Threads for mysticmode

  1. 1

    I’m not sure what to make of this article when the author categorizes frequent and infrequent developers on the first hand when it comes to debugging.

    I prefer simplicity and flexibility over specializing the IDE specific features. Print debugging makes me much easier to achieve that. Rather quicker to be honest for me when I see people work with me with debugger, I noticed that sometimes on fixing the bugs.

    Don’t really understand the point unless I’m missing something. I would say it doesn’t necessarily need to be applicable for everyone.

    1. 1

      Of course it doesn’t apply to everyone - but I read it like I do it myself. If I’m using a language/project every day or even every week I might have a debugger set up. If I look at this project for the first time, or something pops up twice a year, maybe not in one of my 2-3 main languages - no chance I’ll have a debugger set up.

      So “do you work with this daily/regularly”, then you are a frequent developer :P (PS: Big fan of print debugging myself, but I use debuggers a lot, too)

    1. 2

      2021 was a great year for me. I:

      • Had my name removed from the records of the church I grew up in.
      • Was inducted as a lay minister in a non-sectarian Buddhist ministry.
      • Took my family to Maui, Hawaii for vacation.
      • Ran my first marathon in 3:50:02.
      • Graduated with my Master of Science in Cybersecurity and Information Assurance.

      For 2022:

      • Study stoicism.
      • Run 4 marathon.
      • Run 2 50K races.
      • Continue my audit of 3rd party password generators.
      • Start an offline browser-based project to compete with random.org.
      1. 1

        Study stoicism

        Are you going to read Ryan Holiday’s books? I had some experience here, I started with Meditations by Marcus Aurelius (fantastic book) and gave the book after reading to my friend to read. I forgot the translator author of that book. Next I went with Seneca, was a bit boring to be honest. Then, I came to Ryan Holiday’s books starting with Daily Stoic – It is very nice after reading the above books and articles on Stoicism on the web, I could relate to his translations.

        Start an offline browser-based project to compete with random.org

        I’m also going to build an offline browser-based application that I have in my mind for a while :)

        All the best to you!

        1. 1

          Are you going to read Ryan Holiday’s books?

          I wasn’t planning on it as I’m not familiar with him, but I’ll look into it.

          I started with Meditations by Marcus Aurelius (fantastic book)…Next I went with Seneca…

          I think I’ll be starting with the classics before getting into the modern interpretations. I had on my list The Enchiridion of Epictetus, Meditations by Marcus Aurelius, The Letters and Essays of Seneca the Younger, the Essays of Cicero, and The Reign of the Stoics by Frederic May Holland.

      1. 6

        My plan is to learn C++ with OpenGL. Basically the target is to start writing desktop applications that I needed mainly on Linux for my daily use.

        Background is that I’m coming from higher level or more abstracted programming languages and doing web applications by writing more and more Go code for the last 4 years. And did Python for some years before.

        Another thing is that, I’m interested in learning how the underlying memory management works. In other words, I don’t have a strong foundation with fundamentals. So, I need to start somewhere - I’m going to do that with C++ to see how it works and go from there.

        1. 4

          In case you haven’t already seen it, the best resource I’ve found for learning stuff is LearnOpenGL. There are loads of other websites with out-of-date OpenGL code floating around on the internet and it takes a fair amount of work to find examples that are sufficiently modern and correct. Most OpenGL code on the internet is bad copy-pasta written by people who don’t fully understand what the functions are doing (which is, to be fair, because OpenGL is a terrible API).

          If you want even newer functionality (like DSA which is available 4.5+ so you don’t have to do horrible global state manipulation with the old functions), there’s a handy cheat sheet available here: https://github.com/fendevel/Guide-to-Modern-OpenGL-Functions (I used it recently when writing a toy game engine in zig, starting with LearnOpenGL code to get stuff running, then rewriting it with modern DSA).

          Oh, and for debugging apitrace and RenderDoc are absolute lifesavers. They make debugging blank screens and mangled GL buffers much easier. RenderDoc especially is a necessity, since it allows you to visualize each step in the rendering pipeline. They’ll also report certain invalid state errors that glDebugMessageCallback or glGetError won’t catch.

