1. 7

    Either I didn’t get some kind of irony, or this is a really frustrating read. Especially this part:

    We will not introduce warnings into your old code, even if that old code could be doing something dangerous.

    I’m mostly a Java dev so I love me some backwards compat but this is ridiculous.

    It sounds like people and organizations who are unwilling to fix their bad code are holding the whole ecosystem back. Why can’t they just stay on the old compiler versions then?

    Sad to see a language strangling itself with its old baggage.

    1.  

      What if some of the largest users of a language also bankroll it? They won’t relegate themselves to older versions.

    1. 19

      I was hoping this was a list of careers for when you eventually burn out of web dev.

      1. 6

        sighs it’s not just me?

        I hit this point almost ten years ago and felt so alone.

        1. 2

          same. best i found is ML infra or security

          1.  

            i’m very much looking for such too, any lobsters want to write up such an article?

            1.  

              If I had the answers I would. I am glad that there are at least 3-17 other people that are feeling the same.

              I’ve considered the following: Get out of full stack and focus on the front end (more fun too me, no threading issues, etc) Devil’s DBA Change careers to something unrelated like Ag Banking

              1.  

                Personally, I’d go with a combo of ML and DevSecOps, if you can find it. The combo would give experience in several powerful and upcoming career opportunities, and if it fell apart you could always use the skills learned in a re-fashoined combination, like ML and Security.

                1.  

                  The combo would give experience in several powerful and upcoming career opportunities

                  At least as long as people think machine learning is a hammer and every problem is a nail.

                  Brian Kernighan briefly mentions the excitement about it in the early days of computing here: https://www.youtube.com/watch?v=O9upVbGSBFo

                  1.  

                    I completely agree. Don’t get me started about ML and AI (or lack of AI)

                    But people think that way, and those people are doing the hiring. I was answering the question “Where is the most money and career challenges?” There’s a better question, imo, which is: What kind of work would I enjoy doing in five years? I have no basis to even start on that one.

                    Having said that, as somebody who has suffered through server/cloud deployments and maintenance over and over again, DevSecOps is pretty cool. When I think about all the tech that keeps calling me to go play and learn more, DevSecOps is probably in the top five.

          1. 1

            I love vim as an editor. I’d consider myself an advanced beginner, stuck in the lurch of needing to put a lot more time in in order to move past that. And yet, for many projects, I just don’t want to use vim. For C++, CLion almost makes me forget how good Visual Studio is. For Rust, VSCode + rust-analyzer is amazing. For Python, VSCode’s basic linter finds about 70% of my typos (the bugs I take full responsibility for). (I know you can add language support via language servers.)

            Fundamentally, I see programming more about building models via ASTs, rather than building something via text. It sounds kind of pretentious that way; I’m not sure how else to describe it. It just seems like there’s a certain genre of programming that fits better with vim, and it is places where type information is not as important. The other thing is I don’t spend much time actually writing code; most of it is in massaging/refactoring/thinking of ways to get things to happen. The writing part seems secondary.

            Other thing is I currently dislike tools that seem like they require a ton of config. I just don’t care about doing that generally. neovim is a big boon to me; I put it on and aliased vim to it and really like the defaults. But I’m not sure if I feel the need to actually configure neovim like I did for many years.

            I joke with people that my 2020 vim config is: $ rm -rf $dotfiles_root/vim; brew cask install vscode.

            1. 2

              Look into coc.nvim; you can use language servers like rust-analyzer in vim itself.

              1. 1

                I use the Rust plugin with CLion, and prefer the experience to VSCode + Rust Analyzer. I think the IntelliJ Rust plugin also fits well with your view of “editing ASTs, not text”, because the plugin is a Rust parser.

                CLion + IntelliJ also beat VSCode in terms of how easy they are to configure.

              1. 3

                My take is that the claimed advantages are not really delivered by OOP. From the website:

                • Encapsulation: Most OOP languages leak trivially avoidable implementation details to the caller (like whether some member is a field or a no-arg method).
                • Inheritance: Usually not that useful.
                • Polymorphism: Parametric polymorphism is often superior to OOP’s subtype polymorphism.

                I don’t have anything against OOP, but it is definitely oversold.

