1. 12

    Guido’s retrospective mirrors many of the points in your article. While this won’t fix past mistakes, we can at least be reasonably confident that the same mistakes won’t be repeated with “Python 4”.

    Regarding the Unicode changes, as a user I’ve seen many cases of UnicodeDecode error: \xef out of range (or whatever it was) errors, and as a developer I fixed many of them in my own programs as well. Python 3 really does make things easier here. I appreciate it’s not useful for Mercurial specifically, and that the current stdlib usage may introduce some problems, but it also solved a lot of them. And it seems to me that the stdlib problems are fixable(?) Or are the Python maintainers unwilling to do so?

    Personally, I rather like Go, and use it for most places where I previously used Python. It has somewhat similar (though not identical) design ethics: most of The Zen of Python applies equally well to Go, perhaps sometimes even more so than Python. Rust, on the other hand, seems more similar to Ruby’s design ethics, which is not a necessarily a bad thing; I worked with Ruby for several years and liked it. It’s just different.

    1. 3

      I’ve thought for a while that Go is to Python as Rust is to Ruby. It’s nice to see someone else say it.

      1. 2

        I agree. I also think Go is to Java as Rust is to C++, and it’s funny that both analogies work.

      2. 2

        I just wish that python had as good of a binary packaging story as Go has. If I could build a python binary that was system specific like Go. I don’t think I would really be tempted to switch. But that packaging story makes me right a lot of infrastructure tools I would have traditionally written in Python in Go now because carrying python around is such a chore.

        1. 2

          Could you use http://www.pyinstaller.org/ ? I haven’t used it myself, but I did use py2exe back in the day to ship a bunch of internal python utilities.

          1. 2

            The article addresses this. Mercurial will be adopting PyOxidizer for distribution, and you can too.

          2. 1

            Personally, I rather like Go, and use it for most places where I previously used Python. It has somewhat similar (though not identical) design ethics: most of The Zen of Python applies equally well to Go, perhaps sometimes even more so than Python. Rust, on the other hand, seems more similar to Ruby’s design ethics, which is not a necessarily a bad thing; I worked with Ruby for several years and liked it. It’s just different.

            I see this a lot, and we’re into the realm of inherently subjective personal here - but Go feels so different to me that I find it hard to grasp the comparison.

            Go’s level of abstraction is much closer to what C feels like to me. I’m back to worrying about making errors in code that I must rewrite myself that would be handled by Python’s batteries included philosophy.

            I’m glad Go makes you happy, and I hope one day to feel the love, but I’m not nearly there yet and still find Python to be far and away my language of choice for day to day work.

          1. 14

            Is this news? I’d suggest you could remove “JS SDK” from the title.

            EDIT: I was being a bit sarcastic about Facebook in general and do not mean to slur the author or article content itself.

            1. 5

              It seems a useful particular piece of information that using Facebook SDK for OAuth login via Facebook leaks more information than using third-party OAuth libraries for OAuth login via Facebook.

              That’s what I think this article is saying, although I can’t say I’m sure of the details; in particular, how much more information does this iframe give Facebook compared to the plain OAuth flow?

              1. 3

                You’re guessing it right, that’s one of the takeaways from the article. Using iframe allows facebook to know at least the website you are on (the parent website) and informations about your browser, ip, etc. They could also in theory get the content you’re seeing on the parent website too but I doubt they can exploit it.

                1. 3

                  And when I use some other library to implement “login with facebook”, don’t they also know the parent website?

                  1. 3

                    That depends on how the library is implemented actually. For facebook, I recommend using an oauth2 library with the code flow. This is a backend integration so no iframe is involved. If you happen to use Flask (python), I also wrote an article on this topic https://dev.to/simplelogin/create-a-flask-application-with-sso-login-f9m

              2. 2

                I don’t see this information mentioned in Facebook SDK or elsewhere so decided to write this post. Facebook is still used by a lot of my friends and family so removing it completely it not feasible for me for now …

                1. 4

                  Try a sabbatical. You might be surprised how little it actually provides for those bonds.

                  1. 1

                    But what about WhatsApp and Instagram? WhatsApp in particular is pretty important for me to connect to people all across the world. Signal just doesn’t have the same market share…

                    1. 3

                      Have you tried suggesting signal to your friends?

                2. 2

                  or “Facebook” and “SDK”

                1. 6

                  Second, the value of social media is shifting away from content hosting and removal, and towards recommendation algorithms directing one’s attention. Unfortunately, these algorithms are typically proprietary, and one can’t choose or build alternatives. Yet.

                  For me, the main issue is having an algorithm directing my attention in the first place.

                  centralized enforcement of global policy to address abuse and misleading information is unlikely to scale over the long-term without placing far too much burden on people.

                  Glad to finally read it from the Twitter’s CEO.

                  1. 7

                    For me, the main issue is having an algorithm directing my attention in the first place.

                    While I agree in terms of most current algorithms on offer, I don’t agree with this as a general principle.

                    A search engine and a spam filter are both algorithms that direct your attention, helping you focus on the things you want to and avoid irrelevant information. The issue is when people with other agendas get in between you and your algorithm. Search engines and spam filters can be corrupted for advertising/propaganda/manipulation just like any recommendation algorithm but without them we would be much worse off. If the algorithm is open, transparent and user customisable then I am all for it and want more.

                    There is too much data in the world and life is short.

                    1. 3

                      I separate between “hard filters” like spam blocking, and a system that decides to hide me some content of a user I decided to follow, instead of showing everything.

                      There is too much data in the world and life is short.

