1. 3

    Typed languages are better when you’re working on a team of people with various experience levels

    Funnily enough, the opposite is true for me. I used to be strongly in favor of typed languages, but now I simply don’t care that much. I’d say that I have less trouble navigating the project I’m currently working on (Ruby on Rails) than I had navigating previous projects written in C# and/or Java. In the end, I guess it all depends on many other factors, not just the language itself.

    1. 8

      Having recently (past year) learned Rails as well as Haskell I’ve found that the style of types and amount of enforced structure is a significant factor. The type systems of Haskell, Elm, etc help me a lot more than those of C# or Java. Lack of types in Rails isn’t as much of an issue because everyone writes roughly the same way. So without an expressive type system like Elm then I’d argue you need a very rigid structure like Rails.

      1. 2

        My view on typed languages has both changed a lot and stayed exactly the same. I’ve always thought that most of the interesting properties that I care about and don’t want people to get wrong are not ones that type systems typically express. I’ve more recently learned about some type systems that can express those properties in a useable way, so now I’m massively in favour of strong type systems, just not the ones that most languages have.

        1. 1

          For me it kind of depends on how much turnover your team has and how much of your time is dedicated to teaching a code base or an entire language, for that matter. Sometimes newbies are competent in a codebase relatively fast, others can make dangerous mistakes without the “training wheels” typed languages tend to provide.

          1. 4

            I find no interesting codebase is small enough for all that bollocks to stay in my head, why on earth should it when we can make the computers remember it all for us?

            1. 1

              I’m not talking about memorizing a code base. I’m talking about teaching new teammates about an enterprise code base. I think knowing at least a portion of how things work is necessary before making a change. Sometimes new teammates don’t even know the language that a code base was written in, so you need to teach them about the language itself.

              1. 2

                Yikes, I’ve never been there thankfully.

        1. 18

          Our sysadmin @alynpost is resigning as moderator and sysadmin to focus on other projects. Prgmr will no longer be donating hosting. For security’s sake, I’ve reset all tokens and you’ll have to log in again - sorry for the hassle.

          Is there any risk that Lobste.rs could go offline in the future due to running costs?

          1. 38

            No. The new hosting bill is $75/month, which I don’t mind at all.

            1. 14

              Isn’t that very overpriced? 40€/month at hetzner gets you a dedicated machine with a Ryzen 5 3600, 64GB of RAM and 512GB of SSD on RAID1 (no affiliation or anything, it’s just the provider I know).

              1. 8

                Hetzner also just uses electricity from sustainable sources, while with digital ocean it depends on the location

                1. 3

                  Hetzner is the goat! I use them for my VPS and it’s the best deal I’ve seen yet for cloud services. The fact that they’re environmentally friendly as well makes it that much better!

                2. 5

                  Does Hetzner have managed MySQL? Seems like it’s a big hassle removed there.

                  1. 6

                    You can rent a managed server with Hetzner and they have a panel to install and mange MySQL on it, but I don’t think it’s comparable to DigitalOcean’s managed offerings.

                    1. 1

                      Would be really interesting to hear what they’re doing with “managed”. Because based on the prices I’d say prgrmr.com is also not cheap compared to the hardware you get.

                3. 5

                  Would you consider accepting donations for hosting?

                  1. 35

                    I appreciate the offers but prefer not to, no. Still looking for someone to print-on-demand stickers, though.

                    1. 12

                      I’ll buy $75 worth of stickers every month to show my appreciation.

                      1. 6

                        Minor dissenting opinion:

                        I support a lot of people on Patreon and expect nothing in return. Chipping in $5/month to Lobste.rs because I like the community and the stuff that gets shared here isn’t a tall order, and won’t come with any entitlement. (A lot of the people I support are artists and content creators that are usually in high demand from the rest of the community.)

                        I can’t speak for the rest of the community, but I don’t think I’m particularly saintly in this regard. :P

                        If the expenses grow, please don’t rule this option out entirely.

                        1. 3

                          It seems to me that the expectation comes from the design of sites which ask for monthly donations. Thinking out loud here, but a donations system which really was just a donations system, something more similar to ko-fi and didn’t have names attached, might help highlight the fact that by donating one is helping out rather than a new account tier?

