1. 3

    What a brilliant idea. Not only do these kids understand the community aspect of GitHub and opensource in general (seriously, this is better than most GitHub projects I’ve come across), but whereas Oculus opened the door for existing techies like you and me to get into VR, they’ve opened the door for ordinary kids and given them a goldmine to kickstart their entire careers. (I mean, I wish this was around when I was 15.) Expect big things to happen because of this.

    1. 1

      This company, with some 3000 employees I think, is more unified than I’ve seen with most 5-person companies.

      All I saw was “blah blah blah” until I read this. That’s pretty damn impressive.

      1. 2

        Ah… man… that’s too bad. Although I haven’t been paying too much attention to Eve, I still thought Chris and company were headed down a really solid track. As others have noted, the amount of research that went into the language—the number of prototypes that the team went through before arriving on the current version—is damn impressive. The whole experiment been super valuable, I think, in discovering how we use computers and reframing how we can making programming better. I guess maybe they were too out of left field. This is the sort of thing that university funding is good for, although academic studies rarely result in things that people can actually use, so it’s incredible that they even made it this far. I hope someone else can pick up the torch :(

        1. 4

          It’s nice to see these kinds of posts. I had no clue how much work went into this new release (aside from the work on reducing memory usage they’ve done over the past several years – not sure if that is related or not though) and as if the noticeable improvements in speed weren’t enough, I’m even more impressed now after having read this post. Super smart move by Mozilla for sure.

          1. 1

            Agreed completely. These days I become more and more cynical that the big players have too much momentum for the smaller players to really make progress. But stories like these show that with the right idea, strategy, team, and dedication, awesome things can still happen. I’m rooting for you Mozilla! Thanks for the amazing browser :)

          1. 1

            This is hands-down my favorite pattern in Ruby, and I use it all the time. I tend to take it further and do two things:

            1. Make the entire class constant a callable, meaning that the method it exposes is always called call.
            2. Name the class like I’d name a function.

            What this means is:

            1. You don’t have to live in the Kingdom of Nouns anymore.
            2. You don’t have to think of a clever name for the method that does the work.
            3. Because the class is a callable, you can treat it like a lambda and use the .() syntax. That makes it look even more like you’re calling a function.

            What that means in practice is that when you want to kick off this class, you will end up saying something like

            CalculatePayroll.(payroll)
            

            instead of

            PayrollCalculator.calculate(payroll)
            
            1. 2

              When we asked parents what they imagined the target age group for the app to be, we got responses that estimated ages 9, 10 and up

              First off, I agree that it’s crazy to expect 5-year-olds to be able to read and write code. But I think that what they’ve done here – starting with something visual and then progressively introducing text – is a very smart idea. I could see it working on older kids and even adults. So I’m just going to pretend that’s their audience :)

              It felt somewhat silly

              I think this is the key point of the article. There are many, many, many tiny bits of knowledge that we, over time, have accumulated as developers. Some of those are small ideas, but some of those are big ones! And if you’re learning programming for the first time, you have to make a mental leap to gain understanding of these big ideas.

              And to make a mental leap, you have to start from somewhere – somewhere you know, somewhere you’re familiar with. The problem is that new programmers don’t have much to start from – everything is unfamiliar. Shoving a bunch of text in front of them won’t help, even if they can read just fine. For one, a computer language isn’t just text – it’s a bunch of characters that follow a complex set of rules. Certainly some people will be able to internalize those rules better than others, but none of that matters if you’re teaching fundamental programming concepts. Second, programming isn’t learning how to write in a language – that’s merely a means to an end. There’s a reason why Engrish shirts are funny. The people that make the shirts just like how English looks, but they clearly have no idea what they’re saying. Learning syntax is certainly important to programming, just as learning music theory is important to learning to play a musical instrument. But until that happens, you need to bridge the gap.

              Text isn’t the only way to convey ideas, and we need to be conscious of that when we teach people programming. It shouldn’t be silly to think like this, but we’re so used to our text editors and how programming is “supposed” to look like that we don’t seriously consider any alternatives.

              1. 4

                Oof… this was heavy. I got lost somewhere around the point where he introduces the decision table. :(

                1. 3

                  On a side note, decision tables were what John Nagle recommended for smart contracts. Easy for lay people to understand and for computers to analyze.

                  1. 1

                    Have you got a link to that anywhere, sounds interesting and my search engine Fu is failing me.

                    1. 2

                      I did some digging and this appears to be the comment in question

                        1. 2

                          Good find, I could only find other posts from @nickpsecurity repeating his statement :) Thanks!

                        2. 1

                          I dont have one to his comments but here’s Decision Tables:

                          https://en.m.wikipedia.org/wiki/Decision_table

                          Also, Googling model-checking decision tables will give you at least one paper on using automated solvers with them.

                    1. 2

                      This is disappointing.

                      With an automated, zero-cost CA, there are very few legitimate cases for wildcard certificates, and the risks increase with their use.

                      I don’t understand why LE couldn’t simply allow for higher thresholds on certificate issuance, and instead support certificates that are actually a worthwhile goal: free S/MIME that doesn’t involve suckling at the Comodo teat.

