1. 4

    Can’t we just remove the “data” and say science in general? Any systematic approach to knowledge about our world that is built around categorization or definition is doomed to marginalize those that defy categorization or definition.

    1. 7

      Most science done has ethical boundaries they attempt to follow. Some of these boundaries may be more or less compromised. Most scientific studies for example won’t include you without your explicit consent. Data science is more slippery than typical scientific practice because it revolves around data already gathered. Bypassing your consent is MUCH easier. The problem then gets further compromised when we start talking about businesses who may have a profit motive in ignoring scientific norms. Without any of the normal rules, regulations, and protections provided in a normal study they can really go off the rails. Without protection and oversight most businesses will be too tempted by the prospect of profits, and they will always choose what they perceive shareholders will value. Of course, mined data is a toxic asset, especially without consent. It can be illegal, or worse reputation destroying, and I suspect that will only get more so over time. Businesses that “mine data” as their primary way of doing business might lead to a bubble like crash that would be pretty bad for us devs. When that day comes it’s possible we won’t have to worry about this conversation so much, but until then it’s important to talk about specifically where the problems arise.

      1. 4

        Nice strawman argument. But, there’s a large jump between science and Seeing Like a State. See: the vast majority of human history.

        To wit, we are not resources for a state to manage in order to maximise GDP growth.

        1. 5

          I’m not sure what about my argument is strawman. In the article the argument is that data science can be used to subjugate or violate the rights of queer people. To quote the article:

          There’s no test that you give someone to determine they’re “actually” trans, unless you’re a doctor, or a neuroscience researcher, or a bigot (but I repeat myself).

          If we’re going to argue that data science threatens transexuality because it attempts to understand it or at the very least to categorize it, then we can just throw most natural science efforts out the window too. I don’t think the leap from the scientific method to panopticism is as great as you seem to think it is. The problem is that scientific reasoning can be used for many things, but what it’s best at is systemizing knowledge and define things against other things. That happens to be very useful at building knowledge, and those with knowledge have power, and eventually GDP. I’d love a counter example of a ludite culture that has a thriving GDP and loose definitions around their beliefs.

          1. 3

            Whether a person is trans or not, isn’t a scientific question. Cool that you’re going to bring that strawman to your grave tho.

            1. 3

              Whether a person is trans or not, isn’t a scientific question.

              As someone totally not in the loop, why isn’t it a scientific question? Somewhat related to that, why wouldn’t everything also be a scientific question?

              1. 2

                It’s currently what many scientists are studying and debating. There’s knowledge, theory, and practices around the subject. It’s definitely a scientific question. Further, it’s a settled question for some while a debated one for others. All depends on one’s views.

                1. 4

                  Whether a single person or not is trans is - for now - a question of their subjective experience.

                  There’s definitely science to be done about whether there are commonalities, biological markers, etc.

                  1. 2

                    That’s all I’m saying. Especially the subjective experience. That biological gender is objective with objective data, but trans identity is subjective, is exactly why there’s such a strong debate about whether to accept or reject it. Science has been making the situation just a little more objective. That might help in some ways down the road.

                    Or make it worse. Never know how scientific results will be [ab]used… Just gotta take the chance since the subject is too important to not investigate.

                    1. 7

                      It seems a subtle nitpick to the uninitiated, but receiving the suggestion that a scientist could ‘set them straight’ about their subjective, personal experience is a common enough occurrence that you’ll enrage people if they think you’re doing it, which makes reasonable discussion hard.

                      Rereading “Whether a person is trans or not, isn’t a scientific question” with that context might make more sense of the reaction.

                      1. 6

                        This is the real MVP comment of the conversation. The same way science can’t tell you if you’re “objectively” sad or “objectively” a baseball fan, it makes no sense to ask if someone is “objectively” trans, but that doesn’t mean we get upset at people for crying when their grandparents die or spending hours watching people run around on a field.

                        1. 4

                          This response has been absolutely boggling my mind since I’ve first read it. Are you actually comparing gender with an interest for a sport? Then are you trivialising the implications of self-id (which is a thing). I mean, the entire discussion has been one of the catalysts of the alt-right, something I hardly think something like “baseball” could have had brought into life. I guess what they share in common, is that there is big money pushing both (after all, there’s a lot of profits one can make off people who depend on permanent medical supervision).

