1. 8

    This includes the Clojure-based desktop editor that Ragnar and I spoke about at Clojure/conj a few years ago.

    1. 11

      Very exciting stuff. There are a bunch of projects I’ve tried to contribute to, usually where I know the language but am not fluent in the devenv, package manager, build tool, etc. Getting all that running locally for a one-time contribution is a lot of overhead.

      1. 3

        I’d really love it if there was even a teency bit of technical detail on what this ‘rootkit’ actually does.

        Because I’m ignorant, what doea a binary blob need to be considered a ‘root kit’ ?

        1. 7

          It runs at ring 0. Starts at boot time. Modules in the Windows kernel have access to kernel memory, which crosses processes. This isn’t just a video driver. Anti-cheating software, by definition, has to be able to monitor mouse and keyboard actions.

          1. 5

            (anticheat) also needs to be difficult to observe (antidebug tricks, obfuscation), and easy to update at any time to do new checks (to catch new cheating methods). This is pretty bad when it’s running ring0. And for some reason, this driver runs as soon as the computer boots.

            1. 5

              This is exactly how I would design an anticheat if I were ignoring all considerations other than “does this detect cheats pretty well”.

              I wish they’d make this mandatory only for the highest echelon of players; as a low-skilled player I’m not getting matched with cheaters anyways, so there’s no advantage (and substantial disadvantages) to it.

              I’m moving on from the game instead.

        1. 17

          The best way to catch the cheaters is to watch how they play, not what they run on their computers. Valve has been doing for quite a while on CS:GO with the overwatch(players analyzing reported games, not the blizzard game) and their machine learning solution for simple hacks (video).

          1. 13

            A “negative” point I can think about regarding that method is that it doesn’t provide an excuse to install a rootkit in the player’s computer.

            1. 3

              I don’t think what they described requires running kernel code on a player’s computer.. the player behavior is monitored on the server.

              1. 8

                I’m pretty sure @ethoh was making a tongue-in-cheek joke that installing the kernel driver was the real goal.

            2. 5

              This also works great for Old School RuneScape.

              Almost all of it is statistical analysis performed server side. It’s usually quite effective and players can’t cry and complain about malware running on their computer.

            1. 5

              A few years ago, as part of Cognitect, I helped Defold write their new IDE for building games. Called Editor2, it’s a bit off the beaten path for Clojure, considering the editor is a desktop application using JavaFX with a lot of 3d.

              They wanted to replace their Eclipse-based IDE for a few reasons. One of the subtle ones was the challenge of “undo.” In a text-based environment, undo is pretty straightforward. But they have game objects (edited in one view) that could be composed into collections, which would then appear in scenes. Each of those were different views of the same underlying assets: game objects with textures, scripts, particles, etc. Coordinating undo across those views was an endless source of pain. The project’s sponsor learned about Clojure and immutable values, which sounded like a good way to solve the undo problem… just go back to the previous value.

              The editor we built was essentially one big dataflow graph. Every view is a node. The menu is a node. Game assets are nodes. Nodes have inputs, properties, and outputs. If you’ve seen graphs of shader composition, it’s kind of like that. Every change is an epochal evolution from one state of the graph to another. Undo just means going back to a previous version of the graph… which could be done with an atomic action.

              As an added benefit, the IDE devs got great productivity. A new tool in Eclipse had taken them a few months of a pair to create. Within Editor2, one dev created a platform level editor in about a week… and he had only learned Clojure in the previous month or two.

              1. 1

                Nice By the way I clicked on the tool you mentioned and it took me to 404

                1. 3

                  A corrected link: https://defold.com/

                  1. 1

                    Looks pretty cool

                  2. 1

                    Oops, sorry about that. @roryokane has the right link.

                1. 1

                  Reading this made me realize that the great divide in functional programming goes deeper than I thought. (Caution: half-baked thoughts ahead.)

                  Typed FP embodies set theory, so it traces back to Whitehead & Russell with their Principia Mathematica and the effort to place mathematics on a firm foundation. It is axiomatic in nature.