          1. 4

            Full-time C++ programmer here … it may not be the right language if your goal is to understand memory management. C++ is kind of an awkward in-between: its library tries to shield you from doing doing manual allocation/deallocation, to the extent that calling new or delete is considered very bad style, but you end up still having to understand what allocation is going on behind the scenes because the language doesn’t shield you from pointers; it doesn’t do the kind of lifetime analysis Rust does. (That said, the Clang memory sanitizer and undefined behavior sanitizer help with this, at runtime. I consider them essential during development, the equivalent of seat belts.)

            If you really want to learn and play with memory management, you can always avoid good style and do C-ish stuff like new/delete or even malloc/free, but it will be out of sync with what books teach and how modern libraries work.

            On the other hand, C is such an impoverished language, I wouldn’t wish it on anyone. Better to use a small subset of C++ and get methods, constructors, RAII and such.

            I haven’t used it, but Zig is probably a great language for learning about low level stuff like allocation.

          1. 0

            I still don’t understand why people write rest APIs . They should be a code-gen

            1. 2

              Can you expand on this sentiment?

              1. 4

                Most probably, the parent comment relates to using some form of OpenAPI spec which can be done using the oapi-codegen for golang.

                1. 2

                  Oh ok, so kind of like gRPC.

                2. 2

                  Maybe they meant something like Apache Thrift and similar tools.

              1. 11

                That looks very nice indeed.

                It would meet my requirements if it had a clone address coded into the display. Given that you’re already setting details of each repo in the config, this could be an easy fix?

                1. 5

                  D’oh, how did I miss that?

                  1. 6

                    Nice to see, new work in this space. Congrats!

                    I’m also working on something similar. I initially launched as a web front-end for Git repositories like CGit. It is written in Go

                    Dogfooding it. https://git.nirm.al/r/sorcia

                    But now, I’m working on collaboration feature where people doesn’t have to have an account in an instance in order to contribute. This way, I think it will be light-weight without any pull-requests features like Gitea.

                    What I’m trying to do here is: Sending patches instead. I’m just doing a brief here:

                    1. So, a contributor will generate a patch using ‘git-format-patch’.
                    2. Upload it via the web interface or use the CLI utility which I’m going to build.
                    3. Verification will be that they will have to confirm their email address.
                    4. Contributor’s patch will get into a moderation queue for administrator or repo members who have permissions to check the patch and move it to the review queue for anyone to review the patch and apply it via the web interface.

                    I’ve written about this in detail here https://gist.github.com/mysticmode/e07802b949af5985964f25d2cffcae5f

                    1. 3

                      Sorcia looks really nice. What do you think about forgefed?

                      1. 1

                        I’ve been looking at forgefed for a while. As well ActivityPub and ActivityStream. But it makes Sorcia a bit complicated. As I said, I need it to be lightweight.

                        Maybe for discovery purposes, I might use AP. If I really wanted to make it federated or decentralized per-se - I’d actually stick to IPFS

                        I got to know about IPFS through this article.

                        It was written 5 years ago but it is still relevant and interesting to me.

                      2. 1

                        It would be nice if it worked without JS, like cgit typically does.

                  1. 5

                    I’m working or continuing the development of LibreRead. It’s a Self-hosted browser-based e-book reader which supports PDF, EPUB, MOBI, CBZ and CBR formats.

                    I launched the initial release 2 years ago and then for some personal reasons, I couldn’t be able to continue the project and as well - I didn’t renew the domain address https://libreread.org which was taken by some domain squatters after the expiry date.

                    For the last few days, I was thinking about this project more and to my surprise, the domain address I mentioned was available and I registered/retrieved the ownership again.

                    I put some detail on how this project evolved and some history in a brief on the README section here https://github.com/LibreRead/server

                    Yesterday, I did some design and today I’m implementing it and going to continue this work further this week. I’m basically unemployed for the last 1 and 1/2 years, so I could be able to focus on this full-fledged now.

                    That’s pretty much it. If you want to interact with me about this project apart from doing here, you could find my email address or Mastodon account in my website which is mentioned in my Lobsters profile page.

                    1. 2

                      Thanks for sharing open-source ideas github. Keep us posted!

                      1. 1

                        You are welcome! And sure, I’ll definitely post when I’ve implemented the features that I’m thinking and especially when I’m ready to provide scripts to upgrade to a newer versions of LibreRead. Thank you for your interest.