                          It’s not a surprise that Gender cannot be scientifically determined (as compared to sex), since it’s social, and has become meaningless in a society that’s relying less and less on gendered division of labour. But how that means that gender becomes individual (an apparent paradox) is foreign to me. People often say self-id is the best solution, because nothing else works. But that doesn’t mean it is good in itself. Nothing works! Because gender is dead!

                          To clarify this: None of this is meant as an insult against you or anyone else. None of this can be used an excuse of violence or smears. None of what I say is an attack on gender non-conformance. I don’t know you, and don’t wish to comment on your opinions. Ignore me if that’s what you want, I demand no response or attention. I just had to write this, even if it it were all wrong. This thread has already become so off topic, that there’s little more to care about. This topic has severely dealt damage to my mental well-being over the last few months, and suppressing it hasn’t done me well. I’ve been trying to get over it, but at no avail.

                          1. 3

                            I agree with you here; I was just using that as an example to help other people see why the specific idea I was referring to was a bit silly. It’s reductio ad not-quite-absurdum to illustrate a point.

                            This topic has severely dealt damage to my mental well-being over the last few months, and suppressing it hasn’t done me well.

                            I’m very happy to talk about this privately, if you want.

                            1. 1

                              Very kind, but there’s no point to burden anyone with my issues. The usage of the term “severely” was wrong, and I would edit it out if I could.

                      2. 6

                        If we’re going to talk in scientific terms it is important that we get the terms correct. So please don’t take this as me being pedantic because most people don’t know the precise definitions of these words. Heck even I didn’t before I had a close friend transition. I think it will help disambiguate and dissolve conflict. Gender specifically refers to the cultural construct, and therefore is subjective. You can have a gender even if you were a cybernetic brain in a box, no body required. Sex is the sexual dimorphism we observe, genitalia, hip size, bone structure, muscle mass, hair presentation, etc. As sexual dimorphism is not a binary, so even though yes your chromosomes may be XX or XY you can be XX with several male features. For example if you found out Hugh Jackman had XX chromosomes you wouldn’t more more likely to marry him, so the sexual dimorphism actually matters a great deal. Traits we generally think of as “male” or “female” often end up on people of either sex. In more extreme cases those traits are “fixed” surgically to fit the “birth sex” (what is perceived to be their sex by the parent, or the preferred sex by the parent). So sex as we talk about it in everyday language is not the chromosomes but rather the sexual dimorphism we observe.It’s quite a bit more common than people would like to think when we start to consider the full gamut of possible traits that can be considered sexually dimorphic. A woman at birth can have a “male” jawline, or a mustache, or a beard, or “male” muscles etc.

                        Identity itself is a construct, so the only measure we can have is how real it feels to them, the one who is perceiving it. So, the very question of “Is this person’s perceptions about their own identity real” is a vacuous question to answer. It’s akin to debating the tautology ⊤ = ⊤, because you’re debating the reality of a fundamentally immaterial thing. More importantly when a person perceives something about their body, concretely, that doesn’t agree with how their body presents they will go to the ends of the earth resolve that cognitive dissonance. It will cause them great anguish until they fix that. It’s akin to if you woke up one morning with tiny hands coming out of your stomach. Body horror is an entire genre for a reason. There can be an element of body horror for someone like us when we observe someone transitioning, because we are projecting our identity on that person, and imagining how horrible it would be to change our bodies. However this body horror is precisely what many trans people live with when they do not transition. Therefore we should not put our own discomfort above theirs, as what they live with is an order of magnitude more intense than what we experience as an observer.

                        The debate that arises around this subject is almost exclusively among lay people like you and me, and not researchers. The debates almost exclusively arise from the kinds of loose wiggly terms and the misconceptions around those terms that lay people use. The scientifically incorrect perception of sexual dimorphism as a binary, the conflation of sexual dimorphism and gender, and the conflation of sexual dimorphism and chromosomes are common contributors to why lay people debate on this until their lungs give out. The scientific consensus isn’t particularly divided on this subject. Some people don’t like the results, maybe some find them a bit disturbing, but that’s not the same thing as having a sound basis to doubt the conclusions. As we start unraveling the strings that hold together our consciousness, I suspect we will soon find things that are a great deal more upsetting than this.

                        1. 1

                          Very interesting read, thank you.

                2. 1

                  Why is GDP even relevant? Lol, life is not a competition to get rich dude, chill down. Also if you believe that ludites or neoludites are against science and tech, you should maybe spend your fraction of the GDP on some book about the subject.