                In the end, just stop making everything mutable, and I can largely live with it.

                1. 0

                  In the end, just stop making everything mutable, and I can largely live with it.

                  I largely agree with this sentiment, but I feel that since objects are essentially a behavior/mutable state combination, this sentiment is also very anti-OOP.

                  1. 4

                    Object-oriented design does not imply mutability, but rather most implementations of OO feature it as the fusion of behavior and mutable state. As you mentioned, this creates the perception that OO must be implemented this way. (In fact, few languages even take mutability seriously enough until very recently!)

                    OTOH, most languages feature immutable String classes in their standard library, and there’s nothing non-OOP-y about them. They’re fundamentally values, and have the semantics of values by being immutable. OOP is not opposed to value semantics. IMO, the sweet spot of OOP is defaulting to values everywhere, with a few islands of mutable state loosely connected together (see Gary Bernhardt’s Boundaries talk for further discussion).

                1. 3

                  Javascript protest shenanigans aside.

                  Why would you not just use an C enum for this instead?

                  1. 3

                    enums are typed down to integer types. C compilers do not show any warning for different typedefs, and not even assignment for different types. Only comparison of different types, or alike.

                    but for a struct, different struct names are considered as different types. The compiler will bug you out, this is what is desired: structs are a way to declare to the compiler that you actually mind very much how that variable is typed.

                    1. 4

                      You can use enum-typed variables (including return-values) in C, and the compiler warns you when you mix different enums. This is especially handy when you are working with FSMs. I understand the C-criticisms, but enum-mismatching is none of it if you are using enums right and not just store them in ints.

                      1. 1

                        I actually like enums and use them a lot ! :)

                        I learned something today…

                        1. 2

                          I’m glad to hear that! I actually also found out about it a few years ago while working with FSMs and it helped me tremendously.

                          1. 1

                            One obvious use-case I see is returning an enum mylib_errno, and switching on that… or s/errno/state-machine-step/, or oneshot get_state() instead of zillion as big is_state_1(), is_state_2(), …

                      2. 3

                        There’s this obscure language I like that’s actually a backwards compatible superset of C, so you can compile your C code with it and use some of its new features as you see fit. One of them is called “enum classes” and it solves this problem perfectly.

                        1. 3

                          Is that the one you’re not allowed to talk about because it’s not C or Rust?

                          I hear it’s okay for some stuff, not sure if anything critical has been written in it.

                    1. 35

                      There’s really a problem with this blog post. I don’t know how it’s technically done but having to wait several seconds every time you display the tab is why almost nobody will read it.

                      1. 20

                        It is actually super-high-level web development. Kudos to @tedu for pulling it off.

                        Pages are progressively enhanced using JavaScript if it is available. If it isn’t, users can still read the page. If JS is available, then UX is enhanced with a realtime loading indicator, much like the ten-pixel-bars top bars that are on many pages.

                        After all, in this Third Age of JavaScript, we cannot simply trust the browser to render the page. We need to tell the user the progress of that.

                        1. 14
                          var delay = 100
                          switch (progress) {
                          	case 70:
                          	case 73:
                          	case 76:
                          		delay = 250
                          		progress += 3
                          		break
                          	case 79:
                          		delay = 500
                          		progress += 2
                          		break
                          	case 81:
                          		progress += 14
                          		break
                          	default:
                          		progress += 5
                          		break
                          }
                          

                          I have to give props for verisimilitude. And for teaching me where to find uBlock Origin’s “disable javascript on this page” function.

                          1. 10

                            I wouldn’t be surprised if @tedu spent a good twenty minutes fine tuning that for maximum annoyingness.

                            1. 2

                              You have more patience than me. It taught me where to find uBlock Origin’s domain-level blocklist.

                            2. 9

                              I’m sorta ok with progressive enhancement. What ground my gears was that it triggered every time the window (Chrome on Windows) regained focus. It made it really hard to find my place again in a page with lots of code.

                              1. 19

                                I mean, just so we’re all clear, it’s something between a joke and a protest statement, and what you’re complaining about is entirely the deliberate point: it’s a perfectly fine, instantly rendering webpage that’s being “progressively dehanced” by the presence of annoying JS.