                          I personally also donate on Patreon and expect nothing.

                        2. 4

                          Thank you! That is a great attitude.

                          I have one concern though. What happens when lobste.rs keeps growing and the bill increases? What is your maximum you would spend on the site? Wouldn‘t it be better to care about that rather earlier than later?

                          1. 22

                            By design, Lobsters grows pretty slowly. I’m thinking of design decisions like invites vs open signups, and a narrow focus rather than a subreddit for everything. Growth is not a goal like it would be in a startup, and I’d pause invites if we saw some kind of huge spike.

                            Right off we should have plenty of spare capacity. I aimed to overprovision this new server and we’ll see if I eyeballed that correctly as we reach peak traffic during the US work week. If the hosting bill goes to about 10x current I’ll start reconsidering donations. But that may never happen! Hosting costs slowly decline as power gets cheaper, data centers get built, and fiber gets laid. Lobsters is cheap to run because it’s a CRUD SQL app pushing around text a few kilobytes at a time and our size increases slowly. I hope not to jinx it, but it seems likely that our hosting bill is flat or declines over the next decade.

                          2. 2

                            Not print-on-demand afaik, but Sticker Mule has been great to work with in the past for me.

                            1. 1

                              I’m definitely in the market for some stickers if you find a service or have any left over from the first batch!

                              1. 1

                                Redbubble do print on demand for stickers, iirc.

                            2. 5

                              Does hosting lobster requires lots of CPU or RAM?

                              1. 5

                                It’s Rails. So both :)

                                1. -1

                                  #rust

                          1. 3

                            Reading “The Mythical Man-Month.” It parallels Eberhardt Rechtin’s “System Architecting” book in many core concepts, and expands on them from a software-specific point of view. “Conceptual integrity” is the concise definition of something I’ve been unknowingly searching for while reading books on software. I already realized id’s structure as described in “Making of Doom” is Brooks’ “Surgical Team”.

                            1. 3

                              Reading “The Mythical Man-Month.”

                              I read that as “The Mythical Moth-Man”

                              1. 2

                                Have you seen the book cover?

                                1. 3

                                  Brooks’ “The Design of Design” is really good, if you haven’t read it.

                                1. 2

                                  I’ve seen similar scripts across my company that “work”, but can stand to be heavily optimized. I think people also don’t realize that if someone is blocked, waiting on the output of some long running script, they are wasting unnecessary company time and therefore, money.

                                  Sure, 30 minutes isn’t very long in a discrete event, but extrapolate that over months and/or years and you’ve got yourself quite an expensive operation. I do believe that anyone who tries can code, but it’s worth investing in the people who can do these sorts of optimizations and it’s absolutely worth paying the upfront cost of planning and developing the right algorithms.

                                  1. 5

                                    In my experience it’s not really the wasted wall-time-dollars that matter; rather it’s the related opportunities you miss. If it takes 30 minutes to run a function, you’re going to do a lot fewer iterations (if any) on the data you’re putting in or set of interesting correlations you might be capturing along the way, nor will you choose to re-use that code in anything that needs to be done often.

                                    1. 1

                                      I don’t believe a less technically inclined person would be able to quantify the loss of related opportunities. I also don’t believe they would know the optimal usage stopping point of less than performant code.

                                      I still think businesses shouldn’t overlook the people who take the time to analyze the entire situation, regardless of the resultant benefit.

                                    2. 3

                                      Worse, I find I’m most prone to get distracted during long build times. I’ll start working on another task if it’s even possible (if I work on the same codebase on a long build, it might break the build if the IDE saves my changes) or get bogged down in email or slack, and forget to check the progress bar.

                                      I’ve taken to grafting in text to speech notifications in my build and lint scripts just to remind me what I was waiting on.

                                      1. 1

                                        This too! People in JS-land put up with a lot of bad stuff just to get rapid turn-around.

                                    1. 1

                                      I’m playing with and learning Go by building a very simplistic background task management system using Redis lists and PubSub. I was looking at RabbitMQ, but didn’t want to learn AMQP right now. I wish antirez had continued work on disque.