                      True, but for social media, I prefer to follow fewer people and interact more, so it’s perfectly compatible with a strictly chronological timeline.

                      1. 1

                        THIS IS WISE

                      2. 3

                        Agreed; I really hate the way people use “algorithm” to specifically mean “an opaque algorithm outside my control that changes unpredictably”; it’s really unhelpful.

                        1. 2

                          I didn’t say, nor mean, in any moment, that an algorithm is something opaque outside of my control. If you thought so that’s your problem.

                          I don’t want an algorithm re-ordering or hiding the posts from the people I choose to follow. I don’t care if it’s opaque or free software.

                          1. 2

                            It appears many people do want these recommendation algorithms though. If I’m understanding correctly, companies like Twitter and Facebook added them, and then measured user engagement. User engagement went up, and the algorithm was shown to be effective. While there are some vocal opponents of these new recommendation based feeds, the reality is that large companies wouldn’t keep them around if they didn’t increase the time users spend on the site overall.

                            1. 4

                              In my personal opinion, spending more time on the platform doesn’t mean it’s good for the users. Only for Twitter, because they can sell more advertising.

                              Maybe it’s more time spent because you are dealing with some random idiot that called you nazi or something like that.

                              And if large companies want to keep the algorithm, I don’t care, I won’t use that, as I want strictly chronological timeline.

                              1. 1

                                I’m not sure I agree that many people want these algorithms. They have generally been made the default, and sometimes only, choice with the alternative options hidden out of sight (or in Twitter’s case: randomly switching back to the default). Most people just don’t care at some point and just give up.

                              2. 2

                                I don’t want an algorithm re-ordering or hiding the posts from the people I choose to follow. I don’t care if it’s opaque or free software.

                                Ah, but that’s different; at first you said you didn’t want an algorithm, now you said you don’t want algorithmic re-ordering. But sorting the posts chronologically in the first place is an algorithm. So is using your follower list to determine whether a given post should be included in your timeline.

                                1. 2

                                  Facepalm. But actually this makes utter concrete sense.

                                  But still, I think the issue is in where sirikon determines the algorithm is directing attention … I feel like the definition of algorithm is a side quest here because the question of attention-direction is more profound.

                                  The opacity of the hypothetical evil algorithm (some call this opacity “proprietary,” but I think people around here attribute to unfree software qualities that are illusory and/or misdirected anger at unrelated evils) is the source of the mysterious redirection of attention, but I think it is pretty clear if considered thoughtfully that the question of what directs attention is completely vexed, totally bonkers, and irreducible to quibbling, mathematical, verbal, or otherwise.

                              3. 1

                                Not too different from how people use people to indicate generic people who aren’t the people to whom they’re talking but share certain negative characteristics, nor terribly different from how people use calculus to describe all reason as in “it was not a part of McBlergh’s calculus” (it did not “factor in” to McBlergh’s decision making). Curious: What helpful substitutes you can imagine? I admit this could seem to be an incredibly unfair question, unless you admit that you can see that I see that you’re getting at a clear and definite point, which is that “algorithm” is supposed to mean “mathematical proposition” or similar, not “mathematical proposition of evil.” But I am curious. I think it’s fair, if you think about it from other perspectives than highfalutin’ math-lovingness, although I suppose descriptivism is ultimately for the hoi polloi….

                          1. 1

                            I wasn’t sure what the point of this was until I read through some of the motivating use cases. It seems really useful! I hope it becomes a standard, and is adopted by Firefox, Safari, etc.

                            1. 3

                              Mozilla is still working on an official position https://github.com/mozilla/standards-positions/issues/194

                              I think there might be some concerns with cross origin data leakage if the scroll event is observable as focus/blur event from an embedding website, but I better let the experts comment on the issue :-)

                              1. 1

                                Agreed. I have imagined weaker versions of this feature before–simply using some text as an anchor, without the highlighting. Clearly the highlighting is very useful! Or, so I imagine it will be.

                              1. 3

                                This is quite the hack, especially since it relies on virtual memory to work. I wonder if this is something that would work on the .NET or JVM GCs? It also makes me think of that story of the video game programmer that allocated 4MB (I think) “just in case” when developing a video game.

                                1. 7

                                  This does seem like a hack. On the JVM you can just set the min / max heap, which would roughly accomplish the same thing.

                                  When I used to work on web services on the JVM that required low latency, we would generally configure the min and max heap sizes to be the same, and then pin them to a specific amount of memory we had available on a machine type. Then we would tune the new size / eden space to fit the short term / temporary request objects. Essentially what’s described on this page: https://docs.oracle.com/cd/E19900-01/819-4742/abeik/index.html This was a few years ago though, so it may have changed.

                                  I’m surprised golang doesn’t support something like this out of the box. Possibly this issue? https://github.com/golang/go/issues/23044 I guess if the hack works then it’s fine :)

                                  1. 2

                                    I’m not saying that it’s bad to use a hack like that, just that it’s something that definitely relies on a quite a few implementation-defined behaviors.

                                    There are some quotes about how a garbage collector allows you to pretend you have infinite memory. This isn’t infinite, but it is quite the large allocation.

                                    1. 1

                                      Yes, that issue. Both min and max heap sizes seem useful for different situations; some .NET GC developer suggested “you shouldn’t have to know about GC internals” should be the qualification for GC knobs, and it seems like this passes that test: independent of GC internals, you sometimes know you can use X GB of memory before Bad Things Happen, or you know you don’t care about usage up to Y MB.

