1. 20

    Good gravy, my eyes. That site’s style screams “I hate you, reader”

    1. 4

      what happens when disparate applications really do need to know about data in other applications? … Fire off a message saying “CustomerAddressUpdated” and any other applciation that is concerned can now listen for that message and deal with it as it sees fit.

      What happens if the message drops?

      1. 1

        PubSub should guarantee delivery.

        1. 3

          And/or you can make it so that the application maintains the events as part of its service. Then, if there’s an outage, as part of the recovery you can go read the event log and update the data as required. Any solution where event messages aren’t ephemeral will do, I think. I also think “not being able to emit an event message” should also be treated like a fairly critical incident, if you go down that path. I think many things.

          1. 2

            How? The application can crash between updating the data and publishing the message.

            1. 1

              Ah, you mean the publishing app - I’d thought you meant the subscriber earlier. Treat messages the way an offline email client treats newly composed email: stick it in a queue to be sent and only remove items from the queue once read receipts have been received for them. This requires message to be idempotent, of course.

              1. 2

                That doesn’t address my question, though: there are two actions happening: update the data in the DB and tell people about it. The app can fail between the first and second.

                1. 2

                  The message creation (e.g. postgres queue) can be part of the data transaction. Otherwise you need 2PC to guarantee the operation between two subsystems. https://en.wikipedia.org/wiki/Two-phase_commit_protocol

        1. 0

          Talk about over complicating things. There are plenty of ways to make money from software - just ask Oracle, Microsoft, Amazon, Facebook, Twitter, Google, Docker, Red Hat, etc.

          Honestly, the self martyrdom of some FOSS developers is difficult to understand.

          1. 3

            Software that is being created to be sold, yes. Software that is being created to further society in a way that is beneficial for all, e.g., free software, no. Even the super important projects like OpenSSL aren’t well funded… Everyone makes a lot of assumptions about software—“oh they do this at work, for their jobs”—but my guess is that is the case for only a small handful of the most popular projects, and the rest are doing the work, gratis.

            1. 1

              Every single one is VC-backed. Your “plenty of ways” boils down to one way.

              1. 1

                I agree with the premise but it’s been a while since MS raised VC, right?

                1. 1

                  The ones I listed were VC backed, but that’s only because I purposely chose over the top examples where the founders became billionaires. (And also RedHat ;-)

                  But there are tons of smaller companies who aren’t backed by VCs, whose founders and employees make a decent living creating software. Things like Pixelmator, Reaper, Quicken, etc.

                  1. 2

                    whose founders and employees make a decent living creating software. Things like Pixelmator, Reaper, Quicken, etc.

                    None of those examples are open source… No one is making a claim that you can’t successfully sell software…

                    1. 1

                      The concepts of “open source” and selling software for money are orthogonal. The linked article is about a scheme for people who have chosen to give away their software to try making money from it. My point is that they already made that choice when they decided to give it away to everybody for free.

                      I think there’s some short sighted-ness in software developers around FOSS. To use your OpenSSL example, if it’s a “super important project” (which is just an opinion), then it’s important for the project to organize itself in such a way that it’s sustainable, and that means providing for the developers so that they can keep developing it.

                      1. 1

                        To use your OpenSSL example, if it’s a “super important project” (which is just an opinion)

                        I’m basing it’s “super important project” status on the fact that it has 100s of millions of users (or more) given it is linked in popular browsers, and popular web servers. You’re likely interacting with OpenSSL as you load Lobste.rs. So, yeah, it’s “super important.” There are viable alternatives, now, but that wasn’t really the case until recently, and the amount of effort for the 2 developers to keep it up, in their free time, for the benefit of society, has caused issues in the past. See also GPG’s fund raising efforts, and countless others.

                        for people who have chosen to give away their software to try making money from it.

                        No. It’s absolutely not about that. It’s about recognizing that free / open source developers aren’t peons to be trampled on, but, instead, valuable members of our global economy. The chances of this model, or any other model, being sustainable for all contributors is next to nil. Please keep that in mind. Even the most successful of projects that use a foundation model can’t pay their contributors living wages. But, if the original authors choose a different model (than open source) for release, it’d have been very, very, very difficult to make it.

                        As you’ve stated now, multiple times, if you want to make money off of your software, you have many avenues to do so. And, look at @mperham, nginx, puppet, and all the other businesses that have successfully created sustainable businesses from roots in open source. It’s possible, but this avenue isn’t right for every project, nor is it right for every situation. I’m not going to give up my cushy corporate job to struggle to survive on and build a business based on a piece of software I found useful to me. I’d be happy to let others do that if they desire, and I indicate that with the licensing I choose to use.

                        1. 1

                          I’m basing it’s “super important project” status on the fact that it has 100s of millions of users (or more) given it is linked in popular browsers, and popular web servers. You’re likely interacting with OpenSSL as you load Lobste.rs. So, yeah, it’s “super important.” There are viable alternatives, now, but that wasn’t really the case until recently, and the amount of effort for the 2 developers to keep it up, in their free time, for the benefit of society, has caused issues in the past. See also GPG’s fund raising efforts, and countless others.

                          At the same time, 100s of millions of people are using iOS, Windows, and OSX, so by that criteria they are also “super important”, yet none of them are available for free. Price and size of user base aren’t really criteria for determining importance.

                          I’m just pointing out that society in general isn’t going to have much sympathy for people who’ve voluntarily given away all of their work.

                          1. 1

                            Price and size of user base aren’t really criteria for determining importance.

                            Just what do you think the word important means, then?

