is a gross oversimplification. Such a description might be accurate for a language with automatic bignum-promotion, where integer overflow can be really said to (within the bounds of memory) actually not happen – Python, say. But the situation in Rust, while yes, probably preferable to the one in C in most ways, isn’t that simple.

                                                                1. 2

                                                                  Yeah, it wasn’t obvious to me why that was ”enough said.” I use (unsigned) overflow on purpose quite a lot in audio programming.

                                                                  I think it’s nice how Swift made overflow trap, using regular arithmetic operators, but added versions prefixed with & to opt-out, e.g. &+.

                                                                  1. 4

                                                                    In case you didn’t check the article 1amzave linked:

                                                                    Rust has .wrapping_<op> methods for 2’s compliment arithmetic (and a few other variants, saturating, checked - which gives a handable error on overflow, overflowing - which wraps and tells you if it wrapped), as well as a Wrapping<T> type that makes the normal operators wrapping.

                                                                    It doesn’t have a fancy &+ syntax though, which is probably a good thing IMO given how rarely wrapping arithmetic is used in general.

                                                                    1. 1

                                                                      Yes, I didn’t know about those before coming here for the comments!

                                                                      &+ is not really special syntax in Swift though, since it allows user-defined operators, for better or worse.

                                                                  2. 2

                                                                    Rust panics on overflow by default, but provides functions that explicitly allow integer overflow wrapping, as well as functions for checked arithmetic and saturating arithmetic:

                                                                    https://doc.rust-lang.org/std/primitive.u32.html

                                                                    This seems like the best of all approaches to me.

                                                                    1. 4

                                                                      Rust panics on overflow by default

                                                                      But not in release mode. (This has bitten me, painfully!) Worth being vigilant while coding in case your code might run into edge cases in production it doesn’t in test.

                                                                      1. 1

                                                                        Thanks for pointing that out! I somehow missed that important detail. I’ll have to keep that in mind!

                                                                  1. 6

                                                                    Important for anyone considering trying this out on Linux: you’ll have serious issues if you install this.

                                                                    I think it’s irresponsible that an issue this serious has been open since November, without the author highlighting the danger prominently in the Readme or somewhere.

                                                                    1. 1

                                                                      Looks like a fix-ish went in 10 hours ago: https://github.com/cknadler/vim-anywhere/pull/68

                                                                    1. 5

                                                                      Based on this writing, it seems that we are yet again separating dev from prod. Use ubuntu/debian base for dev, but build special for production.

                                                                      I thought one of the main points of Docker was being able to run the same container in production. Seems that’s still not going to happen with Docker either. Dev just has to run long enough to make the next commit, and needs gobs of debug built-in. Prod has to run forever and be secure.

                                                                      Seems the only upside you really get with the Docker workflow is similar tooling between dev and production.

                                                                      1. 2

                                                                        From my experience, the difference from dev/prod is not the biggest issue, as long as you have the same images for testing/staging and production.

                                                                        Some teams do not even use Docker images for development and that’s not a big issue as long as you have good CI (at least that’s been a very long time we didn’t have the “that’s work on testing and not in production”.

                                                                        1. 1

                                                                          Use ubuntu/debian base for dev, but build special for production.

                                                                          You can use the same images for development/testing, though? You might install a few extra packages into your dev environment (gdb, …) with the same base Dockerfile.

                                                                          1. 1

                                                                            If testing becomes production, I think the goal would be having production and testing IDENTICAL, or as identical as you can make them. Otherwise what’s the point?

                                                                          2. 1

                                                                            You’re right, you should strive to keep containers immutable. Having two Docker images for the same code defeats the benefit of having a CI pipeline with promotion across environments. The article doesn’t shed much light on what’s best practice when it comes to packaging applications for dev/prod. But the author seems to suggest that there’re better ways to debug containers than attaching to it. I suspect he’s referring to health checks for readiness & liveness and a proper logging library to record logs. Also, it’s generally slower and more tedious developing an application within a Docker container. Usually, it’s much easier to work locally on the code and then let CI package the immutable container. The Docker image is akin to a jar or a deb file. You don’t build those differently for dev or prod.

                                                                            1. 1

                                                                              I would think monitoring, metrics and logging would be the way to debug production in most cases. In general you just want the starting inputs and the output errors, so you can replicate the issue in dev to fix. If you can’t replicate it, then you have to break out dtrace and friends and get serious, which is super annoying.

                                                                              Well you might build your jar or deb file differently, you might strip out debugging symbols in production, it’s pretty common actually.