                  Dynamic FP embodies lambda calculus, which is all about constructions. It traces back to Church and Turing.

                  No wonder they can’t get along.

                  1. 2

                    That’s an interesting perspective! Though it was Church himself who introduced the Simply Typed Lambda Calculus in 1940, so it seems like you could conclude that he, too, was keen to put these systems on a firm logical footing.

                    McCarthy stresses in his ACM paper that LISP has (general) recursive, partial functions - something Church and his contemporaries were determined to avoid. To this end he includes a form

                    label(a, e)

                    Where a is a name given to e which is then bound within e - ie this is a sort of fixed point operator.

                    I don’t know if these ideas were derived from earlier work or if he came up with them all himself, but it seems to me they’re quite a distinct contribution from the efforts of Church et al, with a very different goal in mind.

                  1. 2

                    I’ve used it quite a bit and it works well.

                    1. 1

                      First of all, thank you! This will make it much, much easier to drive adoption of Alloy in my company.

                      Second, I’m sure you have thought about integrating an editor into the visualizer. Is that something we can look forward to? :-)

                      1. 2

                        This appears to assume knowledge of some stack that I have never heard of using jargon I have never heard of. Is there some intro to whatever this is?

                        1. 3

                          Oversimplified, but I think it’s an open-source Second Life stack: client, protocol, server, database.

                          1. 1

                            There’s more in the blog & on the main site (https://krestianstvo.org/en/). Maybe that’s what I should have posted — the top-level for this project I’d never heard of that’s doing amazing-looking things with virtual worlds — instead of their “latest update” blog post.

                          1. 2

                            Given the title, I expected a rant. Was very pleasantly surprised at the content. I appreciate the format of “here are a bunch of mistakes I’ve made, maybe this will help you avoid some of them.”

                            1. 1

                              Absolutely; this is a nice change from some of the more inflammatory content lately from Drew which has really rubbed me the wrong way (which is neither here nor there). Really love that this post combines humility with a gift of lessons learned in code form!

                            1. 1

                              The new site looks good. But when I try https://www.cider.mx, I get a certificate warning.

                              1. 1

                                Thanks for spotting this. Seems it’s related to how GitHub deals with certificates - https://github.community/t5/GitHub-Pages/Does-GitHub-Pages-Support-HTTPS-for-www-and-subdomains/td-p/7116 I’ll see what I can do about it, but from what I read the only real solution would be to host the landing page somewhere else. If someone has any tips I’d appreciated those!

                              1. 2

                                It doesn’t look like Hoopla from the readme. Hoopla’s syntax is quite a bit cleaner.

                                j/k

                                The Github page seems reasonable enough. Datalog is a logic language. It expresses relations (as tuples) and allows inferences based on them. It’s not a general-purpose programming language. It would be good for constructing and querying a model of reality (what we used to call expert systems.)

                                Tau claims to handle negation, where you make a statement like “there does not exist a y such that y = x”. Negation is historically difficult to handle.

                                The author makes a claim about evaluation in PSPACE (“can be evaluated by a Turing machine in polynomial space”) instead of P (polynomial time).

                                It’s the idni.org site that sets my BS detector jangling.

                                1. 3

                                  It’s the idni.org site that sets my BS detector jangling.

                                  From the site:

                                  Tau is a decentralized blockchain network intended to solve the bottlenecks inherent in large scale human communication and accelerate productivity in human collaboration using logic based Artificial Intelligence.

                                  Well that didn’t take long!

                                1. 1

                                  About two years ago I switched away from Octopress with org-octopress on Github pages. It turned out to be so hard to migrate from Octopress 2 to 3 that I scrapped it all and switched to Hugo.

                                  Advantage: Hugo is much faster. I’ve only got a few hundred posts. Hugo builds in less than a second. Octopress was taking 50 seconds or so.

                                  I also moved from GH pages to Netlify for no especially good reason. Netlify has a somewhat nicer (read: easier) interface for staging builds.