                            iOS, Windows, and OSX

                            This logic… is so weird. Yes, they are super important, too. They contribute 100s of millions of dollars in revenue every year to Microsoft and Apple. Do you agree that Microsoft and Apple save millions of dollars a year by not hiring developers to develop proprietary replacements for the libraries and programs they bundle in their distributions? And, at the same time, reap tremendous additional benefits from doing so, by virtue of remaining compatible with other software systems that said, users of those systems want compatibility with?

                            This post outlines one possible way for them to say thanks. Making a contribution to this type of fund would more than pay for itself in good will and positive PR.

                            Note: I don’t even know if I agree with the model outlined. Though, I do agree that some monetary compensation to folks contributing to liberally licensed software is healthy for the ecosystem, human/labor rights generally, and the economy

                      2. 1

                        The linked article is about a scheme for letting people who have chosen not sell the software they write can try to make money off of it. My point is that they already made that choice when they decided to give it away to everybody for free.

                        I think there’s some short sighted-ness in the software world around FOSS. If OpenSSL is a “super important project” then it’s important for the project to organize itself in such a way that it’s sustainable to develop it. Forcing the developers to work on other things for their day jobs, or having them beg for money isn’t sustainable, and it really isn’t necessary - it’s a choice they’ve made.

                1. 3

                  I love the minimal dependencies and easy database. Should make it much easier for hobbyist operators.

                  The advantage of Discourse is the business model. They will be in business and supporting their system 5 years from now. The odds are that this project will not.

                  1. 2

                    Thank you! Glad you love it :)

                    Indeed, that is Discourse’s advantage. All I can say is that this project has already been around for more than 5 years, albeit in a much different form, so it is likely to stick around for another 5. Perhaps I should look into copying their business model, I do find it sorta insane that they are charging $100/month minimum for hosted instances of Discourse, but I suppose that is how they make money to support their project.

                    1. 3

                      You are thinking like a developer, not a pricing expert. There are plenty of cases where $100/mo is quite cheap. As a business, you want to get customers with lots of budget and little actual traffic demand. Customers are thinking of it as a service they don’t need to staff and manage through IT. Think in terms of value you provide, not your costs to provide that value, when pricing.

                      Feel free to join my happy hour some week if you want to talk about building a business on your open source:

                      https://sidekiq.org/support.html

                      1. 1

                        Just saw your reply. Makes a lot of sense! I’ll definitely check out your happy hour, thanks :)

                  1. 2

                    On Linux:

                    cat /etc/<pid>/status | grep VmRSS
                    
                    1. 3

                      Hope he gets a job. I’m just puzzled at the meaning of 5.1 kids.

                      1. 10

                        Surround sound kids. Which honestly could just mean one and some sugar.

                        1. 8

                          The .1 is the woofer, likely a rescue or mutt.

                        2. 2

                          Wife just got pregnant, at a guess.

                          1. 1

                            Looks like it. So it’s 10% done…

                        1. 5

                          Bash supports CDPATH. It’s not as smart of autojump but it’s everywhere out of the box. Mine:

                          export CDPATH=".:~:~/src:~/src/github.com/mperham:~/src/github.com/contribsys"
                          
                          1. 40

                            Whenever I read tech articles about reducing keystrokes I tend to roll my eyes. cd‘ing directories already takes up a very small portion of my time—optimization will never be worth it. Now if you can tell me how to make roadmap estimations that don’t put my team in peril, now that’s going to help me to not waste my time!

                            Edit: It’s a cool tool, just maybe the article is touting it as more of a life saver than it actually is.

                            1. 12

                              I mean, I do too, but people do actually take this kind of thing seriously. I’ve had several people say they wouldn’t use ripgrep because the command was too long to type, but upon hearing that the actual command was rg, were much more satisfied. Maybe I missed their facetiousness, but they didn’t appear to be joking…

                              1. 5

                                Could they not have just alias’d the command if it was “too long”?

                                1. 4

                                  The people in question don’t sound clever enough for that.

                                  1. 1

                                    Are you asking me? Or them? ;-)

                                  2. 4

                                    I wonder if these are different people than the ones who complain about short unix command names and C function names…

                                  3. 9

                                    For those of us with RSI, these little savings add up, and can make for a pretty big difference in comfort while typing.

                                    1. 8

                                      Oh please. If you’re really worried about a couple of words and keystroke saving, you’d setup directories and make aliases that will take you specifically where you want to go. Assuming it was even a GUI you were using with a mouse, you’d still have to click through all the folders.

                                      Overall, paying close attention to your workspace setting and ergonomics can go a long way in helping improve your RSI situation than this little jumper will ever do

                                    2. 4

                                      My thoughts exactly. I have often wasted time trying to optimize something which took so little time to begin with, even if I reduced the time to nothing it would have no significant impact on overall performance. And the less-obvious trap is optimizations like this add additional complexity which leads to more time spent down the road.

                                      1. 9

                                        All right, buddy. Cool.

                                        Did I say it a “life saver”? Nope. Did I say it could save you a lot time? Yup. If cd'ing into directories doesn’t waste your time, cool. Move along, read the next blog post on the list.

                                        I’m sorry about your roadmap estimations. Sounds like you’ve got a lot on your chest there.

                                        1. 31

                                          Let me just take a step back and apologize—nobody likes negative comments on their work and I chose my words poorly and was insensitive. I’m rather burnt out and, in turn, that makes me appear more gruff online. I’m positive that someone will find this useful, especially if they’re managing multiple projects or similar use cases.