                                    2. 2

                                      Is the first story here the one you mentioned? https://www.dodgycoder.net/2012/02/coding-tricks-of-game-developers.html

                                      1. 2

                                        I read it from the Gamasutra link originally. It stuck in my head though, and it’s the sort of thing I’d definitely do when faced with a similar type of situation.

                                        I haven’t been there yet, tho.

                                      2. 2

                                        It’s certainly a hack, but we all rely on virtual memory to work. Virtual memory is an integral part of the concept of a process, which is the core abstraction an OS provides. The thing it depends on which is actually notable is over-provisioning, which can be disabled, though in practice, we all depends on over-provisioning too due to the fork/exec pattern.

                                        If you have the choice between adding one memoryBallast := make([]byte, 1024 * 1024 * 10) to the main function and forking the go runtime, making the necessary changes to tune the GC, then deploying your fork to production, then go through the process of hopefully getting your patch upstreamed, at which point you’re either safe or your patches are rejected and you have to maintain your own fork forever… Well, I know which one I’d choose.

                                        1. 1

                                          I wonder if this is something that would work on the .NET or JVM GCs?

                                          At least the JVM’s G1GC uses a horribly named “nursery” so most GC runs only look at new objects, so they’re quite inexpensive. I think it shines in exactly this kind of use case.

                                        1. 24

                                          Copy paste is still horribly ‘broken’. I guess <Cmd>C isn’t a thing on Linux and <Ctrl>C has a different meaning in terminals, so I can get with that. And I guess there are tricky/valid historical reasons for having two different clipboards, but for the end user, it’s just shit not being able to copy in one app and paste in the next if you closed the former.

                                          I’ve moved between Windows, Linux, and macOS in my career with enough time to really get used to each, and the mac approach of using cmd for UI shortcuts is just a superior choice for this reason. It pains me that this isn’t possible in Linux.

                                          1. 6

                                            Haiku (and, I suppose, BeOS back in the days when I did not even have a computer) went in the right-ish direction of using Alt for everything GUI. It’s sad to see Linux GUIs to be influenced by Windows so much.

                                            1. 6

                                              Another added benefit of using cmd for UI shortcuts is that it frees up the control key for Emacs style shortcuts. The fact that macOS supports these out of the box is one of my favorite features.

                                              1. 11

                                                MacOS also makes it easy to remap Control to the correct key position (aka the so-called “caps lock” key, which has inexplicable prominence on most modern keyboards).

                                                1. 2

                                                  The same goes for Linux (console) and ‘Linux’ (X11 etc). Keys can be remapped more or less at will, if you want to use AltGr or Alt as a ‘command’ key you’re free to do so. The main problem here is that everyone and his dog will end up using a different strategy, e.g. I use a lot of Shift-Left_Alt-X combinations for launching sessions on different hosts while those same combinations might do something totally different on your systems.

                                                  1. 1

                                                    It’s not impossible on Windows either but there’s no built-in way, instead you have to hack the registry or use 3rd party tools.

                                                2. 5

                                                  Even if I do say so myself, since I wrote it, I use appmodmap to dynamically remap the keyboard depending on the application. Then I can still use my Mac muscle memory on a Mac keyboard with my Talos II.

                                                  https://github.com/classilla/appmodmap

                                                  1. 1

                                                    How’re you finding the Talos II? I laugh when I see “a price that won’t break the bank” on their site, but I still desperately covet one.

                                                    1. 2

                                                      Well, yes, the sticker shock, but I like it a lot. Very little is missing of what I need a computer to do, performance is well within the Intel ballpark, and it satisfies my personal goals of more owner control and materially supporting viable alternatives to x86.

                                                3. 3

                                                  It pains me that this isn’t possible in Linux.

                                                  This is possible, the WM I use (i3, and now sway) supports setting a modifier key. IIRC the default is the ‘windows’ key.

                                                  Linux is the kernel, and there are a lot of desktop environments and window managers that run on Linux…

                                                  1. 0

                                                    People say “Linux” to mean much more than the kernel. Don’t be That Guy.

                                                    I’ve been using Linux for 20 years, trust me it ain’t that simple. Yes you can set some nonzero percentage of UI shortcuts to use another modifier, but it will not be comprehensive. There will always be one more thing that doesn’t behave correctly, death by a thousand papercuts. Linux is simply not capable of making a sweeping change like this in a comprehensive way.

                                                    1. 3

                                                      What you refer to as “That Guy” is, in fact, “GNU/That Guy”…

                                                      1. 2

                                                        People say “Linux” to mean much more than the kernel. Don’t be That Guy.

                                                        Sure, but if you make ridiculous generalizations like “Linux cannot do XYZ”, then you need to be more specific about the userspace you used… because most of the time XYZ can be accomplished on a Linux-based userspace.

                                                        Linux is simply not capable of making a sweeping change like this in a comprehensive way.

                                                        I disagree. This is a userspace problem, and if the right person were motivated to solve it, it could be solved in some UI toolkit, etc. Will all distros adopt it? Who cares, there are different distros that are all different for a reason.

                                                        1. 1

                                                          you need to be more specific about the userspace you used

                                                          No, I don’t because it literally doesn’t matter. The fact that there are a multitude of UI systems to choose from, that don’t share a unified system of configuration, is the crux of the problem. There is no way to enforce any HIG standard in a Linux UI.

                                                          I disagree. This is a userspace problem, and if the right person were motivated to solve it, it could be solved in some UI toolkit, etc.

                                                          Great, what about all the other toolkits? How are you going to generalize this solution to work with all graphical programs?