                                1. 4

                                  Wow… kids these days 😒

                              2. 5

                                Yeah, I love it. This “protest” is a nice compromise in comparison to sth like “Disable JS to enter the page”. It is annoying but still usable.

                              3. 12

                                The site loads almost instantaneously. Just disable JavaScript ;-)

                                1. 11

                                  What’s really weird is all the markup appears to be there, and the loading is just for…giggles?

                                  1. 22

                                    That sounds like something @tedu would do.

                                  2. 2

                                    Well, @tedu also had a period with a self-signed certificate, the horror!

                                    1. 2

                                      When you have a self-signed certificate, you are expected to trust it on first use, and then the web browser remember it.

                                      If the web browser remember the certificate of a website, noone, including a MitM possessing the key of a certificate trusted by your web browser, noone can tamper the connection anymore.

                                      So you suddenly jump from a situation that looks suspicious security-wise, to one that can face the NSA kind of attack vector.

                                      Of course, in the case of a MitM situation, your “accepted security exception” situation (self signed but trusted manually) would turn into a “green padlock” (certificate signed by the MitM) situation, and I doubt many will choose the “padlock with yellow cross” over the “padlock with green check mark”, even if icons barely have any accurate meaning on their own…

                                      Simply wandering on an off-topic… Not actually meaning that Cloudflare should switch to self-signed right now… Oh, wait, Cloudflare are self-signing, they are their own trusted certificate authority…

                                    2. 2

                                      Just use links? ;)

                                    1. 5

                                      Almost everywhere I’ve seen it, the so-called tribool_t makes life very difficult.

                                      I encountered some code that used a tribool_t when parsing bit-level compression. It would use true for success, false for failure, and FileNotFound (okay, something else, but I can’t remember what they actually used) to denote buffer underrun (e.g. needing more data to continue parsing). Conflating parsing with buffering was a huge mistake. (Think validating vs. parsing!) Every single point that could suffer an underrun had to store tons of temporary data to ensure that computation would resume at the right spot with the right state when you got more data.

                                      I’ll underscore the fact that this wasn’t the type of thing where you parsed a length once and then pulled out a blob; think more along the lines of Huffman encoding where you could hit the end of the buffer at any point. Really gross.

                                      1. 4

                                        Maybe we need Setun for that.

                                      1. 2

                                        Vacation this week, which means I hang out with the family a lot and do random hacking in the evening sometimes.

                                        I finished up my fish async git prompt today. It retrieves the branch synchronously, and fetches dirty status asynchronously. I need to figure out how to disown the dirty check job while still being able to retrieve the exit code from it. This really only effects the UX of closing your terminal when a dirty check in a repo with a lot of history is still running.

                                        A big contributor to the problem is the fact that macOS provides nothing in the way of a tmpfs, so I have to smuggle the result of the dirty check (e.g. dirty/not dirty) back to the foreground process somehow. In my case, I’m using the return code currently; my preference would be to use shared memory, or some other in-memory persistent store. However, shared memory is not accessible (AFAIK) from the shell via built-in CLI tools. If you know of somewhere else analogous, please let me know. I envy Linux’s /dev/shm :(

                                        Due to this, I feel like a fount of knowledge on the subject of async fish scripting, so I’ll probably write up something on that as an excuse to reboot my blog.

                                        1. 3

                                          Week two of being back after 4 months leave. I think we’re having a planning session with my team, so we can decide what we want to do in the next week or two. I’m still catching up a lot on what happened and what code got written. I’ve been doing a lot of backlog management and email digging, i expect to do much of the same this week (although the backlog is starting to look pretty sharp)

                                          1. 1

                                            Week two of being back after 4 months leave.

                                            Were you on parental leave?

                                            1. 4

                                              I was! Now I’m a Pentadad!

                                              1. 2

                                                Pentadad

                                                Is that…5 kids?

                                                Talk about life on hard mode. :)

                                                1. 4

                                                  From a logistics standpoint it’s not that bad. Eldest is 10, and on average the elder 3 can help with their younger siblings. 😄

                                                  1. 1

                                                    I’ve heard it said that after 4, each additional child is no further strain on the parents, mostly as a result of older kids being more useful and parenting needing to be lower effort (not helicoptering) to have that many kids already.