                                          1. 23

                                            I really appreciate you saying that. The whole point of this piece was to share something that literally makes me whistle to myself with joy every time I use it. I hope you find some time to take care of your burn out. It’s no joke and I’ve suffered from it quite a bit in the past three years myself. <3

                                            I know it’s easy to look at everything as “this is just like X but not quite the way I like it” and I don’t blame you for having that reaction (like many here). AutoJump is to me the epitome of simple, delightful software that does something very simple in a humble way. I wish I had spent more time extolling the virtues of the simple weighted list of directories AutoJump stores in a text file and that ridiculously simple Bash implementation.

                                            The focus on characters saved was a last minute addition to quantity the claim in the title. Which I still think will be beneficial to anyone who remotely has frustrations about using cd often and may suspect there is a better way.

                                          2. 6

                                            If only there was a way to optimize crank posting. So many keystrokes to complain!

                                          3. 2

                                            the parent tool is probably overkill but a simple zsh function to jump to marked projects with tab completion is pretty awesome to have.

                                            alias j="jump "
                                            export MARKPATH=$HOME/.marks
                                            function jump {
                                            cd -P "$MARKPATH/$1" 2>/dev/null || echo "No such mark: $1"
                                            }
                                            
                                            function mark {
                                            echo "mark name_of_mark"
                                            mkdir -p "$MARKPATH"; ln -s "$(pwd)" "$MARKPATH/$1"
                                            }
                                            
                                            function unmark {
                                            rm -i "$MARKPATH/$1"
                                            }
                                            
                                            #if you need it on another os.
                                            #function marks {
                                            #ls -l "$MARKPATH" | sed 's/  / /g' | cut -d' ' -f9- | sed 's/ -/\t-/g' && echo
                                            #}
                                            
                                            # fix for the above function for osx.
                                            function marks {
                                            \ls -l "$MARKPATH" | tail -n +2 | sed 's/  / /g' | cut -d' ' -f9- | awk -F ' -> ' '{printf "%-10s -> %s\n", $1, $2}'
                                            }
                                            
                                            function _completemarks {
                                            reply=($(ls $MARKPATH))
                                            }
                                            
                                            compctl -K _completemarks jump
                                            compctl -K _completemarks unmark
                                            
                                            1. 1

                                              I’ve tried this, but I keep end up making shortcuts and forgetting about them because I never train myself well enough to use them until they’re muscle memory.

                                              I think I’ll just stick to ‘cd’ and also extensive use of ctrl-r (preferably with fzf)

                                              1. 1

                                                And then you go to a work mates computer, or su/sudo/SSH and it’s unusable :)

                                                1. 1

                                                  well this is one of the most useful shortcuts in my arsenal. type j <tab> or jump <tab> and it completes all the marked directories. If you get over the initial forget to use it curve it’s amazing and simple (just a folder in your home dir with a bunch of symlinks. and a few helpers to create those.)

                                            1. 4

                                              Interesting article, however to me this everything that is wrong with open source software, in the good old days (and still around 50% of the time now) open source software (and contributions) come around when people need to solve X problem, and opensourcng your work is a great way to help others, then usually if the code is found to be useful (or in demand) then contributors join in, and before you know it you have some code you wrote to help you out on a project, working for thousands of users in ways you never expected.

                                              “Necessity is the mother of invention” is a very fitting statement for open source (in my opinion). Creating software for a problem you don’t have (or that doesn’t exist) seems very counter productive, this whole attitude of wanting to create an open source project for “Internet points” absolutely perplexes me. If you want to help the open source community there are thousands of projects that would love the help.

                                              Marketing open source software? I mean put it on Github with a decent readme and a search engine will take your potential users there, however if you created some software for a problem that doesn’t exist, don’t expect too much traffic.

                                              Testing is a good point, but usually in smaller scale open source projects (or single maintainers) you write the code to solve a problem you have, maybe there are a few tests, but to me if I found a piece of software that did what I wanted, and had no tests, I would just write my own tests, we have so many users of open source software now that just seem to moan or log issues when it doesn’t work for them, when in reality they should be sending pull requests (or diffs if you took your dinosaur to work) saying “hey, cool project, I used it but noticed you had no tests, I creating the following, hope this helps”. However, I can count on my hand the amount of times I have seen pulls/diffs like this.

                                              I have gone off on a bit of a tangent, but hey.

                                              1. 2

                                                What part of the OP, exactly, implied that open source today is all about “Internet points”? Don’t you think that’s just a tad bit uncharitable of you?

                                                I also think your thoughts on testing for small single maintainer projects are way off the mark. I wouldn’t be able to maintain the projects that I do if I didn’t have tests. There would just be no feasible way. I would probably need an army of clones of myself working in concert to do it.

                                                I think basically everything else you said is off the mark too, speaking as someone that has been involved in open source since 2003 or so. I remember the “good old” days before Github, accessible CI, emphasis on docs and testing, etc., and frankly, we are in a much better state nowadays. I mean, those days sucked. Hard.

                                                1. 1

                                                  Add testing, documentation, build, distribution, marketing…

                                                  Almost like they are building a product but without any plan for sustainability.

                                                  1. 1

                                                    Could you unpack that? All of those things seem beneficial with respect to sustainability.

                                                    1. 1

                                                      Spend hundreds of hours building something polished, lots of users show up asking for support and then burnout happens. Who maintains the maintainers?

                                                      1. 1

                                                        If your goal is to release something that others use and to incorporate feedback from others, then testing, documentation, distribution and all that stuff improves the sustainability of the project.

                                                        If you’re just looking to throw something over the wall and don’t care whether anyone uses it, then don’t polish it in the first place?

                                                        Like, isn’t this whole thing trivially solved by just asking the simple question, “What problem are you trying to solve?” Instead, people seem intent on bantering about “Internet points.”