                                                                              I agree developing INSIDE a docker container is way annoying. I think the dev answer for Docker is to run all the extra crap your code depends on in development. I.e. my code needs Redis, a PG instance, etc to to work right, so I’d run Redis and PG in Docker for dev, but still do main code locally, if possible. Harder to do if you are writing *nix apps on Windows for instance, but :)

                                                                          1. -4

                                                                            Some aphorisms apply:

                                                                            1. It’s a poor craftsman that blames his tools.
                                                                            2. Be the change that you wish to see in the world.
                                                                            1. 20

                                                                              Fair warning, this is a rant.

                                                                              It’s a poor craftsman that blames his tools.

                                                                              This aphorism is the reason I quit HN all those years ago. It is absolute trash. A much improved version is “A craftsman takes responsibility for the tools they use.” This is still irrelevant to the article that was posted, but it has a chance of being useful in some discussion happening somewhere, probably (but if I were to bet on it, I wouldn’t).

                                                                              What if you’re being forced to use bad tools? What if your tools are actively sabotaging your ability to work? What if your tools really are the biggest source of pain and distraction? What if not using the tool will be held against you? What if not using the tool will get you fired? What if the tool genuinely does the opposite of what it claims to do?

                                                                              What if you’re sitting down to really think about the impact your tools have on your work, and seeing one of them come up severely short? Is that blaming [their] tools? Or should we all just put up with whatever we’re handed, because it is always on us as craftspeople to take on the full burden of bad tools—even when there is no good reason—and just slog through it as our lives unhappily waste away?

                                                                              I wish people would be more honest with this whole “a poor craftsperson” thing and just say “I think you’re bad and that it’s your fault,” or even “quit your bitching”. It’s still a lowest tier comment, but at least it’s direct.

                                                                              And yes, I’m going to continue to use gender neutral words because I want to…

                                                                              Be the change that you wish to see in the world.

                                                                              Yeah, that’s why he’s writing about it.

                                                                              Some aphorisms apply

                                                                              These ones don’t, but it’s easy to miss that when you don’t attempt to justify the application of those aphorisms.

                                                                              The article is a) an analysis of the ways slack can decrease organizational productivity, even circumventing individual countermeasures, and b) a call to action to change the culture that embraces slack.

                                                                              Neither of your aphorisms meaningfully interact with the two (clearly expressed) core ideas of the article, in any way.

                                                                              1. 2

                                                                                Thank you for this. You’re spot-on.

                                                                                The craftsman metaphor is terrible, when applied to programming. It says “his tools”. In the workplace, you don’t use your tools; you’re forced to use their tools.

                                                                                Slack (as often used) is terrible, and Jira is worse. These have become tools of managerial surveillance; they are tooled used against, not by, workers.

                                                                                1. -2

                                                                                  Maybe a poor craftsman blames his manager.

                                                                                2. 0

                                                                                  I used the first aphorism correctly, and I am also aware that a lot of people are triggered by it.*

                                                                                  If the tools suck don’t use them. If they’re valuable but flawed be constructive? It doesn’t have the same ring to it. Slack has a place, what’s the alternative? IRC? A directory with everyone’s phone numbers in it? There’s no ‘turn off notifications’ button for your manager taps you on the shoulder twice an hour.

                                                                                  The article didn’t read as a call to action to me as much as a long poorly formatted ramble by someone who was having a adverse reaction to their current work environment.

                                                                                  It’s a flawed workplace culture… Are they blaming someone else’s tools? Is that better?

                                                                                  Which gets into the second aphorism. I think the author should talk to his manager/coworkers or quit instead of writing passive aggressive blog posts.

                                                                                  If I’m really going to lengths to make myself absolutely clear. By talk I don’t mean go on crusade against the tools, they fail to present any alternatives in the post! (Besides use email for everything, maybe they’re too young to remember how difficult that was.)

                                                                                  *Maybe I was hoping to get a rise out of someone. Plato was fond of the Dialectic, maybe I am too.

                                                                                  1. 1

                                                                                    If the tools suck don’t use them.

                                                                                    You really seem to have not read the post you’re replying to:

                                                                                    What if you’re being forced to use bad tools? What if your tools are actively sabotaging your ability to work? What if your tools really are the biggest source of pain and distraction? What if not using the tool will be held against you? What if not using the tool will get you fired? What if the tool genuinely does the opposite of what it claims to do?

                                                                                    That addresses your ~first aphorism~ really quite neatly. They’re blaming someone else’s tools, sure, because they’re to blame. Rejecting reality because you have a pithy quote that suggests you should is not productive.

                                                                                    I think the author should talk to his manager/coworkers or quit instead of writing passive aggressive blog posts.

                                                                                    Who’s to say they’re not doing that too? Writing a post like this has value as well; it lets a wider community reflect on it, submit comments (there have been some useful ones here, this thread notwithstanding), and possibly come up with some mitigations or thoughts on how future tools could do better. This is not a new concept.