                                                          You don’t. It’s fundamentally impossible on Linux.

                                                    2. 2

                                                      Select with left mouse button, paste by clicking the mouse wheel. No keyboard needed.

                                                      1. 3

                                                        The point OP is making is not that it’s easy to copy and paste, but that in macOS you have two “layers” of keyboard shortcuts. Most application shortcuts will use Command (Cmd+C to copy, Cmd+C to paste, Cmd+T to open a new tab, Cmd+A to select all, etc), leaving Control to give text commands (Ctrl+A to go to the beginning of the line, Ctrl+E to go to the end, etc, just like in Emacs).

                                                        In theory, this should also be possible on Windows and Linux by using Control and Alt, but in these OS almost all shortcuts use Control, reducing the amount of key combinations that an application can use as shortcuts.

                                                        1. 1

                                                          Many window manager allow defining and using extra modifier keys.

                                                          On a side note, modifier keys are proven to be slower than sequential keypress sequences and also more difficult to remember.

                                                        2. 2

                                                          A keyboard is very often much faster and accurate than a mouse.

                                                          1. 1

                                                            Not necessarily, with the obvious exception that literally typing is certainly faster with a real keyboard than an on-screen keyboard, but the task of choosing an option is probably always faster on a mouse.

                                                            1. 1

                                                              We’ve done a cool $50 million of R & D on the Apple Human Interface.

                                                              The original Ask Tog piece was published on 1989, and the quoted study may have been done some time before that. It needs to be asked how relevant that study is, especially when that study can’t be either found or replicated.

                                                              Further, it is unclear whether the quoted study address the improvement when user performs the same action multiple times as to make it a finger memory.

                                                              Here is a more recent study (2014), which shows that keyboards are fastest for often used commands while toolbars are better for infrequently used ones.

                                                        3. 1

                                                          FWIW I think it will be. With Canonical & Redhat saying “Gnome is THE desktop” I think you’ll see better across the board integration of things like this.

                                                          I don’t love that they chose Gnome (KDE fan :) but I AM happy they chose a horse. Maybe if they can make Gnome better enough, I’ll stop caring :)

                                                          1. 1

                                                            I hope you’re right, but I’ve been using GNOME since the 1.x days and I’m not holding my breath.

                                                            1. 1

                                                              It’s a matter of money and man hours, that’s why I think things will change for the better. Open source is not free. It takes go juice to evolve in positive ways.

                                                          2. 1

                                                            The USB HID standard actually provides (see https://www.usb.org/sites/default/files/documents/hut1_12v2.pdf, search for “Keyboard Copy”) for a usage code that means copy (and friends). So you could in theory create a keyboard that has shortcuts for copy/cut/paste, universally.

                                                            I say in theory because I have no idea if all operating systems handle it properly.

                                                            1. 1

                                                              I actually have an old Sun Microsystems keyboard that has separate keys for cut, copy, paste etc.

                                                              here’s a picture of a similar one (though not identical to mine close enough) https://duckduckgo.com/?q=sun+microsostems+keyboard&t=ffab&iax=images&ia=images&iai=http%3A%2F%2Fxahlee.info%2Fkbd%2Fi%2Fkb%2Fsun_keyboard_left.jpg )

                                                              doesn’t work great on Windows though. it works, just not amazingly.

                                                              1. 3

                                                                Wow, that’s wild. It even has a button for giving folks props on forums. Sweet!

                                                                1. 1

                                                                  wait, how can it work less than completely? Does it copy and not paste? copy only sometimes?

                                                                  1. 2

                                                                    I worded that poorly, the extra keys require a separate driver install on Windows or they will do absolutely nothing. On Linux at least the key presses are forwarded to programs, even if they don’t know how to interpret them.

                                                            1. 4

                                                              I am very concerned about Internet surveillance, and often do go to great lengths to keep my data private.

                                                              But this is a very strange hill to die on. I don’t get it

                                                              1. 3

                                                                I’m in the same boat. Does anyone know if there’s an article somewhere that describes why this was such a bad thing? As far as I’m aware, third party tracking is incredibly common across the web.

                                                                1. 3

                                                                  I think that the problem wasn’t so much in the nature of the tracking, but in the kinds of people that GitLab is targeting - those opposed to any sort of monitoring on philosophical, instead of practical, grounds. Those people wouldn’t usually even rely on a company to do git hosting for them, and instead run a git server on a VPS. For them, GitLab’s devops tools and (apparent) commitment to privacy seemed good enough that they decided to give it a try - and when GitLab started planning to implement analytics, you heard them complain. This doesn’t happen (as much) with Google, because in addition to them just being an unapologetic nightmare for privacy, the users who would be complaining have already moved to better platforms.

                                                              1. 5

                                                                Those suggestions are kind of vague, but based on my understanding, I doubt most of them ever be considered. The only two I could see happening are:

                                                                • Release the source code of Windows under the GNU GPL. (Assuming we’re talking about the kernel only).
                                                                • Publicly take back Microsoft’s attacks on copyleft made in the 2000s. Ballmer called the GPL a “cancer”. Allchin called it “un-American”. (Microsoft seems a lot more pro GPL now)
                                                                1. 2

                                                                  Open source software has a ton of benefits for the economy as a whole. Startups heavily rely on it, and can innovate faster when they get started with open code freely available. Additionally, people working on open source as a learning activity creates an ecosystem where workers can retrain themselves, making workforce more effective overall. The whole system results in a huge public good.