                                                        1. 1

                                                          If your goal is to release something that others use and to incorporate feedback from others, then testing, documentation, distribution and all that stuff improves the sustainability of the project.

                                                          This is contrary to every small OSS project I’ve ever seen. I’m speaking mostly of single person projects. Perhaps you are thinking of large, multi-person projects, e.g. Rails, Rust, etc but those usually have full-time people paid to work on the project. That’s the key bit to sustain it: a paycheck.

                                                          1. 2

                                                            Perhaps you are thinking of large,

                                                            Uh, no, I’m not. I’m speaking from my experience maintaining mostly small single person projects in my free time.

                                                            1. 0

                                                              Watch the “Uh”. It’s patronizing. Be kind.

                                                              At this point I’m not sure what we are discussing anymore so I’ll leave it here. We are likely looking in the same direction but with different angles.

                                                  2. 0

                                                    wanting to create an open source project for “Internet points” absolutely perplexes me

                                                    I think it’s money that has entered the equation, and “internet points” are just an indirect means. An upside is that now there’s an additional incentive to make things. A downside is that now there also is an additional incentive to advertise.

                                                  1. 14

                                                    One year at Kiwicon, Ranty Ben got kicked out for violating the code of conduct, but they didn’t tell us what he specifically did. Was it the ASCII art goatcx demonstrating the problems with PGP signatures? Was it the lesbian fisting line? Was it the “stands out more than a trans Polynesian girl in the desert” line criticizing Tor?

                                                    Who knows. They wouldn’t say. The talk was shit honestly, but I don’t think he should have gotten kicked out of the conference for it. I said as much on Twitter and then got raked by people saying I had no right to complain since I was a cis-male. (I could have responded by saying I was a minority, but I didn’t want to get into a race to the bottom).

                                                    There was someone in a lightning talk who photoshoped one of the male organizers into a photo where he was holding pigs testicles. People laughed and the organizer even walked out on stage to stare at it and give him a thumbs up. What if it had been one of the female organizers? Would he have been banned?

                                                    Safe spaces kinda assume people are fragile and need to be protected. Brendan O’neil does a really good talk about this:

                                                    https://www.youtube.com/watch?v=BtWrljX9HRA

                                                    1. 20

                                                      Was it the ASCII art goatcx demonstrating the problems with PGP signatures? Was it the lesbian fisting line? Was it the “stands out more than a trans Polynesian girl in the desert” line criticizing Tor?

                                                      If you wouldn’t do it at a meeting with your boss at your office, don’t do it on stage at a con. Super simple stuff.

                                                      It’s not about “safe spaces” in every case. It’s about professionalism. I’m not offended by a picture of someone holding a pig’s testicles, but it serves no purpose in a Photoshop tutorial and is just juvenile. It makes me question your abilities in other ways: you might be amazing at Photoshop but you’re going to have to work that much harder to prove it to me now, because I think you sound like a 14 year old.

                                                      (“You” in the abstract sense, not you specifically.)

                                                      1. 9

                                                        So, a little context: Kiwicon is a hackercon .. and not a very professional one .. probably less professional than Defcon by quite a bit.

                                                        it serves no purpose in a Photoshop tutorial

                                                        It was actually a lightning talk about macos kernel debugging and how gdb was so terrible it was like .. pig testicles .. or something.

                                                        Hackercons are a different beast. People use a lot of profanity and many of the talks are more humorous than professional.

                                                        Does your opinion change at all due to the context of the type of conference that it was? Or do you think hackercons need to be more professional in general?

                                                        1. [Comment removed by author]

                                                          1. 13

                                                            These are fair points.

                                                            On the other hand, if we want to remove sex and crude humor from talks and presentations, can we also please pull out all of the saccharine nonsense that people shove into their talks?

                                                            Things like:

                                                            • Cute animals and cartoon references (MLP or brony stuff pls go)
                                                            • Manga/anime references
                                                            • Tired internet memes
                                                            • Stupid music
                                                            • Talking about “making the world a better place”
                                                            • Plugging people’s employers/library of week/favorite transpiler/whatever (unless that’s the focus of the talk)
                                                            • Overly emotional language (“things we love”, “the best ever”, “”, etc.)
                                                            • Swearing and pseudo-swearing (”$!#% this”, etc.)

                                                            That other stuff is equally distracting to some of us. :(

                                                            1. 4

                                                              That other stuff is equally distracting to some of us. :(

                                                              I don’t think it’s remotely comparable, and honestly this comes across as concern-trolling. I’ve never known someone to e.g. break down crying in response to any of your list.

                                                              (I don’t necessarily think we should grant a heckler’s veto to anyone who breaks down crying, but we should acknowledge that the kind of emotional reactions some real people do have, in practice, to sex and crude humour, are in a different category to those people have to other kinds of content)

                                                              1. -1

                                                                I’ve never known of anybody to break down crying because of photoshopped pig testicles, and yet here we are.

                                                                If you want to discount the experience and preferences of folks like me, that is your choice–but understand that in doing so you have no higher morality than people who are doing the same those you are attempting to defend.

                                                                A good quite to meditate on: “You not caring about my problems kind of makes me not want to care about your problems.”

                                                                1. 2

                                                                  I’ve never known of anybody to break down crying because of photoshopped pig testicles, and yet here we are.

                                                                  I don’t think pig testicles specifically, but I’ve absolutely known people to break down crying because someone photoshopped a picture of them as holding animal genitals. Honestly that seems like a fairly normal reaction for a substantial class of people.