                                                  2. 2

                                                    At least it’s not octodad.

                                                    Nobody suspects a thing

                                            1. 1

                                              Polishing up my new resume site (https://joshuaclanton.dev) and sending in a job application or two.

                                              The site is built with Eleventy and hosted on Netlify’s free tier. I have only positive things to say about both of them.

                                              1. 1

                                                Nice typography and details. Good luck with the applications!

                                              1. 2

                                                I’ve found that I can’t deep-dive every CS-related topic on every essay. It becomes quite easy for commenters to pick this or that thing I didn’t deep-dive on and make some observation like “But you missed X!!” and then we’re stuck in infinite internet negative comment-land.

                                                Based on that, I think I’ll do a short video on type theory. Whenever I mention types I always get pushback. Everybody has their own favorite way of looking at types and their importance (or not). It’d be good to see if I can cover the major bases in 10-20 minutes or so. Of course, it’ll still be wrong/incomplete, but it’ll be good practice and perhaps something to point to the next time somebody tries to bust my chops when I mention types. Plus it’s fun. :)

                                                1. 3

                                                  I think you’re giving the comment section too much power. They’re not the ones putting the work in to put content out there that is meant to educate and enlighten. All they do is sit behind their keyboard and write pedantic comments into textboxes.

                                                  1. 3

                                                    I think you can safely ignore most of the people pointing out what’s wrong with the stuff you put out! Keep pursuing what’s interesting and fun and I promise people are learning from it. I also like to think that most people are smart enough to know that there are caveats to any educational content!

                                                  1. 2

                                                    Finishing up my async fish prompt!

                                                    Also packing for vacation. That’s probably more important, but for whatever reason I’ve been a bit obsessive about the prior item.

                                                    1. 8

                                                      I like to think of this as structuring your software such that you can easily jettison/replace dependencies. Say you want to use Stripe as a payment processor. You grab their client library and start integrating with it. The easy way is to just spray calls to Sprite’s client library through your logic. And this is fine, up until you want to ask more of the code, at which point you might start wishing it’d been confined to a boundary object that you could inject or otherwise instrument.

                                                      Judicious use of this pattern really goes a long way cleaning up some codebases because it forces all the gross interface code to be locked up somewhere. It’s still there, but you can keep it in the closet, and only visit it if need be.

                                                      I think it’s kind of a subtle point though. A newer dev might prefer to see the third party code because it was hard to write and they’re proud of it. A design-pattern-everything dev might prefer not to see it because they got to use a pattern. And a nihilistic-its-all-just-bytes dev might prefer to keep it in there because, who cares? Me, I like my business logic clean and separate from the gory details of the world.

                                                      1. 5

                                                        I think a very useful architecture pattern is to have a well defined boundary between your code and the outside worlds code that you own. This gives you all kind of useful benefits like

                                                        • The system boundaries are well defined and easier to follow
                                                        • Adding middleware is easy when you need to
                                                        • Upgrading or swapping a dependency doesn’t spray itself all over your codebase
                                                        • Fakes are easier to use which reduce your reliance on one off mocks
                                                        1. 2

                                                          A newer dev might prefer to see the third party code because it was hard to write and they’re proud of it

                                                          Does this actually happen?

                                                          1. 2

                                                            I was once that newer dev. I learned quickly that it had all kinds of problems but I’m self taught so I hadn’t learned the importance of the whole encapsulation thing yet.

                                                        1. 3

                                                          This basically requires that the highlighter is also an interpreter (and, in this case, full trichromacy on the part of the reader).

                                                          1. 3

                                                            You could get away with italic/underline/bold/halftone.

                                                            I’m not colorblind but I do have terrible vision (completely blind in one eye, bad but correctable vision in the other). I tend to prefer monochromatic syntax highlighting that uses textual features like bold/dim/italic for that reason; it increases contrast.

                                                            1. 1

                                                              Yeah, I think I use the different brightness of highlighted keywords as landmarks, rather than specific colors themselves. Thinking about it, I’m not sure I’d find chunks of blue (or italic, or…) code particularly helpful, at least compared to a highlighted if at the top of an indented section.