                                                                  This is kind of a half baked idea, but I wonder if the government could start funding more open source initiatives through grants to individual developers and projects. The money could be sourced by taxing large tech corporations, and closing loopholes that let them currently pay little to no taxes. This money could be divided up by calculating the users of a given piece of software. The more users of the software, the more money is allocated to development. This similar to capitalism, but with a built in requirement to make code open and freely available, instead of strict profit being the only goal.

                                                                  Ideally companies would provide funding for open source on their own, but that’s difficult because of how capitalism encourages them to only focus on profits. This seems to sometimes discourage releasing open source software, as it could help competitors, which goes against their corporate goals. Is this idea insane? I wonder if anything like this has ever been discussed before?

                                                                  1. 2

                                                                    I think GraphQL is just laziness, since you have a single endpoint. And as we all know, laziness always wins for coders :D And with that single endpoint, comes better tooling from standardization, and the snowball grows over time.

                                                                    1. 8

                                                                      At first, it feels easy and good for lazy devs, but then you take Dragon book from the shelf, because you are required to make optimizing transformer from GraphQL AST to SQL queries. And to make your own query complexity estimator to prevent instant DoS with single query.

                                                                      GraphQL is like having SQL available to outside world, but with different syntax. I don’t understand attractiveness of this approach.

                                                                      1. 3
                                                                        1. 2

                                                                          GraphQL is like having SQL available to outside world, but with different syntax. I don’t understand attractiveness of this approach.

                                                                          As someone working on a GraphQL implementation for a pretty big website (we have hundreds of software engineers) I feel like I can talk a bit about why it’s working for us. You’re right that it’s a bit like SQL, but it’s designed specifically for business objects. Instead of worrying about the normal form of our data, we specify the schema of those objects as it will be consumed by our clients.

                                                                          We then get to write our resolvers in ways that make sense. We can do bulk fetches, use multiple data sources (including caches), compute derived fields or combine data sources… and we can swap those things out without our clients noticing. We get to move logic away from ORM-layer magic, instead specifying a schema for business objects and a way to inflate them. Conversely ORM models represent both business objects, with derived fields, and database rows. There’s no schema for derived fields, and serializing a model instance to send it over the network is fraught.

                                                                          The solution to the ORM problem is obvious: use true business objects, which can be serialized and transported easily, and provide a set of tools that can inflate them. Congratulations, you’ve just invented GraphQL.

                                                                          I probably wouldn’t choose GraphQL for a small hobby project; but on a project big enough to have multiple caches, multiple canonical data stores, and sharded data, it’s great to work against a standard. Being a standard, we get to take advantage of existing practices and tooling. We get documentation, introspection and query building for free. We can build tooling that can easily read and write schemas, enforcing business rules, keeping things in sync or notifying us of breaking changes. We’re not breaking new ground here either; AirBNB has some great prior art here.

                                                                          Hopefully this explains a little bit of why we find it an attractive prospect.

                                                                        2. 3

                                                                          Maybe someone should go full circle and implement a new database that uses GraphQL as the query language. Then we won’t need to write server back-ends anymore and can just defined a schema + security rules and expose it to the front end.

                                                                          1. 3

                                                                            Makes sense for API where you don’t know what the UI/client side will look like. So for a headless CMS, or a generic backend as a service. Those use cases make sense. Some people use it for their main app, which just makes things slightly easier in the beginning and impossible to optimize in the long run.

                                                                        1. 16

                                                                          One of the big realizations of my career was noticing that by working crazy hours to meet any deadline or unforeseen issue that arose, I was actually perpetuating bad design practices. By always meeting deadlines, no matter the cost, I was enabling fellow engineers and management the luxury of not having to take the time to plan projects with time integrated for unforeseen risks. Working like this can be doable for a deadline or two, but over time it encourages a continual cycle of unsustainable work practices that led to burnout.

                                                                          It’s challenging to spend the time to be disciplined enough to properly plan a project out and push back on overly optimistic deadlines. Sometimes it’s even just fun to program late into the night to impress stakeholders. As a software engineer I’m a highly paid professional, and I feel like I should be able to meet the needs of the company, even when it comes in the form of last minute requirements. But overtime it’s led to me having less skills in the planning and estimating parts of a project. This then lead to more underestimated projects, resulting in the whole death march situation happening again.

                                                                          Right now I’m reading The Mythical Man-Month and Rapid development to try to develop my skills in time estimation and planning. It’s not as fun as learning a new language or tech stack, but I think it’s important. Coding is just one aspect of being an effect software engineer.

                                                                          That being said, I could totally be wrong. Sometimes I wonder if true innovation requires working at a crazy fast speed, and not being conservative about what can be accomplished given some good engineers and a lofty goal. Maybe I’m just becoming lazier as I get older.

                                                                          1. 7

                                                                            One of the big realizations of my career was noticing that by working crazy hours to meet any deadline or unforeseen issue that arose, I was actually perpetuating bad design practices.

                                                                            I came to the same conclusion: propping a faulty process removes any incentive to fix the process.

                                                                            It took me working 80+hrs a week (with 24/7 on call) for 18 months before I hit burnout. Thankfully I was old enough and well established enough in my life that it didn’t destroy me or my career. I do worry about my 2 ASD kids having the ability to pull the brakes early enough to get out of it relatively unscathed.

                                                                            1. 3

                                                                              I’ve certainly gone full throttle right over the cliff myself. Some of my later posts will cover topics on communication and trying to avoid that very thing, though admittedly it’s quite easy to do so despite whatever experience and knowledge I have that I’m vulnerable to it.