                    1. 4

                      I’m writing a Self-hosted software development platform with Git VCS. It’s going to be written in C.

                      C is quite familiar for me as I’ve been programming in Golang for the last 2, 1/2 years and in Python for about 4 years. Thing is I still gotta look at some intermediate and expert books regarding how to handle memory allocations and avoid the pitfalls that C developers usually face it. If you ask me now, I really don’t know - just got my basics good.

                      Some books which I’m referencing are:

                      1. Practical C programming
                      2. 21st Century C
                      3. Expert C programming, Deep C secrets.

                      Furthermore, I’m also thinking about reading a book on PostgreSQL. I’m going with Practical SQL up and running from O’reilly. Going to spend today and the weekend to read these to see how far I can go.

                      Learning C will also help me to build another project which I have in mind - building a voice assistant with PocketSphinx. It’s a desktop app which will utilize GTK3. And I have to get my ideas consolidated on how will this work. Basically trying to build a wrapper where people could upload their voice data and train their keywords and add functionalities that will do what they want to do.

                      1. 5

                        Crank the compiler warnings as high as they go, and fix all warnings. Also, run the program under valgrind and fix all those warnings as well. I’ve been doing that for my Pascal compiler and I’ve fixed what seems like a memory leak or invalid memory read/write every third test run. Well worth the effort.

                        Also, try to avoid casts. You don’t need them for malloc(), calloc(), realloc() or free(), and if you do need to cast, isolate it. For instance, I keep procedure/function parameters in a linked list, and the structure is declared like:

                        typedef struct
                        {
                          type__s *type;
                          Node     node;
                          char    *name;
                          bool     function;
                          bool     var;
                          bool     procedure;
                        } parameter__s;
                        

                        And to run through the list of parameters, the code looks a bit like this:

                        for (
                              Node *n = ListGetHead(params);
                              NodeValid(n);
                              n = NodeNext(n)
                            )
                        {
                          parameter__s *parm = parm_from_node(n);
                          // rest of code 
                        }
                        

                        The “function” parm_from_node() is one of the few places where I do casts, and it looks like this:

                        static inline parameter__s *parm_from_node(Node *n)
                        {
                          return (parameter__s *)(((char *)n) - offsetof(parameter__s,node));
                        }
                        

                        By using offsetof(), I can reorder the fields around and still have this work in valid C [1].

                        [1] Okay, explaination. You can always cast any pointer to char * (and back again—it’s mandated by the standard). The function offsetof() (it may be a macro—be careful) is how one portably finds the offset of a field in a structure) is used to adjust the pointer and that is then cast back to the appropriate type. I use an actual function for this instead of a macro because macros don’t typecheck (technically, if you pass the wrong Node * to this, it stands a chance of crashing, but at least it will typecheck that you are passing a Node * and not a foo *).

                        1. 3

                          Another tip would be to switch between compilers, and especially try clang’s various sanitizers (memory, address, undefined behavior, …). And generally, adding assertions can help a lot, both to ensure that changes don’t break unrelated modules, and to formally write down what your assumptions are while writing the code.

                          1. 1

                            Thank you very much! Valgrind is recommend by 21st Century C book. I’ll definitely try what you have said. I just saw your website, and you seem like you have knowledge on this. But for me, I’m just taking baby steps so far. And I need some time to look through what you have suggested.

                            I might send an email to you if I have any questions on what you have mentioned above :)

                        1. 3

                          I don’t have time to do a thorough overall security review. But here is a riff on your idea for rate limiting that you might want to consider:

                          • In your moderation queue, where you accept a patch from a user, add an additional option to move patches from that user to the review queue in the future.
                          • When sending their first patch from a git email address, the sender must confirm the email.
                          • They may then send up to N patches.
                          • After N patches, they may not send more until one of them is accepted in the moderation queue.
                          • They may then continue to submit patches until they have N in the moderation queue again.
                          • The owner can choose to always move a user’s patches from the moderation queue into the review queue. That would lift the restriction on how many patches a user can send.
                          • Maybe if an owner chooses to merge a contributor’s patchset, prominently include an option in the display where they do that to always move future contributions directly into the review queue.