                  Science is a tool and as such should be treated. You elevate it to a source of truth, which is not. To each problem its tools. Understanding subjective experiences and the formation of identities is not a problem for natural sciences.

                  1. 1

                    I certainly didn’t say anyting about GDP being the alpha and the omega. I was meerly making the point–a point which often lost on many counter-culturalists—that the scientific method has proved itself over the last few hundred years to be VERY effective at stockpiling resources: knowledge, material and spiritual. I am actually pretty left-leaning in my own right and have very pessimistic views about the current trajectory of the application of the scientific method to our world. But this isn’t the right forum for those arguments.

                    I was just trying to make an intellectual argument based on the claims of the original story that if you’re going to attack data science as hostile to the subjective quality of being human, you can go ahead and throw out biology, physics and chemistry which all attempt to categorize and objectify our gender with just as many horrible effects as data science.

                    1. 1

                      I don’t think any of those disciplines ever concerned itself with gender. Sex yes, gender no. Gender, if any, is studied by sociologists, anthropologist and so on. Biology has nothing to say about gender. Also it’s not clear what the scientific method told us about spirituality

                      1. 1

                        Those disciplines should not concern themselves with gender, but they certainly do. The scientific method has certainly been used to attempt to explain our process of belief from a biologically necessary perspective.

                        1. 2

                          If you’re talking about stuff like evolutionary psychology, it’s still hotly debated if, epistemically, they fall into modern science. Otherwise it’s not clear what you’re talking about. I mean, clearly at some point some scientist that never concerned themselves with humanities for sure tried to apply science where it was inappropriate, but Science as a discipline is something else.

              2. 6

                Science is essentially the process by which humans seek verifiable knowledge. It is the only tool we have to try to understand the universe we live in without simply taking someone else’s word for it. What would you replace it with?

                1. 1

                  I’m not arguing for replacing science. But in the context of the article, the nature of science is to categorize and define, and to do so with a decent amount of ruthlessness with regards to personal privacy and subjective feelings. It is not data science alone that is threatening to queer people. All of science is positioned against the more fluid and unexplainable aspects of being alive.

              1. 3

                I’ve had similar issues recently using Chinese services when I visit. It’s super frustrating to be totally locked out of a lot of these apps (after all, I’m not a resident! But I am more than willing to contribute money into the economy)

                This is the sort of thing that I would hope Libra could smooth over, if it ever picked up

                1. 18

                  what makes you think that facebook would be a better steward of your financial liberties than tencent?

                  1. 2

                    Because the entire pitch of Libra is for cross-border stuff.

                    I wouldn’t like it as a general purpose thing but I would like it as a way to avoid cash-related issues when going abroad

                    1. 3

                      Facebook is banned in China. Libra will be insta-banned in China if it ever picks up steam. Libra is taking away control from national governments. That’s anathema to most countries, let alone China.

                    2. 1

                      So far, they answer to themselves instead of the Chinese government with less nationalist censorship. They’re also battling with their own government semi-successfully. Once again, unlike Chinese operators who probably work closely with theirs given it’s even more of a police state.

                  1. 2

                    Is 0.14” difference in thinness worth access to the ports, user upgrade-ability, and the longevity of the keyboard?

                    0.14” plus the obvious differences in construction quality? Yes. A hundred times yes.

                    1. 7

                      From the first look it might seem like cheap plastic. But, the looks are deceiving. IMO, most Thinkpads are second by toughness only to thoughbooks. The build quality is great. The plastic feels good, is resistant to scratches, and even if you manage to scratch it, the texture hides it. It has a metal frame under the plastic, which makes it very hard to break. Meanwhile, Apple sandwiches everything between two sheets of machined aluminum, which while better than plastic, isn’t that strong.

                      1. 3

                        I know you meant to type toughbooks, however I would really like to see a thoughtbook.

                      2. 7

                        Are you actually implying that Thinkpads are poorly built? Thinkpads are the laptops you’ll find in Fallout-style post-apocalyptic shelters. I’ve been using Thinkpads for 12 years now… Most of them are indestructible by usual hardware standards :-)

                        1. -1

                          Are you actually implying that Thinkpads are poorly built?

                          Yes, compared to Apple laptops, Thinkpads are poorly built.

                          1. 5

                            It’s clear from the language used by others here that Thinkpads are romanticised. I mean, I like them too, but it’s going to be hard for any of us to evaluate them honestly when much of the sentiment in this thread is borne out of “screw Apple!”. I agree that MacBook build quality is second to none (besides the flawed butterfly switches).