                                                                              I think a lot of it is being vigilant and knowing your worth, including that of your free time.

                                                                            2. 4

                                                                              I have often asserted the need to service infrastructure yearly in the same way one would look after their car. In the past fifteen years of working in various industries I can safely say no company I worked for ever did; most had largely jury rigged applications held together with duct tape and hope or simply worked on fire and forget projects with no care on ROI.

                                                                              Case in point, we have several event programs of which most were last ran more than two years ago. Last week I got called into a meeting asking how quick we could spin up one of them for an event one client was proposing us to host later this year. I had the hard job of explaining how a system at rest can still atrophy; That the code hadn’t been touched by anyone in three years, I joined last year and have never had time nor need to look at the code and having done so briefly I can see the technology stack it operates on is by now almost a decade old, unsupported and in some cases no longer available.

                                                                              1. 1

                                                                                The Mythical Man-Month

                                                                                Yes. 100%, yes. Recently (finally) read the entire thing. I had spent years (years!) talking about bits and pieces of it and having colleagues mention how yes, we have heard of it too…it’s an old school book. I honestly would love to work for any company that made it standard reading for new hires while reminding them that challenging some of its assumptions isn’t a bad thing either.

                                                                              1. 5

                                                                                This person, in 2019, still thinks that the IT industry is about solving problems and not about making profit and/or stealing VC money. So naive.

                                                                                Jokes aside, is it just me or Kafka is a much simpler abstraction than most alternatives? I mean, this guy is comparing with DBs and I agree that Postgres is better than a full-fledged kappa architecture, that’s harder. But the abstraction behind Kafka is so neat and well supported that in my experience it simplifies development. Then we might discuss if it simplifies deployment and the answer is probably negative. But I would always pick over Celery, for example.

                                                                                1. 3

                                                                                  I agree. At the companies where I implemented kafka, it ended up significantly simplifying our architecture and making it more bullet proof. For example, we previously had a bunch of Ruby apps using Cassandra counters and then performing rollups by reading and writing to the database. We replaced it with a system where we wrote events to Kafka and then loaded them into Hadoop, and used batch jobs to roll-up data. Kafka let us easily track the events and replay them when we found bugs in the consumers. Could you implement this in a sql database? Absolutely. But at some point in scaling it becomes slower and slower to the point where it’s just too costly to scale up. Even simple apps that track millions - billions of events across the internet for analytics have a pretty good use for it right now.

                                                                                  I totally agree with the author that if you don’t need Kafka, don’t use it. But if you have the volume of data and engineers that are capable of understanding the architecture and tradeoffs, it’s well worth it. A lot of engineering isn’t just about how simple an architecure is, but also the ease of debugging and fixing issues. Kafka makes it very easy to replay logs, since it’s storing data for a few days. That decoupling can sometimes be very valuable, in my experience, similar to a write ahead log in an rdms.

                                                                                  That being said, it often surprises me how many engineers will adopt a new technology because it is cool, as opposed to analyzing exactly the functionality and why it makes sense in their application. The industry of “big data” is still young, and over time I think the tools will get simpler and make it easier to decide when to use what kind of queue, database, etc.

                                                                                  1. 2

                                                                                    For reference I’m talking about web analytics and ad serving applications, which produce many billions of events per month quite quickly. The current industry I work doesn’t have this volume, and we don’t use Kafka.

                                                                                  2. 2

                                                                                    I suspect the person who wrote this does not identify as a dude/guy

                                                                                    1. 1

                                                                                      whoops, I never check the author. I’m correcting it

                                                                                    2. 1

                                                                                      I haven’t really used any of the alternatives, and my Kafka knowledge is a little intermixed with screwing around with Avro and Snappy, but as someone who has to use it I’m pretty happy. There are nice, easy tools that let you do things like use unix pipes and a single command to feed or read data to your cluster. The fact that I can give someone with no Kafka experience a quick command to start slurping down data into their shell is a very very nice thing.

                                                                                    1. 9

                                                                                      Not to be that guy, but they didn’t list FastMail under GMail alternatives. I’ve used FastMail for a while, and it’s pretty cool. It’s also been around for a pretty long time, which makes me feel better.

                                                                                      1. 1

                                                                                        I have to say that it is not necessarily Email that I am after when it comes to Google alternatives. Email, after all, is one of the most insecure communications types in use (emails are stored on a server operated by people who are often unknown and untrusted to the user, they are often passed around between servers without encryption).

                                                                                        Upgrades to email are either not on point in terms of security, or inconvienient e.g. PGP has several key shortcomings 1) ugly 2) malicious “man in the middle” option, and confusing key exchange rituals and 3) people don’t really bother about [their] human rights.

                                                                                        Perhaps a new communications standard e.g. Bitmessage or something else will come up that can prove that it can improve the situation and kill email.

                                                                                        1. 1

                                                                                          I’m using mailbox.org.

                                                                                          Unfortunately, a while ago they killed their email support for non-business customers.

                                                                                          1. 1

                                                                                            mailbox.org is listed as a Google Calendar alternative but not e-mail, interesting. Are you satisfied with mailbox.org? I’m tempted to switch from fastmail.

                                                                                            1. 1

                                                                                              From the top of my head:

                                                                                              • SMTP works as expected
                                                                                              • don’t know how other services (CalDAV, XMPP etc.) work, because I don’t use them
                                                                                              • the web interface is unusable without JavaScript enabled
                                                                                              • all mails sent to @secure.mailbox.org will need to be delivered via TLS
                                                                                              • API is not available for non-business customers
                                                                                              1. 1

                                                                                                Been on mailbox.org for about a year, so far very happy. Particularly nice that I can have a shared calendar with my wife.