                                  1. 3

                                    After my beloved, vintage MS Natural (the original model) died, I switched to a Kinesis Freestyle. I like the split design quite well. It really helped with my shoulder rotation. Before using it, I’d get a serious shoulder pain issue about once a year. To the point where I had to sleep sitting up with my arm propped. That was due to the constant “forward hunch” position that rolls my shoulders forward.

                                    Never really had wrist problems (so far, at least!) But since going to a split board I’ve had very little issue with my shoulders.

                                    I did find the Freestyle to be a bit mushy. I recently switched to a Kinesis Edge. It’s their gaming keyboard, also a split design. Much crisper keys. Feels good on the fingers and causes less fatigue than the laptop keyboards.

                                    The only drawback I see is this: without a fixed distance between the two halves, my typing accuracy has really suffered. If I misplace one half by just a few millimeters, I double-stroke the keys and have to do a lot more error correction. It probably just means I need to learn touch-typing finally. If you learned properly instead of being self-taught, then you might not have the same accuracy trouble.

                                    1. 1

                                      I also moved to a Kinesis Freestyle 2 and then to the Freestyle Edge. The Edge is a bit silly because it’s a gaming keyboard (pulsating blue backlighting, NKRO, other things I don’t really care about) but the keyswitches are nice (I have Cherry MX Browns) and I got a good deal on it because I was an early bird on the Kickstarter. I love it. I have the tent/lift kit and it’s extremely comfortable.

                                      If you just want the Freestyle layout and mechanical switches without all the gaming BS, that’s the Freestyle Pro, which came out after the Edge.

                                    1. 13

                                      Low value marketing piece.

                                      1. 4

                                        I got this comment on HN too, but not sure why…

                                        I tried to write something that is relevant to what I work on every day, and is really frustrating in the security industry. Not trying to market anything to anyone with this piece – we (Okta) aren’t that good at this either.

                                        1. 10

                                          I think if it wasn’t on the corporate blog it wouldn’t be read as a marketing piece.

                                          Also, you spend the article picking apart the problems with OAuth and OIDC, and then go on to mention your product is built on them:

                                          This is one of the reasons why, here at Okta, even though our entire platform is built on top of OAuth and OIDC, we spend tons of time and effort trying to build abstractions (in the form of client libraries) to hide those complexities and make securing your web applications simpler.

                                          I’m sure you meant well, but unfortunately corporate engineering blogs talking about anything remotely near what they do for revenue is a damaged brand. Waaay too much spam has been generated that way.

                                          1. 9

                                            The premise of the piece is just the old marketing saw that nobody wants a drill, what they want is a hole in the wall. Or better yet, to have that family portrait hung. I mean, yes, that’s true, but it’s not a very interesting insight at this point.

                                            I’ve just gotten done with exactly the problem you describe: the specs require specialized knowledge to read, the protocols can be confusing, and we don’t really need all the flexibility OIDC offers. I should be your perfect target market.

                                            But the “nobody cares” title and premise led me to think you were leading up to a great unveiling of a superior solution. Some newer, shinier, or easier spec to deal with. Reaching the bottom of the post to see that you offer a wrapper library to make it easier to talk to your implementation of the specs you just got done telling me not to care about… well, it felt a bit like poor old Ralphie decoding his “Drink your ovaltine” secret message.

                                        1. 4

                                          I can’t find the article, so I won’t name names, but at least 10 years ago I heard the founder of a well-known software company say, “Subtract the average age of your company from 35. That’s how many years of innovation you have left.”

                                          I was kind of shocked, because I’ve been through enough management training and legal briefings to know that is a radioactive statement. As Rachel said, lawsuits have been started for less.

                                          1. 2

                                            People really just need to start suing the crap out of them. Simultaneously, highlight people who actually have skills who are older. Maintain lists of them. The first result of the lawsuits is they’ll probably do token hires since that’s the minimum they legally have to do. The lists will get lots of people jobs fast.

                                            From there, it will be slow progress with initial groups probably treating the older people like shit. Much like it was for non-whites and women getting into parts of the job market when companies didn’t want them there. We must remember Silicon Valley as been around for decades. It might take decades to fix its culture. Best to get started by hitting them in the wallet establishing some basic standards in the court debates.