                        2. 6

                          I thought this too until I held my t480s in my hands. It’s solid as a rock: no flex or give in the body at all. Everyone who has held it remarks that it feels solid. Time will tell on longevity but I’m pretty optimistic.

                        1. 6

                          Ports. The t480s has 2 USB-A ports and 2 USB-C ports. It also has a full size HDMI, SD card slot, and full-size Ethernet. Is 0.14” difference in thinness worth access to the ports, user upgrade-ability, and the longevity of the keyboard?

                          Given that there are quite a few usb-c hubs[1], or single-use-case (eg. hdmi for presentations) dongles, out there that offer the ports in a breakout/hub/dongle format, I don’t desire a return of all the ports that I use so occasionally/seldom. Paying the size/thickness/weight tax all the time for something I use rarely isn’t a great tradeoff for me.

                          Then again, I use a laptop to be mobile, not as a desktop replacement. I realize that not everyone does this, so ymmv.

                          [1]: Kingston’s Nucleum has two USB 3.0 ports, an HDMI port, a SD and microSD card slot, one USB-C charging port and one regular USB-C port

                          1. 13

                            USB-C devices and hubs are pretty bad if you want to run more than one 4k60 display. Some can’t even do one. You can’t just plug in one hub and be done. I had to plug in three different USB-C dongles to get two 4k60 monitors, ethernet, keyboard, mouse, audio going on my 15” rMBP. Worse, USB-C slips and loses connectivity very easily.

                            The whole situation is asinine. Yes they’re meant to be mobile but I’m not paying $3k for something functionally equivalent to a netbook on steroids.

                            1. 6

                              USB-C slips and loses connectivity very easily

                              I missed this part earlier (or maybe you edited it in later). I very much agree with this one. I find usb-c a bit fiddlier than I would like, especially for power in comparison to the old apple magnetic (magsafe) power connectors. RIP magsafe.

                              1. 2

                                Multiple 4k60 displays seems a bit like a job for a desktop to me. That said, I agree that sucks. I wonder if it is a limitation of usb-c or just so few people with that use-case that nobody makes one that can do that yet.

                                EDIT: hmm. looks like a displayport 1.2 limitation, based on some searching. DP 1.2 supports a single 4K 60 Hz monitor, two 1440p 60 monitors, and so on. DP 1.3 supports more (gfx card willing), but I think usb-c/thunderbolt3 is still DP1.2. bummer.

                                1. 5

                                  It’s a MacBook Pro. I was running 2 displays off a 12” Thinkpad with the dock years and years ago.

                                  1. 4

                                    And you can still do so if those displays aren’t 4k. The terrible industry-wide state of getting pixels from ram to screen is not Apple’s doing and any attempt they make to fix it themselves will be met with endless pearl-clutching about “proprietary connections”

                                    1. 2

                                      I don’t mind how they fix it, I would prefer more port types than just USB-C. I think the decision to only have USB-C is aesthetic not functionality.

                                      1. 3

                                        There are functional reasons to want only one port on your device. However, their decision to go about it in classic Apple fashion, making the change out of nowhere, was certainly a head-scratcher.

                                    2. 4

                                      A MBP will absolutely run multiple 4K displays on a single port.

                                      Fuck, a Mac mini with just Intel graphics will run 2 4K displays, also from a single port.

                                      1. 2

                                        I get that it has Pro in the name. Did you use docking at every location where you worked with multiple monitors? Monitors these days also just seem huge to me. I can’t imagine someone having two 30+ inch 4k monitors on their desk ( that’s a /lot/ of terminals! ;) ) and yet choosing to drive it with a laptop. The workflow comparison between that and running undocked seems significant.

                                        I do wonder if some portion of people get laptops just because, or on the off chance that they might do something on the go, but then they end up using them docked 100% of the time anyway. Definitely not saying this was you though, as I have no clue how you worked or used your machines.

                                        1. 5

                                          Some people don’t buy laptops but their company only provides laptops. You have to be able to use the laptop as a desktop replacement if you need/want to. Heck, desktops are a vanishing breed, I imagine 90% of them are sold as gaming machines, these days.

                                          1. 2

                                            Chiming in with an anecdote, but I will emphasize this is my singular experience and preference.

                                            I have a 2015-era Thinkpad X1 Carbon whose built-in display is 1440p. Most of my programming uses, I use it docked to an additional 1440p display, sometimes two and turn off the built-in screen in favor of two full-sized monitors. In both cases they are only 25” displays, but the additional pixels are very appreciated. I don’t really see myself upgrading those to 4K screens, but I can imagine others who might.