                                      I’m using goroutines and channels to manage the system from the same process, but eventually I want to decouple the ‘worker’, ‘tasker’ and ‘notifier’ routines into their own processes. I’m looking at Hashicorp’s Nomad as a way to orchestrate all processes from a single binary entry point (as an alternative to containerization). My goal is to have a simplistic production deployment workflow while maintaining a scalable task management system.

                                      1. 2

                                        Walking early to avoid the heat, working through the Godot docs and playing a lot of Divinity 2.

                                        1. 5

                                          I’m determined to finish my Blender Doughnut.

                                          This is my first foray into 3d modelling and I find it truly impressive what the software is capable of - and I feel I’ve barely touched the surface.

                                          1. 2

                                            Awesome! Me too, really need to buckle down because I know I’ll love it.

                                            1. 1

                                              What are your learning resources? I tried a well-rated Udemy course, but after an hour or more of not actually making anything I got a bit bored and gave up. I’d like something that’s more learn-by-doing, even if it leaves gaps in my knowledge. I can come back and fill those in later.

                                              1. 4

                                                I’m following along this YouTube series: https://youtu.be/TPrnSACiTJ4

                                                I’ve been trying to do one video a day (each one is around 10-20mins). It’s been tricky at parts -especially at the beginning - but the teacher is really good.

                                                Two tips if you decide to try it:

                                                1. Version control your project. I’ve had to start again a couple of times because I’ve pressed something that messed it up and undo just wouldn’t work.

                                                2. Take a look at the comments on each video. 3-4 times his settings are slightly different which caused problems following along. The comments saved the day.

                                            1. 1

                                              Would there be benefits on using it for existing projects? Such as the classics (TLS, SSH, PGP…). Or is the benefit only noticeable for new projects, for which there is not yet a (too) large crypto code base in use?

                                              1. 2

                                                Monocypher is focused on a small number of modern primitives. That makes it incompatible with most of what those old standards need. No AES, no RSA… So I’d say new projects only.

                                                In addition, Monocypher is a low level crypto library. A toolkit with which you can build higher-level protocols For instance, I’m currently working on authenticated key exchange with Monokex. Or you could build Noise.

                                                1. 2

                                                  Forgive the possibly ignorant question, but would Monocypher be useful for encrypting traffic between two servers? I’m in need of encryption in a distributed system where SSL certificates would be unreasonably expensive and self-signed is not acceptable.

                                                  1. 3

                                                    It would be, but you’d need to implement an existing protocol (such as a suitable Noise pattern) that provides the security guarantees you want.

                                                  2. 1

                                                    I like the idea of small, strongly built, loosely coupled building blocks on top of which implement higher-level parts.

                                                1. 12

                                                  My social life has gotten weirdly more busy since the pandemic started. This weekend:

                                                  • Video call with parents and brother’s family
                                                  • Remote game night with friends from out of state
                                                  • Remote D&D with my regular local group
                                                  • “Baking together” over video with a friend I’ve been exchanging recipes with

                                                  I suspect this means I’m not really all that anti-social, but instead I just don’t like leaving the house. ;-)

                                                  1. 1

                                                    How do you usually bake over video with people? I’ve been interested in trying this out.

                                                    1. 3

                                                      Nothing too complicated. I’m just standing up an iPad on my kitchen counter and chatting while we both make the same recipe.

                                                      Every once in a while the camera gets pointed at the baking – “this is such wet dough!” or “MORE GARLIC” – but it’s much more about being social and getting us to actually do the baking. :)

                                                    2. 1

                                                      Same for me. I am connecting more with people who live far away. It’s seems like now that it’s more normal to just get on a video call with people, I am connecting with them again. And no driving home at the end of the night is nice.

                                                    1. 4

                                                      I’ll be grinding on LeetCode for a bit, playing Animal Crossing and checking out some free Coursera courses!

                                                      1. 3

                                                        I am a proponent of tracking 1-1s in a shared document. My company – and I’m sure many others – requires self-evaluations on a periodic schedule.

                                                        Having a historical record of your goals and achievements not only makes personal evaluations much easier, but also helps achieve the high level of communication that is often lacking in a manager/report relationship.

                                                        1. 1

                                                          I liked it in particular because if there was something that came up but that wasn’t pressing, I could just drop it in the shared doc. That would ensure it was at least mentioned, if not resolved.