                      1. 8

                        The biggest use case for wildcard certs is SaaS. If I have 10,000 SaaS customers with hosted domains like customer.example.com, LE wouldn’t want to issue (and renew!) that many certs. It also may exceed their rate limiter.

                        1. 3

                          Yes, this is exactly why I can’t use LE for my business right now.

                          1. 2

                            LE creates SAN certificates, which let you group together multiple domains under one certificate. So you can use LE for a SaaS product like this if you’re clever about automatically grouping domains together. See: https://letsencrypt.org/docs/rate-limits/

                            1. 5

                              I know that LE can support up to 100 domains in the same certificate with SAN certificates. But I feel like the complexity implied by grouping domains together is not worth the few hundred bucks of a wildcard certificate.

                              1. 2

                                I’ve not known many companies that want to publish their full customer list so publicly :)

                          2. 4

                            What are the risks for wildcard certificates?

                            1. 2

                              I do like the option when it’s there. For example when SNI is not available and you are running low on IPs.

                              1. 0

                                The main concern is phishing.

                                If you look at your URL bar and see a green lock next to https://www.paypal.com.mysite.biz/login.php, you’re a lot more likely to log in.

                                1. [Comment removed by author]

                                  1. 3

                                    I agree. If you can prove you own the domain, shouldn’t you be able to call your domain whatever you want and get a certificate for it?

                                    So the real risk, it seems to me, is in the way you show that proof. If the CA asks for this proof in a way that’s not secure, that to me would be a problem.

                                  2. 7

                                    You may be interested to know that browsers limit wildcard certs to one level deep, for this reason.

                                    1. 2

                                      What does this risk have to do with phishing?

                                      In any event, the CAs aren’t the right place to solve phishing, services like SafeBrowsing are.

                                  3. 1

                                    I like supporting wildcards but I do wish they’d dramatically increase the rate limits and decrease the suspension time. Getting banned for a week after a fuckup or bug is nuts.

                                    1. 1

                                      Agreed 100%.

                                  1. 2

                                    This is a nice resource, but like a lot of online books I’ve found, this claims to be written for beginners, but fails to really cater to them. Take a look at the introduction, for example. A beginner is not going to care about why the language was invented or who invented it. They are not going to care about abstraction even – they don’t even know what that is or why it’s even a concern. They are not going to want to set up their editor and they are not going to care about code style. There is a bunch of boilerplate here before the “real” code is presented. Someone who is truly new to programming will be completely overwhelmed by all of this information up front. They want to be able to get going immediately so they have a sense of satisfaction. Of course, all of this depends on learning style – some people like reading everything, even if they don’t understand every word that’s written. But I think that speaks to a short-sightedness – there are certainly other kinds of people that learn differently. So this is a good attempt at aggregating basic information about Ruby, but I am not sure how effective it will be in truly getting beginners to learn Ruby, stay with it, and use it well.

                                    1. 4

                                      This is great to hear! I’ve been using Let’s Encrypt for a client’s site and it’s been awesome to use.

                                      1. 1

                                        Which OS and client?

                                        1. 1

                                          Well, the certificates are generated on the server, which is a Linux machine. I’m using the certbot tool to generate the certificates, which admittedly isn’t an ideal choice considering it’s a web app, but it’s the first thing I found, it was easy to get started with, and I didn’t have a whole lot of time to write something that talked to the ACME API directly. That’s for a future update :)

                                      1. 1

                                        This seems like a super elaborate but largely unnoticeable prank. “Hey, Jimmy, notice anything different about your cat?” “No.” “Well, you’re in for a surprise! I created a device that creates a portal to another dimension, and then I took your cat and replaced every atom in her body with a different atom that I stole from that dimension.” “Oh… okay?”

                                        What does this actually do? I’m assuming perhaps it thwarts hackers from gaining access to the kernel by exploiting vulnerabilities that expose memory locations (such as Heartbleed), similar to how GameBoys and other game systems are hacked through memory for emulation purposes. Is this accurate?

                                        1. 1

                                          Yeah, I feel the same way. It’s a neat trick, I assume it helps security in some way, but I have no idea how or why I should care.

                                          The only thing I can think of is that it partially defeats vulnerabilities that depend on overwriting kernel code in specific locations, but it seems like it’s solving a symptom, and not the real problem.

                                          1. [Comment removed by author]

                                            1. 1

                                              Full disclosure: I’m going to be annoying and nitpick one word: impossible. ;)

                                              Nothing is impossible when it comes to manipulating weird machines.

                                              The purpose of exploit mitigations is to drive up the economic cost of the attacker. The more costly it is, the fewer potential attackers there will be.

                                        1. 2

                                          Sounds like an epic undertaking here, but if they already know that microservices work best when you already have small teams, then they’re on the right track.

                                          I’ve been using Kubernetes + Google Cloud Platform for a client site I’ve been working on, and while there are still some rough patches and not everything is as easy as it could be, it’s a step above anything that Amazon has released so far. I admittedly gambled a bit when choosing it, but posts like this validate the hunch that I got when I first came across it – that it was and will continue to be a game changer as Docker gains more and more popularity.