                                            Some non-programming tasks also benefit greatly from the extra screen real-estate. I do will sometimes design in Figma (full screen on one monitor) with the second monitor hosting two windows: an editor window for referencing existing CSS in our projects, and a browser open to the Spec for the project whose design I am working on

                                            I am very much in the “laptop for the off chance they might do something on the go” crowd, but those times are far from insignificant. A lot of it is on-the-go comms with my team, doing project management and product management tasks. I definitely would not be effective with only a desktop, i.e. only a phone for on-the-go productivity.

                                      2. 0

                                        Limiting yourself to a USB-C (protocol) dock/device when you have TB3 ports but clearly want a not-average-joe functionality makes no sense to me.

                                      3. 3

                                        For me, this (multiple do-almost-anything ports, vs several each do-1-specific-thing ports) is the killer thing, but it works specifically for Macs because those ports are all TB3 not “just” USB-C.

                                        For basic things (i.e. the common complaint about the pre-TB3 MBP having “USB-A, HDMI and SD card” you can get a single USB-C ‘hub’ to provide all those ports, but whenever possible (and particularly for stuff relating to displays) I actually tend to get/suggest TB3 devices.

                                        1. 2

                                          My question — and the question of most people I know who have a newer MacBook Pro — why not both? Why not have USB-C ports and a HDMI? TB3 is awesome but it doesn’t have to be exclusive.

                                          1. 4

                                            It’s entirely possible Apples reasoning is aesthetic, but to me, a HDMI port is useless, and usually adding a HDMI port means you lose something else (see: the 2018 Mac mini that only supports 2x4k displays over TB3 because the third ‘supported’ display must be over HDMI).

                                            HDMI is also one of the least-hard “problems” to solve: you already need a HDMI cable, so use a different HDMI cable, with USB-C on one end.

                                            1. 2

                                              You’re right. The Mac mini is a really good example of a combination of ports that folks really enjoy having access too.

                                              This is all a tangent though, the reality is Apple is bent on making their laptops like their tablets and I wish they wouldn’t. In the end though it’s all preference.

                                              1. 3

                                                reality is Apple is bent on making their laptops like their tablets

                                                Maybe the reality as you see it, but until they add touch screens to their laptops, I’m going to remain pretty dubious about that viewpoint.

                                                1. 2

                                                  You missed my point. Not sure if that was deliberate or not.

                                                  The Mac mini has HDMI.. for some reason, but because it does, you can’t run 3 DisplayPort 4K displays from it. You can run two DP, and one has to be HDMI.

                                                  I would be happier if the mini had forgone HDMI for more TB3 ports (or even dedicated (mini) DisplayPort would be better than HDMI). I’d even give up the USB-A ports for more TB3 ports.

                                                  reality is Apple is bent on making their laptops like their tablets

                                                  I really cannot agree with that at all and I wonder if you somehow don’t understand that TB3 and USB-C are not the same thing.

                                                  1. 2

                                                    you can’t run 3 DisplayPort 4K displays […] I really cannot agree with that at all and I wonder if you somehow don’t understand that TB3 and USB-C are not the same thing.

                                                    Well, if we are going to be pedantic ;). If you use DisplayPort 4K displays, you are not using Thunderbolt 3, you are using the USB-C DisplayPort alternate mode. They are separate things, since there are also machines that have USB-C ports that support DisplayPort alt mode, but not Thunderbolt 3, such as the MacBook 12” [1].

                                                    So, why do you care about USB-C Thunderbolt 3 ports if you are going to hook up a DisplayPort display?

                                                    (BTW. it seems that Apple’s wording is intentionally muddy here for marketing purposes.)

                                                    [1] https://support.apple.com/en-us/HT206587

                                                    1. 1

                                                      I use a TB3 to dual DisplayPort adapter, so it only takes one port. I can guarantee you it is not using USB-C alt-mode.

                                                      1. 1

                                                        Now you are adding new data points. The default (and much cheaper) thing to do is to hook up a DisplayPort display directly to a Mac Mini or MacBook. Which is done using a regular passive DisplayPort <-> USB-C cable.

                                                        1. 1

                                                          No, I’m not.

                                                          You asked what’s wrong with a HDMI port. I told you: takes away video streams that would otherwise be available over DisplayPort.