                                                                                            2. 1

                                                                                              +1 - their web interface is excellent and doesn’t hate partially blind people, and they’re super interested in standards compliance. Big fan.

                                                                                            1. 5

                                                                                              That’s interesting! I wonder if there could be a place for a tool that does database query and schema linting. That way these issues could be programmatically caught, as opposed to requiring users to memorize all the preferred syntax / types.

                                                                                              1. 3

                                                                                                I built something similar to what you described a couple months back, but didn’t spend too much time fleshing out the rules. This list would actually be a fantastic addition to the tool.

                                                                                                1. 2
                                                                                                1. 1

                                                                                                  Would it be sufficient if people switched to other browsers like Vivaldi, or other privacy focused blink based browsers? A lot of the arguments in this article were around Google tracking user data in the browser. I definitely agree that this is a big concern, but I don’t think it’s a great argument about how the blink rendering engine being more and more popular is bad thing.

                                                                                                  In fact, it seems like Microsoft adopting blink will make the chromium project better since there will be more than one company contributing and controlling it. Implementing something like a web browser is a ton of work at this point, and I almost wonder if it’s a waste of developer time to keep reimplementing what is essentially the same functionality more than once. I’m sort of playing devil’s advocate here, I know this is a pretty unpopular opinion. And for the record I have been using Firefox a lot more lately and do like it.

                                                                                                  1. 10

                                                                                                    So it was true – Edge will move to Chromium and the web will have yet another major browsers that have WebKit origins – a sad day for the web.

                                                                                                    Now only Gecko/Servo remains as alternatives of other origins.

                                                                                                    Things I haven’t yet understood:

                                                                                                    Will Microsoft also use V8 rather than Chakra? And if so, will they as a consequence also drop official development on Chakra and on the Chakra-based Node.js?

                                                                                                    1. 5

                                                                                                      There’s now one less closed source browser, I’m not sure how that’s a sad day for the web? If anything the web is more open since all major browser engines (Blink, WebKit, and Gecko) are open source projects and take outside contributions.

                                                                                                      1. 12

                                                                                                        Plurality is losing, open implementations are gaining. The open web standards are hurt by a lack of plurality, so even if it’s a win from an implementation perspective, it’s a loss from a standards perspective - and I would say that the loss in the standards perspective outweigh the win of the implementation perspective in this case, in an open web regard.

                                                                                                        1. 5

                                                                                                          If you wanted to write your own browser, you might try implementing various standards. However, your success depends on whether other people follow those standards as well. If there are many implementations, even proprietary, then people will make web pages that aim towards the center. If there is only one, then standards won’t matter.

                                                                                                          1. 1

                                                                                                            To be fair though, the amount of effort required to write a useful browser from scratch in 2018 is so insanely high than even a corporate behemoth like Microsoft with $$$ oozing out of its ears can’t stomach it. Is that really a use-case worth addressing? Would we really be worse off if there was just a single open source engine that everybody used? Kinda like Linux has become the universal kernel for running native binaries in the cloud…

                                                                                                            1. 4

                                                                                                              This problem only worsens when the corporate behemoths consolidate. What are the chances that MS pushes back on a new feature that’s too complex now that they don’t have to implement either?

                                                                                                              1. 1

                                                                                                                Complex for browser developers or web developers?

                                                                                                            2. 1

                                                                                                              The new “living standards” make this much, much harder. It is like building on quicksand: you can’t target a stable version of these standards. There’s also no sane changelog to speak of, as far as I know. The RFC standards we used to have were quite sane, but all formalisms are slowly being removed, which makes interoperability unnecessarily hard.

                                                                                                          2. 2

                                                                                                            I feel like the Node.js on ChakraCore effort was dead-on-arrival. The Node.js/JavaScript ecosystem already has a hard enough time with native interop that trying to abstract it away was premature. It’s still possible that the ABI Stable Node API work takes off but, sitting here speculating, it doesn’t seem to have enough of a benefit to developers to warrant packages switching.

                                                                                                          1. 8

                                                                                                            One of my favorite innovations of my thinkpad x220 and other modern laptops is a fixed Touch bar, supported by physical features of the laptop itself. There’s always an escape button accompanied by multiple, freely assignable function keys which all provide physical feedback so you could theoretically use them even in dark surroundings. All of this completely independent of the OS or 3rd-party applications!

                                                                                                            1. 4

                                                                                                              Right? Why change something that wasn’t broken? I was issued a new Mac at work almost a year ago, and tried all sorts of touch bar configurations over the past few months. In the end I always ended up accidentally tapping the buttons while typing, and actually finding the controls took longer than just using a keyboard shortcut. So I switched the settings to just making them regular function keys again. I really wish the laptop just had simple, non-touch function keys that I could feel with my fingers. The touch bar is so useless for my workflow as a software programmer. When Apple was usability testing I wonder if people actually were found to be more productive with it.

                                                                                                              1. 1

                                                                                                                I really wish the laptop just had simple, non-touch function keys that I could feel with my fingers.

                                                                                                                It was a specific criteria I started looking for when buying laptops after my first touch-oriented laptop couldn’t handle lowering volume reliably. My last phone was also the one of two models with the physical buttons on the bottom. Makes a difference for me. I don’t feel like I’m fighting with gear that’s supposed to be making my life easier.

                                                                                                              2. 0

                                                                                                                Courageous design.