                                          Using protocol buffers for communication between microservices definitely gets points from me, too.

                                          1. 2

                                            Very interesting. For the curious, this seems to make use of naturalWidth and naturalHeight which are properties of the img element and represent the actual width and height of the image (source: https://developer.mozilla.org/en-US/docs/Web/API/HTMLImageElement). The 96/300 bit is there, I presume, because the images he chose were saved as 96dpi. I’m guessing you’d want to change this if the dpi was actually different.

                                            1. 3

                                              But if you know the dpi upfront surely you also know the image size?

                                              I don’t understand the advantage in that case.

                                              1. 1

                                                Images don’t really have a DPI, they are just a raster of pixels x wide and y tall. This demo is designed as something to show the people wanting to know how to ensure they can print 300dpi images from sources they have embedded in HTML. I had a handful of people ask a very similar question in a timespan of 1 week, so I made a demo to have ready for the next person who asks :D

                                                1. 2

                                                  Most image formats have EXIF or similar metadata - much more than just a raster.

                                                  It’s common IIRC to include ‘resolution’ which browsers could (no idea if they do) use when printing.

                                              2. 2

                                                dpi != ppi: dpi is dots per inch and means printed resolution of ink dots per inch of paper. It has no immediate relevance for the display of an image on a screen, which depends on pixel per inch, or ppi, of the LCD and the software doing the displaying. So, you can save the dpi information in the file for printing, but it will not be used by browsers. The hack presented here “fixes” that by instructing the browser to scale the image down.

                                                All modern browsers use a 96 ppi resolution as the basis for calculating widths: make an element have a width of 1in, it will be displayed as 96 logical CSS pixels. The 96/300 is there to display the image with a density of 300 ppi. So, if I have an image that has a natural width of 300 px, it will always be as wide as an element with width: 1in.

                                                Personally, I think one should instead use the <picture> element to let the browser choose an appropriate image to download. This way no bandwidth is wasted transferring huge images that are scaled down to a third of their width anyway.

                                                1. 2

                                                  Omg, you’re totally right about dpi vs ppi. I knew I was having a brain fart. Thanks for clearing this up.

                                              1. 5

                                                The search index is the main bloat of the program, requiring about a gigabyte of memory to represent. Note that because I’m too lazy to set up a proper server and elasticsearch index, everything in this demo is in Javascript running in your browser.

                                                Yikes!

                                                1. 2

                                                  This is why I hate Swype, despite my friends constantly asking me why I don’t use it: it’s faster for me to type with two thumbs than it is to slide my finger across the screen.

                                                  I would love to figure out how to reconfigure my keyboard to support one of these new layouts.

                                                  1. 3

                                                    Does this mean that we’ll get an official mobile version of Pinboard? Pretty please?

                                                    1. 1

                                                      Our AWS bill is six figures per month

                                                      Jesus Christ. Is this normal? I didn’t realize Segment was that large.

                                                      1. 4

                                                        They have 140 people listed on their team page, so they’re spending at least $14M/year on them (and likely quite a bit more). If their infrastructure cost is 10-20% of that, that seems perfectly normal.

                                                        1. 1

                                                          Depends… Segment has a JS client that runs on customer browsers (like google analytics), then needs to take those events and publish them to downstream analytics servers, not hard to imagine a large bill in those circumstances.

                                                        1. 4

                                                          Arrogant title, but exceedingly humble article. Great read!

                                                          1. 4

                                                            I think the title is supposed to be funny and not antagonistic :)

                                                          1. 4

                                                            Not surprising, although it does seem like diminishing returns at this point (unless you count nixing any potential lawsuits, in which case it seems like a big win).

                                                            The thing that caught my eye about this, though, is that the entire UI as well as apps are being built using something new called Flutter: https://flutter.io/. I guess Google thinks that cross-platform solutions like React Native, Cordova, etc. are the way forward because that’s what they’ve decided to make here. Also, Flutter is built on Dart, which up to now 1) I thought was just a way to write fancy JavaScript à la TypeScript and 2) I didn’t think was actually being used for anything. Seems pretty neat.

                                                            1. 2

                                                              Dart was originally built for a VM! My understanding is that they originally compiled to JS so that other browsers could run Dart. I’m not sure if that officially is the stance anymore–I’m guessing not?

                                                              1. 2

                                                                The VM will not be going into Chrome, but they’re improving the compilation to JS and the language itself quite a bit. The VM will remain supported, just not bundled with a browser. Source: I use Dart at work :-)

                                                              2. 1

                                                                I didn’t think was actually being used for anything.

                                                                According to them, Google rewrote basically their entire ad platform in Dart.

                                                              1. 1

                                                                Did a bit of Googling. The author here is John Underkoffler, who designed the UI for the futuristic computer shown in Minority Report (the UI in Iron Man was inspired by this and other ideas but was not designed by them IIRC – someone correct me if I’m wrong). The “Oblong Industries” he mentions is his company and here is their website: http://www.oblong.com/company/story/