                                                          Whether they’re routed over 3 USB-C to DP cables using Alt Mode, or via a TB3 adapter is irrelevant.

                                                          Go look at any tech forum with people having issues with displays: a decent chunk of them it’s because they’re using HDMI, because it was literally designed for TVs and receivers, being used for computer displays is an after thought, and it’s very apparent.

                                                          1. 1

                                                            HDMI doesn’t “take away” video streams, Apple does. If Apple really wanted, they could’ve added ability to use 3rd video stream using USB-C, but they didn’t. There is really nothing stopping them, except maybe the Intel chip that may not have a 3rd DP output.

                                                            1. 1

                                                              The UHD 630 supports 3 displays over dp hdmi or edp.

                                                              Apple chose to include hdmi which means one of those outputs from the igpu is used or “taken away” from potential as a DP output over USB-c/TB3.

                                                2. 1

                                                  It’s entirely possible Apples reasoning is aesthetic, but to me, a HDMI port is useless, and usually adding a HDMI port means you lose something else (see: the 2018 Mac mini that only supports 2x4k displays over TB3 because the third ‘supported’ display must be over HDMI).

                                                  HDMI 2.0 supports 4k displays. The Mac Mini specs explicitly state that you can drive three 4k screens:

                                                  Up to three displays: Two displays with 4096-by-2304 resolution at 60Hz connected via Thunderbolt 3 plus one display with 4096-by-2160 resolution at 60Hz connected via HDMI 2.0

                                                  https://www.apple.com/mac-mini/specs/

                                                  1. 1

                                                    That’s what I said. It forces one display of the three to be hdmi, which IMO is garbage compared to DP. I’d rather have no HDMI and be able to drive 3 displays over TB3/DP

                                                    1. 1

                                                      Your comment was vague, it seemed to suggest that you cannot drive three 4k displays, but the point is that one of them has to be driven through HDMI. Fair enough.

                                                      Apple’s rationale is very logical. Quite some people use Mac Mini’s as media centers. They’ll have a TV with HDMI connectors and HDMI cables. So, it lowers the friction for a significant chunk of the audience for a tiny subset that insists on driving three 4k displays through DP. I am not saying that it is not a legitimate use case, but a niche. Apple will probably tell you to buy a Mac Pro or something.

                                                      1. 1

                                                        What is vague about this:

                                                        the 2018 Mac mini that only supports 2x4k displays over TB3 because the third ‘supported’ display must be over HDMI

                                                        I would bet money Apple do not include HDMI on a Mac mini for those few people who still try to run a media centre on one. Apple’s “solution” (in terms of what they support feature wise and expect people would use) is AppleTV.

                                                        They provide HDMI because it’s designed as a “bring your own display” device and a bunch of cheap shit displays have HDMI input rather than DP.

                                                3. 2

                                                  Another reason is that the HDMI connector is bigger than the side of the MacBook Pro. Mini and micro HDMI connectors could fit but hey, even if it’s HDMI you need not-so-common adapters or special cables so USB-C/TB3 is not a bad alternative.

                                              2. 2

                                                The t480s does have 2 USB-C ports for breaking out to more exotic ports but having a nice selection of ports is great.

                                              1. 24

                                                I’m a lisp-1 zealot, so I won’t talk about CL, but I think more people should meditate on the idea that libraries can be complete rather than abandoned.

                                                Unitl recently I’ve been using an HTML ToC library from 2007. It was calling getElementsByTagName() instead of using a 400KB (minified) library that provides a fancy wrapper for it. Worked just as well as it worked in 2007 I guess.

                                                1. 7

                                                  but I think more people should meditate on the idea that libraries can be complete rather than abandoned

                                                  This is nice sentiment but I guess it depends on how often underlying system deprecates wrapped functionalities.

                                                  1. 5

                                                    A lot of Clojure libraries simply do data transformations. You pass a data structure to the API, and you get a different data structure out. These libraries can be done once they implement the desired functionality, and will not need to be updated unless the scope is extend. The community tends to favor making small and focused libraries that solve a particular domain problem, and chain these libraries together within the applications. The libraries that wrap underlying system tend to be simple IO wrappers that are separate from the business logic.

                                                    1. 5

                                                      Yes, I also think we should be careful not to break compatibility without a really good reason.

                                                      1. 3

                                                        For the web and most important systems, that feels like “approximately never”. I would also consider using libraries that you feel comfortable patching/forking yourself.