                                                                  1. 1

                                                                    Good time to remind everyone that sexual assault happens to men and women by men and women. Childhood (and adult) trauma leaves scars on the mind. Lets not give opportunity to remind people of darker times. Roughly a sixth of your audience both male and female have been either sexually assaulted or raped. Do not assume men have never been raped, assaulted, either as adults or children. I hope this goes without saying but the same applies for women as their rates are even higher.

                                                                    Children are also victims of sexual violence, those children grow up, they will be at your con. Don’t do this to people, or at least warn them so they can get the fuck out before fight or flight kicks in.

                                                              2. 2

                                                                Aside from distracting, it uses both time and bandwidth that could be used for conveying more important information. Stuff like that would receive at least some criticism if folks were truly about ridding conferences of “unprofessional” or “unnecessary” content.

                                                                I can make an allowance, though, for extra effort directed at stuff like testicles that will cause a ton of distraction or outrage. Not all things are equal. On other side, I have no problem under those rules with occasional image, quote, or video that really drives a point home.

                                                                1. 1

                                                                  While I agree with most of the list, I’d say the first two are fine if the speaker manages to bury that so it doesn’t take away from the talk itself (ie, like having it in the background of a slide). Atleast if they know the audience will enjoy it.

                                                                  Though I do agree that presentations should remain serious at their core, they exist to transmit information to a broad audience.

                                                              3. 7

                                                                Does your presentation change at all due to the type of conference it was at? lorddimwit makes really good points here.

                                                                The reason I stopped going to hacker cons is all the reasons outlined with lack of professionalism, and the ‘omg so edgy’ behavior of everybody. Just because hacker conferences tend to have ‘a lot of profanity’ doesn’t mean that you have join in on that. When you do, you’re just supporting that behavior but maybe thats what you want.

                                                              4. 8

                                                                I disagree that’s it’s about professionalism. It’s about respect for others not like you. A HobbyCon can be respectful too.

                                                                1. 5

                                                                  Definitely true too. Being, for example, transgender isn’t fodder for a joke.

                                                                  (More accurately, it is possible to make tasteful and funny jokes about any demographic group, but you gotta tread really carefully…and if you’re going to do it respectfully, know that everyone’s on board first.)

                                                                2. 13

                                                                  lorddimwit speaks truth. All these things sound super juvenile. Photoshopping testicles into your peers hands irrespective of their gender should also not be allowed on stage. In the same way jokes about $Demographic, also super unprofessional and shouldn’t be in any talk at any convention for professionals. Nothing is legally stopping anyone strictly speaking from being a bigot, but if you want people to respect you then you have to treat others with respect. Nobody is going to want to go to your sloppy con for children, and thus codes of conduct were written. Clearly Kiwicon isn’t really adhering to theirs given your description and I’d rather not have to wade through weak gross/bigoted/dumb jokes to get any information on a topic. I mean they didn’t even try to screen the talk before letting him on stage? At that point your talks are just glorified soap boxes.

                                                                  1. 2

                                                                    I was there, most people laughed - How about the attendees can leave for speakers they don’t like and return for others. It sounds like he wouldn’t be invited back anyway.

                                                                    1. 1

                                                                      It’s reasonable for a con to be able to shape their identity and rules, but they should be done evenly.

                                                                      1. 1

                                                                        And yet we have all the complaints whenever a conference allows someone unpopular to speak.

                                                                  2. 8

                                                                    If you wouldn’t do it at a meeting with your boss at your office, don’t do it on stage at a con.

                                                                    Many people prefer cons with a personal, non-corporate atmosphere.

                                                                    1. 13

                                                                      Sure. There’s a gap between “personal, non-corporate” and “let’s photoshop pig testicles onto things.”

                                                                      I’m not saying it should be illegal or anything. I’m just saying that if you do it and the con boots you out, well…you shoulda known. Start TestiCon if you want to be able to do that without repercussions.

                                                                      1. 1

                                                                        I’m just saying that if you do it and the con boots you out, well…you shoulda known.

                                                                        If that’s the con’s approach to dealing with disagreements then what’s the point in having a code? If the code is supposed to clearly communicate expectations and get everyone on the same page about what kind of culture the con is going to have (whether that be “professional”, “juvenile” or whatever), it has evidently failed.

                                                                        1. 0

                                                                          Most security cons are full of down-to-earth people and this sort of thing happens all the time. Maybe most cons are just kind of uptight compared to what I’m used to?

                                                                        2. 2

                                                                          And some people have fun bosses.

                                                                        3. 3

                                                                          To be fair, some of the better/widely-viewed Photoshop tutorials are, well, a tad unprofessional.

                                                                          1. 3

                                                                            It does serve a purpose, humor is an important part of public speaking, though people don’t always get it right.

                                                                          2. 2

                                                                            There was someone in a lightning talk who photoshoped one of the male organizers into a photo where he was holding pigs testicles. People laughed and the organizer even walked out on stage to stare at it and give him a thumbs up. What if it had been one of the female organizers? Would he have been banned?

                                                                            What is the point of your rhetorical question? I’m reading it as, “Some content involving people and sex and bodies is more or less appropriate depending on, among other things, the gender of the subject or actor/speaker/presenter, and that doesn’t seem fair.” The next step on the slippery slope is to follow that with, “and it’s less fair to men than to women.”

                                                                            So, obviously, what people are allowed to get away with in the court of community opinion is different depending on who you are, what your status is, what group you belong to, etc. This is unavoidable reality, and is probably not a problem that needs fixing. Here’s why: the less powerful generally get to joke harder about how fucked up the larger context is, and the more powerful must graciously accept being the butt of those jokes as the price for being more powerful.