                                                            2. 2

                                                              Surely you could use static analysis on the source text? I don’t get why you’d have to interpret code to understand which scope is where.

                                                              1. 3

                                                                I think his point is that syntax coloring requires much heavier machinery than a DFA.

                                                                Static analysis is a form of interpretation, after all. You have to understand the language itself, rather than stopping at lexemes.

                                                                1. 2

                                                                  Ehhh… trivial syntax highlighting can be done with regex’s, kinda. I wish text editors would use proper parser for syntax highlighting though. Vim often gets confused with strings in some of the languages I work in (the worst case being embedded JavaScript in an HTML file, which is understandably difficult to parse with pure regular expressions).

                                                                  Certain nested structures (e.g. string interpolation) are better represented with a more formal language grammar anyway. Besides, it’s a bit silly that our text editors often parse the same source file multiple times – first, done poorly with buggy, monstrous regular expressions, then again by language plugins so you have functionality like Jump to Definition. You might as well just combine the functionality together and parse it properly from the start.

                                                                2. 1

                                                                  Oh yeah, sorry, I meant “interpret” in the vaguest sense, i.e. “understand the semantics”, as @mattgreenrocks confirmed. Static analysis programs and compilers are just interpreters in funny hats.

                                                              1. 19

                                                                Syntax coloring isn’t useless, it is childish, like training wheels or school paste. It is great for a while, and then you might grow up.

                                                                This seems… Overly dismissive? I’ve seen a few programmers talk about working without syntax highlighting, but I know for me, it’s a nice aid for navigating code. It gives my eyes and brain more structural hooks to hang things on, and makes skimming a lot easier, even when it’s all in gray-scale. (Skimming is one of the main ways I read code, looking for the relevant part of a file or function). I will admit that I’ve not been programming as long as Crockford, but I’ve also not been developing for an insignificant amount of time either.

                                                                Plus, pervasive Navigate To Definition for the languages I use, or Vim’s # and * commands help me track down what context a variable comes from pretty easily in most cases.

                                                                1. 5

                                                                  Yeah, that part irked me as well.

                                                                  I also see his point: common uses of syntax highlighting tend to go overboard. Each piece of syntax we style differently attracts attention. Thus, in a language that leans on parenthesis, rainbow parenthesis are remarkably sane. In another language, coloring every set of parenthesis isn’t as useful.

                                                                  I just checked CLion and found a few things that I appreciate that use syntax highlighting:

                                                                  • strings as a different color, so I can tell when I miss one
                                                                  • macros as a different color
                                                                  • unused vars grayed out
                                                                  • keywords as a different color

                                                                  Not all of them are must have, but it’s a much shorter list than a lot of the popular syntax coloring schemes, which seem to revel in using a different color for each type of syntax it can find. Less really is more.

                                                                  1. 2

                                                                    Yes, there definitely is a balance in how many different things are syntax highlighted, and one can definitely go overboard. (Right now, I’m used to having types highlighted differently than variables, but it’s not a must).

                                                                  2. 5

                                                                    The main idea is not bad, but I agree it’s a weird and unnecessary flex. He sounds extremely out-of-touch.

                                                                    1. 7

                                                                      I thought for years that I needed syntax highlighting, until I gave going without a serious shot. I would never go back to angry fruit salad after a couple years working with it off. Colour can have some uses but syntax highlighting defaults are not the way for me.

                                                                      I think a lot of people are where I was: convinced they need the highlighting because it is what they have known.

                                                                      1. 6

                                                                        I can definitely imagine how you can do without, or even thrive in the absence of, syntax highlighting, and I should experiment with that some time. I’m calling him out of touch for insinuating that something that’s the default for probably 99.99% of programmers is a conscious decision favored by the immature code-illiterate newbs. Gratuitous, because one can simply remove those statements to no detriment to the point.

                                                                        1. 4

                                                                          I think the best approach is to come up with your own theme. For example, I’ve been using my own theme (the screenshots are a bit dated) for the last decade or so. Over the years I’ve gradually reduced the amount of colour, leaving colour for elements that I want to stand out. I did try a few greyscale/low-colour themes, but I found it made my eyes more tired than usual.