                                                                                                              1. 7

                                                                                                                Blockchain is definitely over hyped, but calling it “crappy tech with a bad vision for the future” is going a bit too far, in my opinion. In a democracy, the trustworthiness of an election isn’t assured simply because we trust any one party to be unbiased and fair. It’s trustworthy because we have established, non-partisan systems that ensure every stakeholder has an equal say in the outcome. Voting is controlled by all parties with an equal stake, and backed by rule of law. Blockchain is just a generalized form of this on the internet.

                                                                                                                In blockchain, by setting up the incentives in a way where no one group can manipulate the history of the ledger, we can ensure the trustworthiness of the transactions. While blockchain is probably overrated right now, it doesn’t mean that it’s not a novel solution that allows us to create trustworthy systems that mirror those we’ve already built through the use of open societies, democracy, and institutional reputations. Blockchain probably isn’t going to replace all monetary systems or governments, but will be a useful tool in providing a basis of trust for the next iteration of our societies.

                                                                                                                That being said, I think there are definitely issues right now with getting the technology to a place where the average person can truly manage to keep their keys private and understand the smart contracts with out a ton of technical knowledge. If that problem can’t be solved, then it will always be difficult for these technologies to be used effectively by individuals, as opposed to just organizations that have the resources necessary. If it’s use is only at the organization level, then there’s less of a use for it since organizations could just as easily use already established systems of trust like the legal system, instead of the blockchain. So in that regard, the author probably has a point.

                                                                                                                I’m not trying to be a blockchain salesperson, but I think it is a very useful algorithm which has a lot of potential. Bitcoin as a way to pay for goods and services doesn’t always work right now. Just the fact that there was no digital item with true scarcity before it, and now there is shows that it must be somewhat useful.

                                                                                                                Anyway, I didn’t mean to rant or dump write a wall of text here in the comments.

                                                                                                                1. 4

                                                                                                                  In blockchain, by setting up the incentives in a way where no one group can manipulate the history of the ledger, we can ensure the trustworthiness of the transactions.

                                                                                                                  That distributed, signed logs or hash-chains as they were called before Bitcoin can help as a building block isn’t something I dispute. I mentioned a few here as examples. Blockchains and those building on it took it further into less believable territory. Author calls out some of that.

                                                                                                                  “ but will be a useful tool in providing a basis of trust for the next iteration of our societies.”

                                                                                                                  This kind of statement ignores the fact that lawmakers, police, and courts can destroy things that challenge or compete with them like they have for many other things. The countries even make international agreements on things like banking or intellectual property when something challenges many of them at once. This doesn’t even include what the schemes’ own dependencies like owning organizations, developers, or miners might do. These blockchain-based systems of trust do not and will not exist in isolation with all the human factors built on top of it. If anything, it’s been happening the other way so far with human factors driving and breaking the idealist models.

                                                                                                                  I expect more of the same until we see examples of lawmakers, courts, developers, hackers, malicious investors, etc being powerless to negatively influence blockchain-based solutions. If they keep that power, then we’ll be dealing with them using a lot of the same mechanisms we already do. Might as well keep and fix efficient models in that case.

                                                                                                                1. 2

                                                                                                                  Mastodon / the fediverse seem very interesting. Does anyone here have any recommendations as far was what instance to use?

                                                                                                                  1. 4

                                                                                                                    I enjoy https://tiny.tilde.website, an instance loosely associated with https://tilde.town.

                                                                                                                    You can use Mastoview to preview any Mastodon instance: http://www.unmung.com/mastoview?url=tiny.tilde.website&view=local

                                                                                                                    1. 3

                                                                                                                      tilde.town

                                                                                                                      This is awesome an ssh based social community? I’m there! :) Thanks for the pointer.

                                                                                                                      1. 1

                                                                                                                        Mastoview

                                                                                                                        Also thanks for this. IMO everyone should poke around at the various instances an see which one fits them best. I ended up at mastodon.codingfield.com - but I probably should have picked i.write.codethat.sucks

                                                                                                                      2. 3

                                                                                                                        I’m on https://icosahedron.website/ which leans slightly towards math nerdiness.

                                                                                                                        I’d recommend against joining the flagship instance because it’s just so crowded. Not that being busy leads to a bad user experience, but just that piling everyone on the same instance defeats the purpose of federation. https://instances.social has a list which shows you if an instance has a particular topic or purpose.

                                                                                                                        1. 2

                                                                                                                          The standard one is mastodon.social, I keep my main account on it. But there are a bunch of topical instances too, you can search for instances by interest.

                                                                                                                          1. 1

                                                                                                                            Just avoid mastodon.social, it’s one of the worst instances.

                                                                                                                            1. 1

                                                                                                                              Why?

                                                                                                                              1. 3

                                                                                                                                As there is no central registry of users, discovery usually happens by:

                                                                                                                                1. Looking through the local timeline to find new users (that’s why it’s good to be on a themed instance)
                                                                                                                                2. Looking through the federated timeline to find people others users on your server are following (which works best if those other users have similar interests)

                                                                                                                                Because of this, smaller, themed instance are usually the best too start. They usually form a server culture where people know each other, have people welcoming you, helping you, etc.

                                                                                                                                Mastodon.social is both MUCH too big and also completely unthemed. Both public and federated TL are a near useless mix of different languages and topics that’s going by to fast. With every new article, hundreds of new users come to mastosoc, post introduction posts, leave after a day and the cycle repeats.

                                                                                                                                They also block or silence (default-block unless followed) a lot of the more active older servers, so you are cut off from large parts of the fediverse.