                                                                            So, yeah, it would probably have been a shit move to use a female organiser as the butt of that hilarious Photoshop joke involving testicles (it sounds like a shit move in general for a venue that broad, but that’s beside the point). Violence against women is commonplace and threats or implications/evocations of it are credible.

                                                                          1. 3

                                                                            “Why Apples will never unseat Oranges”

                                                                            1. 32

                                                                              In the Hacker News thread about the new Go package manager people were angry about go, since the npm package manager was obviously superior. I can see the quality of that now.

                                                                              There’s another Lobster thread right now about how distributions like Debian are obsolete. The idea being that people use stuff like npm now, instead of apt, because apt can’t keep up with modern software development.

                                                                              Kubernetes official installer is some curl | sudo bash thing instead of providing any kind of package.

                                                                              In the meantime I will keep using only FreeBSD/OpenBSD/RHEL packages and avoid all these nightmares. Sometimes the old ways are the right ways.

                                                                              1. 7

                                                                                “In the Hacker News thread about the new Go package manager people were angry about go, since the npm package manager was obviously superior. I can see the quality of that now.”

                                                                                I think this misses the point. The relevant claim was that npm has a good general approach to packaging, not that npm is perfectly written. You can be solving the right problem, but writing terribly buggy code, and you can write bulletproof code that solves the wrong problem.

                                                                                1. 5

                                                                                  npm has a good general approach to packaging

                                                                                  The thing is, their general approach isn’t good.

                                                                                  They only relatively recently decided locking down versions is the Correct Thing to Do. They then screwed this up more than once.

                                                                                  They only relatively recently decided that having a flattened module structure was a good idea (because presumably they never tested in production settings on Windows!).

                                                                                  They decided that letting people do weird things with their package registry is the Correct Thing to Do.

                                                                                  They took on VC funding without actually having a clear business plan (which is probably going to end in tears later, for the whole node community).

                                                                                  On and on and on…

                                                                                  1. 2

                                                                                    Go and the soon-to-be-official dep dependency managment tool manages dependencies just fine.

                                                                                    The Go language has several compilers available. Traditional Linux distro packages together with gcc-go is also an acceptable solution.

                                                                                    1. 4

                                                                                      It seems the soon-to-be-official dep tool is going to be replaced by another approach (currently named vgo).

                                                                                    2. 1

                                                                                      I believe there’s a high correlation between the quality of the software and the quality of the solution. Others might disagree, but that’s been pretty accurate in my experience. I can’t say why, but I suspect it has to do with the same level of care put into both the implementation and in understanding the problem in the first place. I cannot prove any of this, this is just my heuristic.

                                                                                      1. 8

                                                                                        You’re not even responding to their argument.

                                                                                        1. 2

                                                                                          There’s npm registry/ecosystem and then there’s the npm cli tool. The npm registry/ecosystem can be used with other clients than the npm cli client and when discussing npm in general people usually refer to the ecosystem rather than the specific implementation of the npm cli client.

                                                                                          I think npm is good but I’m also skeptical about the npm cli tool. One doesn’t exclude the other. Good thing there’s yarn.

                                                                                          1. 1

                                                                                            I think you’re probably right that there is a correlation. But it would have to be an extremely strong correlation to justify what you’re saying.

                                                                                            In addition, NPM isn’t the only package manager built on similar principles. Cargo takes heavy inspiration from NPM, and I haven’t heard about it having a history of show-stopping bugs. Perhaps I’ve missed the news.

                                                                                        2. 8

                                                                                          The thing to keep in mind is that all of these were (hopefully) done with best intentions. Pretty much all of these had a specific use case… there’s outrage, sure… but they all seem to have a reason for their trade offs.

                                                                                          • People are angry about a proposed go package manager because it throws out a ton of the work that’s been done by the community over the past year… even though it’s fairly well thought out and aims to solve a lot of problems. It’s no secret that package management in go is lacking at best.
                                                                                          • Distributions like Debian are outdated, at least for software dev, but their advantage is that they generally provide a rock solid base to build off of. I don’t want to have to use a version of a python library from years ago because it’s the only version provided by the operating system.
                                                                                          • While I don’t trust curl | sh it is convenient… and it’s hard to argue that point. Providing packages should be better, but then you have to deal with bug reports where people didn’t install the package repositories correctly… and differences in builds between distros… and… and…

                                                                                          It’s easy to look at the entire ecosystem and say “everything is terrible” but when you sit back, we’re still at a pretty good place… there are plenty of good, solid options for development and we’re moving (however slowly) towards safer, more efficient build/dev environments.

                                                                                          But maybe I’m just telling myself all this so I don’t go crazy… jury’s still out on that.

                                                                                          1. 4

                                                                                            Distributions like Debian are outdated, at least for software dev,

                                                                                            That is the sentiment that seems to drive the programming language specific package managers. I think what is driving this is that software often has way too many unnecessary dependencies causing setup of the environment to build the software being hard or taking lots of time.

                                                                                            I don’t want to have to use a version of a python library from years ago because it’s the only version provided by the operating system.

                                                                                            Often it is possible to install libraries at another location and redirect your software to use that though.

                                                                                            It’s easy to look at the entire ecosystem and say “everything is terrible” but when you sit back, we’re still at a pretty good place…

                                                                                            I’m not so sure. I forsee an environment where actually building software is a lost art. Where people directly edit interpreted files in place inside a virtual machine image/flatpak/whatever because they no longer know how to build the software and setup the environment it needs. And then some language specific package manager for distributing these images.

                                                                                            I’m growing more disillusioned the more I read Hacker News and lobste.rs… Help me be happy. :)

                                                                                            1. 1

                                                                                              So like squeak/smalltalk images then? Whats old is new again I suppose.