                                                                          1. 2

                                                                            +1 for making your own theme.

                                                                            It’s been a lot of work and even though I think mine is pretty rudimentary based some others I’ve seen, it’s been really nice.

                                                                            mavi

                                                                      2. 4

                                                                        It’s something Russ Cox(?) has mentioned too. Maybe it comes from programming before it was widely available. Personally I don’t think it helps you navigate code, because syntax highlighting doesn’t particularly highlight the logic or program flow, it instead helps one navigate text, to form a mental model of where one might find code. But it’s nice to have, at least to stop the screen blurring into a mess if you stare too long, at most to identify where things are happening at a glance as you said.

                                                                        1. 1

                                                                          I suppose I don’t see the difference between navigating code, and navigating text? I know that code isn’t just text, but text (or some representation), is the representation of code one usually interacts with. Or rather, the distinction seems small enough as not to matter? In order to navigate code, you must first be able to navigate the text it is comprised of, no?

                                                                          1. 1

                                                                            My beef is that it generally highlights the obvious (keywords) and not so much the less obvious (confusingly similar symbol names, brace matching, assignment over equality, etc.). I would at minimum want comments and strings highlighted though.

                                                                            1. 1

                                                                              I very much want an emacs color theme that does this, but haven’t managed to find one.

                                                                          2. 3

                                                                            The language being used here is certainly not how I would phrase it; It’s almost, ehm, childish :-) But ignoring the choice of language, I do think he has a decent point overall. The quote continues with “I no longer need help in separating operators from numbers. But assistance in finding the functions and their contexts and influences is valuable”

                                                                            In other words: I don’t think Crockford is against this kind of usage of syntax highlighting, just “trivial” syntax highlighting which doesn’t give the advantages you describe (and even proposes a novel way to do highlighting to get similar advantages).

                                                                            This matches my experience; some syntax highlighting I see wants to colour every little thing, which in my opinion is much less useful than colouring useful “anchor points” such as comment blocks, control statements (if, for, return, etc.), and function/class definitions. I also find it slightly useful to highlight strings as I often use that when scanning code as well.

                                                                            Highlighting stuff beyond that like operators, numbers, function names, function calls, highlighting function calls different from method calls, and whatnot: I don’t really see how that’s helpful, and find it even detracts from the ability to scan. It’s some matter of personal taste of course, but syntax highlighting is UX design and like all UX design there’s good designs and bad ones. An interesting and perhaps more striking example of this is this page on colour design in flight control systems.

                                                                            1. 1

                                                                              How about syntax coloring the natural languages? So we give nouns, verbs, adjectives, and etc different colors. All the punctuation marks also get their distinctive color. I would call that childish.

                                                                              Context coloring would be useful for natural languages. So we can immediately see which sentences expand the previous statements, and which sentences start a new argument. But has anybody ever done this? Some people do like to make a whole sentence bold. I guess that’s similar to the concept.

                                                                              Both arguments seem to be stronger for natural languages than code. What about formal logic? Lambda calculus? Brainfuck?

                                                                            1. 1

                                                                              This seems like one of those questions that might be perfectly innocuous, or a big red flag. Trust your gut.

                                                                              1. 2

                                                                                I just finished the 2020 GMTK Game Jam with a friend, so I’ll be rating other submissions over the week.

                                                                                My wife and I are doing an art challenge together, which is a good excuse to practice my pixel art. Other than that and work, I plan on taking things slower this week.

                                                                                1. 1

                                                                                  Very cool! Do you have any prior experience with pixel art? I find it a bit daunting.

                                                                                  1. 1

                                                                                    I do. I’ve made a few game jam games with it, and have used it off and on over the years. In fact, my Lobster’s avatar is my own work.

                                                                                    If you’re going to get into it, a few small tips are to think of it more like sculpting than drawing, and to start with some reference imagery, if you’re trying to draw something from real life. Also, I typically use 16x16 or 32x32 sprites as a starting point. Also, doing a bit of googling on how to do it can help, there’s some good resources on how to do it. The biggest thing you need to do is shed the idea of everything having a black outline, at least at low resolutions.