                                                                                    “Be the change you want to see in the world” is great when you’re all-powerful, but that’s almost never the case in real life.

                                                                                    and I am also aware that a lot of people are triggered by it.*

                                                                                    christ man, get back to HN

                                                                                    1. 1

                                                                                      I have never been on HN… That’s a personal attack, it’s toxic, you shouldn’t do it, I shouldn’t get into the mud with you by responding.

                                                                                      Nobody is being forced to do anything here. A good crafts-laborer would realize this. It’s an apt aphorism. It’s not a dangerous idea to suggest that a worker can determine the conditions under which he works…

                                                                                      Just because I used an aphorism and that’s something that trolls do doesn’t mean I’m a troll. I didn’t expect to get any upvotes for an unpopular opinion voiced in an unpopular way, but I also didn’t expect so much hostility!

                                                                                      1. 5

                                                                                        I am honestly interested in the mechanism by which a craftsperson could determine the conditions under which they work, assuming a standard capitalist employee-employer relationship.

                                                                                        If we all tend to agree a person needs to work in order to make a living, I find this might be possible if you’re “your own boss”. Even then you probably have clients, and they tend to demand their own sets of tools and processes you need to adjust to. This isn’t only a matter of IT: my dad worked in a car repair shop, and they really didn’t have a choice with regards to the diagnostic hardware and software they could use, nor the hardware they used to do the actual repairs (it’s mostly proprietary, and dependent on the manufacturer).

                                                                                        Of course, you can always quit and find another job with better tooling; IT people today are severely privileged since jobs are abundant and we’re in very high demand. It’s certainly not unreasonable to expect this won’t be the case forever, and actually discussing problems with the tooling (and management, and processes, and …) seems like a good thing to do if you want to improve your working environment.

                                                                                        1. 1

                                                                                          My mechanisms are the same as yours. Employers by and large are people too. My grandfather was an auto mechanic too, and he had his side projects just like I do.

                                                                                          I think the only point we actually disagree on is whether this blog post is constructive.

                                                                                        2. 3

                                                                                          That’s a personal attack, it’s toxic, you shouldn’t do it, I shouldn’t get into the mud with you by responding.

                                                                                          Your flippant use of the word “triggered” is what’s toxic.

                                                                                          It’s not a dangerous idea to suggest that a worker can determine the conditions under which he works…

                                                                                          No, just dangerously wrong.

                                                                                          1. 0

                                                                                            Discussing triggers big and small is important. I can’t think of another way to put it, but being triggered by the use of the word triggered isn’t a mentally safe place to be.

                                                                                1. 5

                                                                                  Someone had my GitHub username or I registered my account a long time ago and didn’t add an email address/lost my password. The account was dormant (no repos). I emailed GitHub and asked to take the username and they gave it to me with no questions asked. I’m quite grateful for this.

                                                                                  As for the article: by this same logic it seems to me that you should also argue that domain names should be forever too…

                                                                                  In FreeBSD we heavily use GitHub in the ports tree. We have SHA256 on our distfiles so if someone acquired a previously active account and tried to serve malicious code from the repo it would fail. Several times I have caught projects changing their git tags via the ports tree throwing checksum errors.

                                                                                  1. 2

                                                                                    I emailed GitHub and asked to take the username and they gave it to me with no questions asked. I’m quite grateful for this.

                                                                                    Worth noting we have a set of criteria around account inactivity/there must be no repositories with content/etc. around doing this.

                                                                                    1. 3

                                                                                      Windows 3.0? I don’t see anything related in the page.

                                                                                      1. 2

                                                                                        Gah, it ate my link. Not sure how to edit the URL. I can change everything else.

                                                                                        1. 2

                                                                                          A mod might be able to help!

                                                                                      1. 2

                                                                                        I thought this was going to be explaining Monads using things in the kitchen or things a non-tech person would do in everyday life. I was disappointed it was just code.

                                                                                        1. 2

                                                                                          instance Monad Knife where

                                                                                        1. [Comment from banned user removed]

                                                                                          1. 12

                                                                                            It says it in the article. The guy developed the computers but not the business. All kinds of companies and people were building computers and their parts. There was a missing component of marketing and business strategy that forms ecosystems in the market. That’s what the women came up with along with starting the business, financing it, etc. Those kind of techniques are what made Dell, Gateway, etc rich.

                                                                                            Tinkering technical geniuses building better hardware continue to languish in obscurity, barely make any money, or their companies fold to this day. Especially in space FPGA’s target. Those bringing in marketing folks or focusing on product development more than technological excellence do a lot better on average.

                                                                                            1. 4

                                                                                              womyn

                                                                                              Dude, at least try to obscure your trolling.