                                            1. 1

                                              What do you think about older tech workers organizing to discuss experiences/help each other out?

                                              1. 1

                                                I described that here with an example from a company I shop at with a union whose contract I’ve read and members I interviewed. The terms were not only reasonable: many of them are already in compensation packages at good, tech companies. Due process, health/dental, and esp no price-fixing of labor are probably most important.

                                                Why health/dental? Have you seen how startup workers live? They need it. I mean, everyone needs it but I had to highlight them. ;)

                                          1. 1

                                            I witnessed an advertising-based company discussing how much traffic they needed to buy in order to meet their monthly impression targets with their advertisers. Whenever their “organic” impressions were falling short for the month, they would buy enough traffic to hit the targets and collect from the advertisers. They charged more for the impressions than they paid for the traffic, so they stayed in the black.

                                            The click farms positioned themselves as ad-placement networks that put banners on “the long tail” of other websites to direct impressions to the main site. So I guess there was a veneer of legitimacy, or at least plausible deniability. It seemed like fraud to me. Surely the advertisers didn’t intend to pay for garbage traffic from click farms! But they talked about it like a normal part of business.

                                            1. 5

                                              Sounds like decent stuff but I do find it amusing that some really basic things are getting big headlines: “Notepad Supports Linux Line Endings” and “Copy/Paste Arrives for Linux/WSL Consoles”.

                                              I’m hoping the console improvements are actually useful since the worst part about the WSL (aside from I/O performance) are the really poor consoles in Windows, including current 3rd party offerings.

                                              1. 2

                                                I actually did get excited about a couple of those. Which I guess just illustrates how low the bar was to begin with!

                                                1. 1

                                                  including current 3rd party offerings

                                                  ConEmu is pretty good. The only problem I’ve noticed is that it likes to put the cursor one line above (than the actual prompt line) in my zsh prompt :D

                                                  1. 3

                                                    ConEmu is an ok console, but it’s a poor Terminal Emulator, in my experience. (In part due to lag and some minor issues when processing VT-100 codes).

                                                    If you don’t use Vim or co, it seems to do quite servicably

                                                    1. 1

                                                      I used it for neovim in tmux, haven’t noticed any problems (though it’s not very fast indeed)

                                                    2. 1

                                                      UPD: another issue: in ConEmu, paste doesn’t work inside tmux. Switched to wsltty (mintty) :)

                                                    3. 1

                                                      The user, of course doesn’t (shouldn’t) care about how hard something was to implement, but the people writing these release notes are biased by that sometimes, it’s only normal. The LF change must’ve been a ton of work. Most of it probably not coding, but still work.

                                                      I don’t know it for a fact, it’s just speculation based on experience. By the way, I work at Microsoft though nowhere near notepad.exe.

                                                      1. 1

                                                        Yup. it’s amusing, but sadly it’s a Thing. I adopted WSL here at work because for some kinds of access it’s Windows or the hiighway and WSL is a LOT better than being stuck in CMD.EXE/ Powershell.

                                                        Thing is the cut&past experience at least before these changes was AWFUL. I’m embarrassed to admit that our workflow involves a LOT of cut&paste, and the experience was abysmal.

                                                        1. 1

                                                          The Notepad update was quite interesting considering it took 33 years for that basic feature to finally be there. No more opening config files and seeing nothing but a very long single line.

                                                        1. 6

                                                          I really like this approach to building compilers - I used the nanopass framework for a compiler I wrote for my undergrad thesis: https://github.com/charles-l/comp

                                                          It’s not perfect. There are still a few limitations that can only be circumvented with some messy mutation, but most transformations can be performed quite elegantly with the nanopass DSL.

                                                          1. 7

                                                            One of the framework’s authors gave a nice talk at Clojure/conj a few years back.

                                                            https://www.youtube.com/watch?v=Os7FE3J-U5Q

                                                          1. 16

                                                            Unit testing, auto-test on save, and working in very very small increments.