                          My rationale: when I’m contributing to a project, it’s often more than one patch, but seldom more than, say, a dozen. I generally try to break my contributions into small patches, then submit them in one request if the project is using a model like github or gitlab. If I had to verify my email for every patch, I’d give up somewhere around #3 or #4. Something like what I’m describing might effectively prevent malicious “contributions” while also keeping friction low for contributors.

                          1. 2

                            I like this, but you will need to do some sort of identification/authorization. Otherwise if I see a patch from hoistbypetard@example.com, I can then change my git email to that address and fill up that queue for N patches, and continue doing that for all the verified emails.

                            Just create accounts for them, maybe email link to login/verify a device until they setup a password, ssh keys, etc.

                            Also I’d send an email notification for every patch submitted, so hoistbypetard@example.com knows the patch got received correctly, wasn’t “hacked”, etc.

                            1. 1

                              Yes, this is a good point! I’ll think about a workaround for this when I implement the CLI. Thanks a lot!

                            2. 1

                              I’m sorry for a bit late to reply. And thank you very much for your time to suggesting this!

                              If I had to verify my email for every patch, I’d give up somewhere around #3 or #4.

                              I understand this. You are correct here.

                              What you have said seems to be a good approach to tackle what I’m trying to solve. I’ll wait for some more time to think about this and see if I have any more questions to ask to you.

                              Thanks again!

                              1. 1

                                And the N patches can be an option that the owner could adjust for a contributor apart from adding them as a member to the repository if an owner wish to do so.

                                Yes, I got what you are saying. Well, I don’t see any bottlenecks with your suggestion. That said, I’m curious to see more replies to my question as well :)

                              1. 2

                                I think https://web.archive.org/web/20130117043748/http://sheddingbikes.com/posts/1306816425.html will make for interesting reading. Note the trolling via any user-accessible text field (here, project membership), and the rather nasty denial-of-service attack in response.

                                Unrelated to your question, but: the “license information” section on https://cmdity.org/r/cmdity isn’t encouraging. Even the AGPL doesn’t require open-sourcing any code that your code merely processes, and I can’t even find the LICENSE.AGPL file which apparently adds that additional restriction. (Or not? The AGPL may not let you add such restrictions: “If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term.”)

                                That said, I wish you the best!

                                1. 1

                                  Even the AGPL doesn’t require open-sourcing any code that your code merely processes,

                                  That’s fine. But I’m not sure, what you are saying here. Could you explain more about this? I haven’t written the Commercial License yet and also I’ve haven’t implemented that feature. Still there is plenty of work to do before doing that.

                                  It’s a Self-hosted software and consider this as a platform. If all your projects/repositories in your Cmdity instance is FOSS, then you are free to use and you don’t need to pay for a commercial license. Otherwise, if you are using Cmdity and keeping any proprietary projects, you need to purchase a commercial license.

                                  1. 1

                                    Not a lawyer, but as I understand it: the AGPL is, at least, not trying to do what you say you want; one should be able to run a hypothetical AGPL httpd, accessible to the public, without AGPL’ing the files served by the httpd. (One would need to share any changes to the AGPL httpd.)

                                    The problem isn’t really the license itself - what you describe is a custom commercial license with a free tier for open-source, which is sensible enough (and yes, do please define which license count as “open source”, as in your sibling comment); the problem is the lack of clarity.

                                  2. 1

                                    I think it is better if I mention what licenses are allowed for people to use Cmdity for free. I will do that.

                                  1. 1

                                    Here’s an idea. Ever heard of hashcash? Bitcoin draws some inspiration from this. The idea is that whenever someone wants to submit a patch, they have to solve a puzzle. Similar to a captcha, but it’s a computational puzzle, so the user doesn’t need to do anything, it just slows them down. An example would be:

                                    • User wants to submit something, asks server for puzzle.
                                    • Server gives the user some random string X and asks it to find a string Y such that hash(X | Y) starts with ten zeroes (this is the difficulty and can be adjusted).
                                    • User finds the string Y by brute force (trying out random ones) and submits it back to server, along with its patch.
                                    • The server verifies that hash(X | Y) does indeed start with 10 zeroes, and if so, accepts the patch.

                                    I’m not a cryptographer so this break down might not be entirely correct. But the idea is basically to slow down submissions by making them computationally expensive, which isn’t a huge problem if you’re submitting just one patch (you can adjust it to take like 3s on a modern machine) but it will make it expensive for spammers. You’d probably want to use scrypt as the hashing function here.