                                                          Chat system standups can serve a similar purpose and I’ve definitely harvested them for self assessments too.

                                                        1. 2

                                                          I have been using the Dell S2716DG for about a year now and have loved it so far. It’s a 27-inch 1440p 144hz monitor with G-SYNC, which is probably overkill for non-FPS games especially now that Nvidia supports Freesync monitors.

                                                          1. 2

                                                            I’m currently deep within the third world described in the article, internal client/server TLS. Already being within a private network, it’s unreasonable to purchase a unique certificate for every server host on the network.

                                                            My best two options seem to be:

                                                            1. Dynamic self-signed certificates created at server start up. Publish certificate to centralized & trusted location that clients can read from.
                                                            2. Distributing a single certificate to entire server pool, signed by an implicitly trusted internal CA.
                                                            1. 4

                                                              The standard approach seems to be an internal CA with some sort of automated certificate issuing mechanism (and often trusting only the internal CA, not any public CAs). This does require the automated CA stuff, but I believe there are open source projects for that. If that was too much work, I would be inclined to treat the situation like basic SSH, with a self signed certificate created on startup somehow (either centrally and then distributed, or locally and then published).

                                                              (SSH can also use the ‘internal CA’ route, of course, with server host keys being trusted because they’re signed.)

                                                              1. 1

                                                                At least for our product at work (cloud-first with on-prem option), the TLS scheme used in “the wild” sometimes meshes badly with internal CA’s used by the on-prem customers. The “stumbling block” is often browsers like Chrome, which can’t easily be convinced to trust an internal CA.

                                                                1. 1

                                                                  We do have an internal CA, so I will probably go that route to get maximum coverage at sites we host. Unfortunately, clients can choose to host themselves and therefore will not trust our internal CA, leaving them to their own devices.

                                                                  This service is very core to the company, so failing to form a secure connection means failing to ingest important data. I may end up having to go to a hybrid approach in the end.

                                                                2. 2

                                                                  you want option 3, like @cks mentioned. Each service gets their own cert signed by your internal CA[1]. You would do the same with SSH[2] except obviously it’s by node for ssh instead of by service. Hashicorp Vault[0] will help manage all of this for you.

                                                                  0: https://www.vaultproject.io

                                                                  1: https://www.vaultproject.io/docs/secrets/pki/

                                                                  2: https://www.vaultproject.io/docs/secrets/ssh/signed-ssh-certificates/

                                                                1. 3

                                                                  I’ve never considered non-secret Telegram chats as secure. Like a comment on the page suggests, I’d like to see network traces from the context of a secret chat.

                                                                  1. 2

                                                                    Trying to get a different C or C++ (or Rust) job. I’m applying to nearly everywhere on the US East Coast, got to a second phone interview for one, and have a coding test to do over the weekend for another.

                                                                    1. 1

                                                                      Good luck, let me know if you are willing to go inland a little bit from the coast and want a referral. No Rust though, sadly.

                                                                      1. 1

                                                                        Just saw this opening, too, though it’s on the west coast.

                                                                        1. 1

                                                                          Fingers crossed! I’d love to work with Rust at my day job, too. We’re also hiring on the east coast if you’re open to consultant work and want a referral.

                                                                          1. 1

                                                                            Nice! I just started reading the “book” last night. It’s actually been really fun going thus far.

                                                                            1. 1

                                                                              Good luck! I’d love to land a Rust job somewhere.

                                                                            1. 13

                                                                              MessagePack is also used by saltpack, a modern crypto messaging format.

                                                                              1. 2

                                                                                Thanks for the link, that’s cool!

                                                                              1. 1

                                                                                Some good alternatives for hosting with a domain name in the same price range are:

                                                                                DigitalOcean Linode Prgmr

                                                                                1. 1

                                                                                  The real problem is the laziness that becomes easier to achieve with a framework that – more likely than not – provides more functionality than you need. That doesn’t mean that modern frameworks are inherently bad, it just means you will probably have to spend more time optimizing than if you had written everything from scratch for a hyper specific use case.

                                                                                  In an environment where pragmatism is valued, web frameworks really shine. You will probably have to do some post-optimizations though.