                                                        1. 2

                                                          Unless you relied on IE6 implementations, of course.

                                                      2. 3

                                                        more people should meditate on the idea that libraries can be complete rather than abandoned.

                                                        I agree. I would propose the problem is we don’t have a good measurement for complexity. If a library has been reduced to solving the essence of the problem, then it should need next to no maintenance. I find most of these types of libraries in the Lisp world.

                                                        On this topic, I have a WIP paper proposing a way to determine whether something has been made “as simple as possible”. My expertise in complexity theory is nil, so if you or anyone else had any thoughts and/or wanted to collaborate, you can see the WIP here: https://github.com/breck7/jtree/blob/master/papers/paper3/countingComplexity.pdf

                                                        1. 2

                                                          Kind of, sort of, not really. A library not being updated for 12 years is a pretty sure sign of it being dead. Well, Open Source never dies, but becomes a zombie. Sure, there are exceptions, but that’s why they’re called exceptions :-)

                                                          Almost anything that touches network stuff rots. Simple example: a library that connects to some online services. Well, if it’s HTTP-only, then in my eyes, it’s dead. If it’s HTTPS that’s better, but it needs to be maintained because cyphers are deprecated and removed by browsers, as a simple example.

                                                          Anything that touches modern OSes rots. OSes change APIs (especially for GUIs), new OSes appear (what are you going to do about that library from 2007 if you need to run the code on Android or iOS? you can port it yourself, but are you paid to do that?).

                                                          Some super-core, super-functional, super-algorithmy stuff doesn’t really rot (all that fast), but how much of the code the average app runs is actually that? If I look at the dependencies of the app I’m working on, most stuff is functionality to integrate with various vendors. All of that rots.

                                                          1. 1

                                                            it needs to be maintained because cyphers are deprecated and removed by browsers, as a simple example. I would be wary of a library that implements its own HTTPS. OpenSSL and friends offer a reasonably stable API. Such a library will more likely stop working because the online service changes its API.

                                                            what are you going to do about that library from 2007 if you need to run the code on Android or iOS It’s a JS library and the basic DOM API it uses hasn’t changed in decades. It will keep working the same in any browser that implements the DOM API correctly. I dropped it because I wanted a JS-free ToC and because my code for that can do things nothing else can, but that lib is still good for what it does.

                                                            How much code does that really depends on the application. I think one problem is that many libs tend to do too much and aren’t modular enough. libpurple is a great example that got it right: you can easily make a new IM client with any parts of it.

                                                        1. 13

                                                          Some of the psychology you cite is very pertinent and interesting but I really disagree with some of your conclusions.

                                                          I think that if you as a candidate freeze up when asked to perform a basic example of what you’d be doing for your job, then that’s an interview skill you should consider building rather than advocating doing away with that class of interview question.

                                                          I know a LOT of talented people who have great trouble with whiteboarding, and I get it. I REALLY do because I used to be in that category.

                                                          But like any other fight / flight response where no actual mortal peril is involved, you can work through the anxiety and learn to process the situation differently, and once you do, it’s incredibly empowering!

                                                          When I’m doing an interview and I can tell that my candidate is freaking out, I typically ask them to talk me through what they think a solution would flow like, without any of the syntax involved.

                                                          And honestly, what job anywhere is free of this kind of pressure?

                                                          [Full Disclosure: I work for a Major Cloud Company and our interview process is highly data driven and also includes some whiteboarding. I think this hiring strategy has been extremely successful, but obviously YMMV and different companies are different.]

                                                          1. 15

                                                            The problem is, its not only about anxiety. It could be, and is, any number of things, like active stressors (disease, divorce etc.), biochemical stuff (low sugar, hormones), meteorology (too hot/cold) etc. I remember, 10y ago that when I had an interview @booking.com, my head hurt so strong that I could hardly speak.

                                                            And honestly, what job anywhere is free of this kind of pressure?

                                                            Almost any job is without that kind of pressure. Its totally artificial.

                                                            When you measure people this way, you have no option but to ask academic stuff. For example, local Microsoft tech interview I was part of were created by assistants of local faculty of Mathematics, and had questions such as what is the probability that frog will survive the road run and other crap like that. I finished the same math university 5 years before and I still couldn’t manage many questions. Not to mention, just finished students nailed it, with 0 practical experience (it was 0). So, this type of interview is biased toward fresh graduates and academy itself has entirely different goals and agenda far removed from usual everyday IT reality (since then I had number of professors working in my team and each time with disappointing results). Or, member the interview of author of brew for Google ?