                                                                                    If you’re going to get into Pixel Animation, I recommend picking up Asperite (or a program like it, I’ve also used Pyxel edit, but I like Aspterite better). Having a dedicated program for testing your animations is handy, and will save you turn-around time.

                                                                                    1. 1

                                                                                      Thanks for the tips! The idea of sculpting vs drawing is especially helpful.

                                                                                1. 8

                                                                                  Can someone please explain how it is possible that one malfunctioning SDK can break the entire app? IIUC this is due to Facebook login but still, why can’t the app continue to function regularly?

                                                                                  Or is it broken only for whoever actually logged in with Facebook in the first place?

                                                                                  1. 24

                                                                                    This is due to Facebook’s idiosynchratic engineering practices.

                                                                                    At least last time this happened (https://github.com/facebook/facebook-ios-sdk/issues/1373), two months ago*, just including the SDK was enough to bring your app down before it had even initialised because Facebook ran code in the Objective-C class load method, which no sane person would override, let alone do network calls in.

                                                                                    That’s the idiosynchratic part, but it spells disaster when combined with Facebook’s amateurish development practices: The SDK will load objects from the FB backend, parsing them with brute force, expecting them to always be well-formed. This, combined with no working internal CI/CD system, leads to situations like this, where anyone doing a configuration error on a backend service can bring down millions of clients without them even calling the code in question.

                                                                                    1. 10

                                                                                      “Idiosyncratic” seems like an exceedingly polite way to put it.

                                                                                      1. 5

                                                                                        Realized today that I’m more dismayed by the tech public’s reaction to this than the failures of engineering displayed. Specifically, a bunch of people over at the orange site believe it isn’t fully preventable when the fix is simply to see bad engineering decisions for what they are: static initialization is dangerous and has no place in a SDK deployed at FB’s scope. Full stop.

                                                                                        1. 2

                                                                                          Unfortunately, there are tons of SDKs out there that does static initialization. When brought this issue up with another big-name SDK during integration, the response is in the line: we need to do some initialization, and relying on SDK users to call “init” method properly is a no-go based on what we experienced. That sounds plausible, but the solution is to make sure you have init’ed upon the first call to your library, and this can be solved through tooling (adding a custom LLVM pass to call your init method if not through your public API).

                                                                                        2. 2

                                                                                          Do you have a citation for "no working internal CI/CD system"?

                                                                                          1. 2

                                                                                            They have a CircleCI instance, but if it did continuous integration and delivery, it would not be all-green.

                                                                                          2. 2

                                                                                            The SDK will load objects from the FB backend, parsing them with brute force, expecting them to always be well-formed

                                                                                            I spit water out of my mouth as I read it.

                                                                                          3. 9

                                                                                            It’s just shoddy code from Facebook, and it’s a hot mess, because their SDK calls home in the initializer, IIRC, and a “bad” result that causes it to throw will blow up any app that includes the SDK, even if the app doesn’t use FB login. It’s a total catastrophe.

                                                                                            1. 3

                                                                                              To add my speculative point to the good substantive answers above…

                                                                                              Another part of the problem is our industry has never really adopted REST as a way of architecting big public APIs. So instead of accessing them over HTTP using common patterns every API is expected to have a client library implementing the API’s custom, closed RPC-over-HTTP architecture.

                                                                                              (I don’t have any solutions, I’m just lamenting.)

                                                                                              1. 1

                                                                                                Which industry are you referring to? Serious question.

                                                                                                1. 2

                                                                                                  Software. Or that part of it that creates Web APIs.

                                                                                              2. 4

                                                                                                I’m guessing this is why a bunch of apps on my iPhone weren’t working this morning (GroupMe, Spotify, etc.). I wasn’t logged in with FB, for what it’s worth.

                                                                                              1. 10

                                                                                                I don’t think imposter syndrome is only a diversity problem, but it is a bigger problem for people who don’t stereotypically fit in. I think the core of it is about belonging.

                                                                                                I’m pretty much the generic cis white male tech nerd stereotype and I struggle with feeling like I belong. I can’t imagine being in a non-sterotypical group (both in terms of self-doubt of actual perspective taking and the normal emotional hyperbole ).