                                                                                              http://squeak.org

                                                                                              1. 1

                                                                                                I’m not so sure. I forsee an environment where actually building software is a lost art. Where people directly edit interpreted files in place inside a virtual machine image/flatpak/whatever because they no longer know how to build the software and setup the environment it needs. And then some language specific package manager for distributing these images.

                                                                                                You could say the same thing about Docker. I think package managers and tools like Docker are a net win for the community. They make it faster for experienced practitioners to setup environments and they make it easier for inexperienced ones as well. Sure, there is a lot you’ve gotta learn to use either responsibly. But I remember having to build redis every time I needed it because it wasn’t in ubuntu’s official package manager when I started using it. And while I certainly appreciate that experience, I love that I can just install it with apt now.

                                                                                              2. 2

                                                                                                I don’t want to have to use a version of a python library from years ago because it’s the only version provided by the operating system.

                                                                                                Speaking of Python specifically, it’s not a big problem there because everyone is expected to work within virtual environments and nobody runs pip install with sudo. And when libraries require building something binary, people do rely on system-provided stable toolchains (compilers and -dev packages for C libraries). And it all kinda works :-)

                                                                                                1. 4

                                                                                                  I think virtual environments are a best practice that unfortunately isn’t followed everywhere. You definitely shoudn’t run pip install with sudo but I know of a number of companies where part of their deployment is to build a VM image and sudo pip install the dependencies. However it’s the same thing with npm. In theory you should just run as a normal user and have everything installed to node_modules but this clearly isn’t the case, as shown by this issue.

                                                                                                  1. 5

                                                                                                    nobody runs pip install with sudo

                                                                                                    I’m pretty sure there are quite a few devs doing just that.

                                                                                                    1. 2

                                                                                                      Sure, I didn’t count :-) The important point is they have a viable option not to.

                                                                                                    2. 2

                                                                                                      npm works locally by default, without even doing anything to make a virtual environment. Bundler, Cargo, Stack etc. are similar.

                                                                                                      People just do sudo because Reasons™ :(

                                                                                                  2. 4

                                                                                                    It’s worth noting that many of the “curl | bash” installers actually add a package repository and then install the software package. They contain some glue code like automatic OS/distribution detection.

                                                                                                    1. 2

                                                                                                      I’d never known true pain in software development until I tried to make my own .debs and .rpms. Consider that some of these newer packaging systems might have been built because Linux packaging is an ongoing tirefire.

                                                                                                      1. 3

                                                                                                        with fpm https://github.com/jordansissel/fpm it’s not that hard. But yes, using the Debian or Redhat blessed was to package stuff and getting them into the official repos is def. painful.

                                                                                                        1. 1

                                                                                                          I used the gradle plugins with success in the past, but yeah, writing spec files by hand is something else. I am surprised nobody has invented a more user friendly DSL for that yet.

                                                                                                          1. 1

                                                                                                            A lot of difficulties when doing Debian packages come from policy. For your own packages (not targeted to be uploaded in Debian), it’s far easier to build packages if you don’t follow the rules. I like to pretend this is as easy as with fpm, but you get some bonus from it (building in a clean chroot, automatic dependencies, service management like the other packages). I describe this in more details here: https://vincent.bernat.im/en/blog/2016-pragmatic-debian-packaging

                                                                                                          2. 2

                                                                                                            It sucks that you come away from this thinking that all of these alternatives don’t provide benefits.

                                                                                                            I know there’s a huge part of the community that just wants things to work. You don’t write npm for fun, you end up writing stuff like it because you can’t get current tools to work with your workflow.

                                                                                                            I totally agree that there’s a lot of messiness in this newer stuff that people in older structures handle well. So…. we can knowledge share and actually make tools on both ends of the spectrum better! Nothing about Kubernetes requires a curl’d installer, after all.

                                                                                                          1. 2

                                                                                                            Great article – it is really positive to read about somebody taking steps to take care of themselves. It is unfortunate that he had to quit his job (no sabbatical option) to do so.

                                                                                                            1. 3

                                                                                                              And sell a “large chunk” of his equity to do so. Burns himself out to make the equity worth something, sells it to recover. Painful.

                                                                                                            1. 5

                                                                                                              Thank god for Firefox’s reader mode.

                                                                                                              Being kind to your reader > leet, cyber design.

                                                                                                              1. 1

                                                                                                                I noticed that this library is performance tested, with assert statements that make sure that a given function is executed within X ms.

                                                                                                                Are these kinds of tests helpful? Does it not make a difference what machine the tests are running on? Or if the test runner instance is responsible for running other test suites too and happened to be overloaded at the time these performance tests ran?

                                                                                                                Or is there a way to isolate machine resources so that such tests yield predictable/consistent results?

                                                                                                                1. 1

                                                                                                                  I’d say they are useful for preventing performance regression. They are likely fairly consistent, but it is true that there’s potential signal pollution that can occur.

                                                                                                                  1. 1

                                                                                                                    Exactly. I’ve done this type of assertion before and you wind up having to put such a wide margin of error in it (like order of magnitude with modern, cloud CI boxes) that it doesn’t catch anything but the most egregious of regressions.

                                                                                                                    That said, you can still assert relative comparisons (assert my time < “other gem” time) with some confidence.