                                    1. 2

                                      The “economics” of hashcash-like systems typically do not work out today.

                                      In this case, you’re trying to prevent the Sorcia server from needing to process a git push; I’m pretty sure that I could construct a git push that takes, say, 1 second to process. (For convenience, assume the server is running on a single-core VM.)

                                      To prevent a somewhat motivated attacker from consuming 100% of your CPU - say an attacker who has a few beefy computers around the house or in the cloud - you may need to impose a 100:1 or 1000:1 cost difference between the attacker and the server (so you’d need to impose 100s resp. 1000s worth of effort on submitters, to ensure that an attacker with 100 resp. 1000 CPU cores can’t consume all resources on your VM.)

                                      But imposing 100s or 1000s worth of effort on legitimate users - who may really like their ancient laptop (Thinkpad?), and who may really need to wait e.g. 400s or 4000s for an answer - isn’t going to be well-received.

                                      … and this really isn’t the worst case yet; consider the difference in computational power between an attacker with a botnet or a GPU farm, and a legitimate user who’s running heavy crypto code through Javascript on an ancient smartphone with an aging battery…

                                      1. 1

                                        My rebuttal to this (and I’m really no expert) is that it should be possible to just block large patches (typically, patches are only a few KiB anyways?). Plus, there could be additional checks, such as a per-IP rate limit, etc. Just using this as a layer to make it more expensive to attack. Wouldn’t that be a good idea? I think anything that takes more than 1 to 3s of processing time for a legitimate user would be a bad idea.

                                      2. 1

                                        I appreciate your response on this! But, I don’t know much about cryptography in order to comment on this to be honest. I think going with a reasonably good enough approach like what “hoistbypetard” suggested is the way to go for now. I mean with N number of patches and giving the owner to modify the default N patches for a contributor based on their needs.

                                        Also, one could always come back and figure out a solution if there is any problem with that approach by considering what the community would say when they started using Cmdity and whether they find this workaround annoying.

                                        Thanks again!

                                      1. 10

                                        Thanks for sharing! I’m working on Sorcia.

                                        But this software is not ready for that at all yet. The federation has to be done. It is still under development :)

                                        Contributors are welcome!

                                        1. 2

                                          Thats awesome, I thought it was a fitting project so I posted it. Good luck in the future!

                                          1. 2

                                            That’s Okay and Thank you! I’ll post here when it is ready.

                                            1. 1

                                              I’m not sure how you’re planning to implement the federated aspect of your service, but if you’re interested in providing ActivityPub support, I’m working on a general purpose library for it and I could use other projects’ use cases.

                                              1. 2

                                                AP is one part of it I’m exploring, but that’s not my real concern. I’ve been seeing that AP has been adapted particularly for Mastodon’s needs recently. It works well for a social network.

                                                But the question would be, how am I going to handle streaming or we can say bi-directional streaming when a user or multiple users forks a repository into their instance and again getting them to make a pull request to the forked/original repository on another instance. The use-case here is that what if all this happens simultaneously from many users. There are many bottlenecks here and I need a framework in order to handle this.

                                                So, I recently came across gRPC and it looks promising for what I wanted to do. Gotta give it a try.

                                            2. 2

                                              This is interesting nonetheless, if I gather correctly, it’s supposed to be a self-hosted Git daemon of sorts with an emphasis on federation between installations so you can discover more software?

                                              1. 3

                                                That’s what I’ve thought at first. I need to discover more softwares through Sorcia if people started using it. So, I’d have to go this way - the federation features are not much different from GitHub or any sorts of similar centralized social git hosting service if you ask me now.

                                                But I gotta be careful here, I don’t want to introduce too many social aspects into Sorcia. And that is the main reason I’ve started this project. So, it’s a challenge and an interesting one to explore and solve..

                                                The federations features would apply for:

                                                • Discover new users and their work
                                                • A user from an instance can make a pull request onto another instance.
                                                • A user from an instance can be added as a member to a repository which is hosted on another instance. Or maybe have access to act as a member to a repository hosted on another instance.

                                                These are the main features of federation in Sorcia.

                                                1. 3

                                                  That’s a pretty cool idea, I’m happy to see you exploring it! Good luck!