                                                                                                1. 10

                                                                                                  I’ll one up this: I’m a cis-het while male with a fairly long stream of senior roles at companies non-tech folks have heard of, and I still find myself looking over my shoulder on a regular basis waiting for someone to figure out I never got a college degree, learned how to code (and manage coders) on the job, and basically am unqualified to do anything I actually do based on normal gatekeeping/credentialism/etc.

                                                                                                  That being said: I have it easy. Odds are no one is gunning for me because I’m (again) a cis-het-white dude with just the right amount of beard and a dresser drawer full of t-shirts from the cool conferences I went to back in the ’00s and ’10s. My position in the overall hierarchy is pretty secure.

                                                                                                  So if I’m walking around feeling like I have a target on my back, how much more vulnerable should anyone without my automatic “safety net” of privilege feel?

                                                                                                  Some random selection of folks (original author included) feeling safe enough despite coming from a non-traditional background after many years of hard-fought experience is great, but what about all the folks who failed to reach the survivorship bias threshold?

                                                                                                  I’m honestly sad and angry about missing out on the input and support of so many brilliant, capable folks who got reflexively passed over by a recruiter or initial phone screener because their educational background, accent, gender, etc. made them seen less “qualified” by default. They should have been my peers, mentors, and friends all along, yet systematic bias removed them from the equation before we could even meet.

                                                                                                  That makes me angry, sad, and embarrassed in equal parts.

                                                                                                  1. 9

                                                                                                    I think that’s normal. A sense of belonging can’t come from a massive group like “tech.” It emerges from being known in much smaller contexts. There are very few shared values in tech now; whatever tech culture you have in your mind is probably still there, but simply lacks the marketing machine that is now in full force.

                                                                                                  1. 8

                                                                                                    I think that a massive part of the problem is that most folks working with computers believe that they understand computation far better than they actually do. This leads to mismatched expectations; we expect that the computer will empathize with us and recover the gist of our encoded meanings, mostly because after spending so much time thinking like a computer, we start to disbelieve that the computer can’t think just a little bit like us.

                                                                                                    I often say that our industry doesn’t really know how to program computers, and I imagine that the author takes umbrage with that sort of comment as encouraging impostorship. Hardly! Instead, I think that we should be much less tolerant of brashly carrying oneself around as if one understands computation.

                                                                                                    But don’t blindly listen to me, either. I have been rude and contemptuous in the workplace when I have interacted with peers who were assigned power and responsibility but don’t understand the details of the role into which they’ve been placed, and I’m relatively certain that this rudeness comes from a fundamental unwillingness to tolerate my co-workers’ overcomfident self-images.

                                                                                                    1. 4

                                                                                                      I like this line of thinking.

                                                                                                      Perhaps what we think of as “healthy” levels of self-confidence isn’t exactly helpful when dealing with computers. But, due to the context many of us operate within, it is expected that we perform in this way, and we become the role we were told to be, regardless of whether it’s the best fit.

                                                                                                      The world certainly biases for over-confidence, because it produces action, and action begets Results(tm). I’d even say it’s not wrong for optimizing for this, based on my personal experience. If I’m feeling low, sometimes the best thing to do is to just do something. But just because Something > Nothing doesn’t mean Something is even close to the better thing to do in a situation. And that better thing you can only reach by conscious, painful deliberation that doesn’t involve shipping.

                                                                                                      1. 2

                                                                                                        This is really good and important point, which I think deserves some broader framing. It’s not just some abstract concept of “computation” that we computer people don’t understand nearly as well as we’d like to think. We mostly don’t even understand the concrete technologies that we work with every day. How could we? There are huge stacks of them, with every layer full of shifting complex details. What’s essential and what’s merely incidental about any arbitrary sample of this mess? Even the experts don’t often agree! Overall, computing is a very ambitious, heterogeneous, and immature field. But it’s not just computers that we need to understand to do our work: it’s human cognition, economics, hyper-localized “business logic”, a handful of application-specific (or sometimes more general) mathematical and scientific theories… and endless tangles of historical detail.

                                                                                                        But somehow, we have to get things done, so we blunder bravely forward – or at least, those of us who do stand a better chance of survival. This biases the field towards those who can cope with the uncertainty, either through worry or through denial.