                                                                                                                  1. 6

                                                                                                                    On the one hand, it’s nice to see someone stoked about their new job. On the other hand, I definitely raised an eyebrow a few times while reading this post:

                                                                                                                    To my lasting surprise, I have gone to war. There is no better way to put it. I feel like I’ve joined a literal revolutionary war, surrounded by and fighting alongside guerilla troops, and it’s win or die. […] This war is happening on two fronts: Online and offline. […] I’ve seen Grab’s hunger. I’ve felt it. I have it. This space is win or die. They will fight to the death, and I am with them.

                                                                                                                    1. 20

                                                                                                                      The analogy to war is pathetic. Anyone’s who’s been in an actual war would tell you it’s not something to crow about; you don’t get PTSD from a failed startup unless you are doing it very wrong.

                                                                                                                    1. 3

                                                                                                                      I’m not sure I get the threat posed by an app that presents a fake apple pay button on screen. You push the button. So what? What happens next?

                                                                                                                      There are several other things a malicious app can do with fake UI (asking for a password is one), but I don’t see the threat posed by an ok button. The app could fake not just the button, but the tap as well if it wanted.

                                                                                                                      1. 1

                                                                                                                        I think it’s not a fake apple pay button, a bad app could create a fake “Do you want to?” button that maliciously maps your OK press onto a hidden Apple pay button. You are charged and don’t know it.

                                                                                                                        1. 2

                                                                                                                          But apps can’t hide the Apple Pay dialog. It’s always on top.

                                                                                                                      1. 17

                                                                                                                        If only json had allowed trailing commas in lists and maps.

                                                                                                                        1. 9

                                                                                                                          And /* comments! */

                                                                                                                          1. 3

                                                                                                                            And 0x... hex notation…

                                                                                                                            1. 3

                                                                                                                              Please no. If you want structured configs, use yaml. JSON is not supposed to contain junk, it’s a wire format.

                                                                                                                              1. 4

                                                                                                                                But YAML is an incredibly complex and truth be told, rather surprising format. Every time I get it, I convert it to JSON and go on with my life. The tooling and support for JSON is a lot better, I think YAMLs place is on the sidelines of history.

                                                                                                                                1. 4

                                                                                                                                  it’s a wire format

                                                                                                                                  If it’s a wire format not designed to be easily read by humans, why use a textual representation instead of binary?

                                                                                                                                  If it’s a wire format designed to be easily read by humans, why not add convenience for said humans?

                                                                                                                                  1. 1

                                                                                                                                    Things don’t have to be black and white, and they don’t even have to be specifically designed to be something. I can’t know what Douglas Crockford was thinking when he proposed JSON, but the fact is that since then it did become popular as a data interchange format. It means it was good enough and better than the alternatives at the time. And is still has its niche despite a wide choice of alternatives along the spectrum.

                                                                                                                                    What I’m saying is that adding comments is not essential a sure-fire way to make it better. It’s a trade-off, with a glaring disadvantage of being backwards incompatible. Which warrants my “please no”.

                                                                                                                                2. 1

                                                                                                                                  http://hjson.org/ is handy for human-edited config files.

                                                                                                                                  1. 1
                                                                                                                                  2. 5

                                                                                                                                    The solutions exist!

                                                                                                                                    https://github.com/json5/json5

                                                                                                                                    I don’t know why it’s not more popular, especially among go people.

                                                                                                                                    There is also http://json-schema.org/

                                                                                                                                    1. 3

                                                                                                                                      I had to do a bunch of message validation in a node.js app a while ago. Although as Tim Bray says the spec’s pretty impenetrable and the various libraries inconsistent, once I’d got my head round JSON Schema and settled on ajv as a validator, it really helped out. Super easy to dynamically generate per message-type handler functions from the schema.

                                                                                                                                      1. 2

                                                                                                                                        One rather serious problem with json5 is its lack of unicode.

                                                                                                                                      2. 3

                                                                                                                                        I think this only show that JSON has chosen tradeoff that make it more geared to be edited by software, but has the advantage of being human editable/readable for debugging. JSON as config is not appropriate. There is so many more appropriate format (toml, yaml or even ini come to mind), why would you pick the one that doesn’t allows comments and nice sugar such as trailing commas or multiline string. I like how kubernetes does use YAML as its configuration files, but seems to work internally with JSON.

                                                                                                                                        1. 8

                                                                                                                                          IMO YAML is not human-friendly, being whitespace-sensitive. TOML isn’t great for nesting entries.

                                                                                                                                          Sad that JSON made an effort to be human-friendly but missed that last 5% that everyone wants. Now we have a dozen JSON supersets which add varying levels of complexity on top.

                                                                                                                                          1. 11

                                                                                                                                            “anything whitespace sensitive is not human friendly” is a pretty dubious claim

                                                                                                                                            1. 5

                                                                                                                                              Solution: XML.

                                                                                                                                              Not even being ironic here. It has everything you’d want.

                                                                                                                                              1. 5

                                                                                                                                                And a metric ton of stuff you do not want! (Not to mention…what humans find XML friendly?)

                                                                                                                                                This endless cycle of reinvention of S-expressions with slightly different syntax depresses me. (And yeah, I did it too.)

                                                                                                                                                1. -5

                                                                                                                                                  Triggered.

                                                                                                                                                  1. 13

                                                                                                                                                    Keep this shit off lobsters.

                                                                                                                                          1. 1

                                                                                                                                            All of this pain is one big reason why Docker is so popular. It’s so much easier to distribute one Docker image with my binaries than to distribute dozens of distro- and release-specific binaries.

                                                                                                                                            1. 3

                                                                                                                                              I have a slight connection with some of the people at IBM Watson. The higher ups have no idea how it works and just pitch their dreams. The engineers ignore them and build the best system they can with their limited skillset. CIOs buy into the boondoggle, millions are wasted, projects are cancelled, life goes on.