                                                            I used exclusively lets-speak-about-random-IT-stuff type of interview and I think it worked OK. I also ask for online profiles - Github, Gitlab, etc… there is no substitute for seeing (or not seeing!) code itself. There are few persons that were great in that while sucked on job a lot, but overall, the initial feeling after the conversation was at least 90% on the spot.

                                                            1. 2
                                                              And honestly, what job anywhere is free of this kind of pressure?
                                                              

                                                              Almost any job is without that kind of pressure. Its totally artificial.

                                                              Couldn’t disagree more. I’ve worked in this industry for 30 years, admittedly only 5 or so of those years as an actual ‘software developer’ (mostly release engineer, devops, and before that highly code-centric sysadmin).

                                                              I can’t think of a single job I’ve ever worked that didn’t have “OK. We need you to produce. NOW” moments.

                                                              If you’ve worked jobs that don’t have that kind of pressure, I envy you, but I’m unsure whether or not your experience is one that many others share.

                                                              1. 15

                                                                Certainly many jobs require deploying a patch, developing a new schema, reacting to a fire in the moment on deadline, etc., but I think few require you to be able to converse about it to strangers who can fire you, in those circumstances. ;)

                                                                My work is not complicated. My experience with whiteboard interviewing has been with insignificant companies that do not do hard engineering. When I froze up and couldn’t think of the name for modulo after having just used the operator, the interviewer decided I wasn’t a good fit… I think less technical or complicated jobs use whiteboard just as much as Google, and that’s frustrating.

                                                                1. 11

                                                                  Most of them won’t then stare at you while you do your job on an unfamiliar tool you’re only using so they can decide whether to promote or fire you.

                                                                  Instead, they give you some requirements, you leave, you work alone on them at a computer, maybe talk to team members, maybe status reports (mostly typed), and eventually deliver the results to then.

                                                                  These are the skills the interview process should assess. That’s why a lot of shops do take-home assignments or just not whiteboarding. Now, whiteboarding in non-hostile environment can be great for testing presentation and collaboration skills.

                                                                  1. 4

                                                                    Exactly.

                                                                    When multiple people STARE AT ME while working (even in familiar environment), I can’t work productively.

                                                                    Also, nobody ever comes with the random problem and ask you to solve it yesterday in 1 hour. You always have some context, some continuancy.

                                                                    1. 2

                                                                      I can appreciate where you’re coming from here and I’ve done take home assignments in the past. I stand by my comments around whiteboarding as a valuable interviewing tool. I think if interviewers are getting hung up on details they’re missing the point, and I also think that as a prospective interviewee having the expectation that you won’t be asked to give a sample of your work on the spot doesn’t seem realistic to me.

                                                                      However, if all of you can restrict your job search to companies that never do whiteboarding, good on you!

                                                                      1. 2

                                                                        The problem with whiteboarding is that while it measures something, the something it measures is not the thing you’ll care about if you hire them. Which in turn is why there are books out there that teach whiteboard interview coding as a separate skill from actual programming, and why even prestigious universities now include a unit on interview coding as a separate skill from programming.

                                                                        Which raises the inevitable question: why not actually test for the skills you’ll care about on the job? If you don’t test for the job skills you’ll hire people who don’t have the job skills.

                                                                        1. 3

                                                                          why not actually test for the skills you’ll care about on the job?

                                                                          That is what they’re trying to do. It takes a lot of time to find out if someone can actually do a good job as part of your team, and the only way to really test it is to employ them for a few months (A few months of probation is quite common for this). Given that you can’t afford to make that sort of investment in every candidate that applies, companies use whiteboarding and other forms of technical interview to try and guess whether a candidate might have suitable skills before investing more time in them.

                                                                          1. 0

                                                                            That is what they’re trying to do.

                                                                            Well, no. What they’re trying to do is cargo-cult what they think Google is doing, because they think “Google is big and successful, so if our company does what Google does, our company will be big and successful too”.

                                                                            Of course, Google openly admits their process has a high false-negative rate (it flunks qualified people), but they get enough applicants that they can afford to reject some qualified people. The average company isn’t in that position and can’t afford it.

                                                                            And Peter Norvig has explained that Google found a negative correlation between doing well on competitive programming tasks and performance on the job, which throws a wrench in any argument that on-the-spot coding under pressure measures something useful.

                                                                            Interviewing as typically practiced in tech is fundamentally broken. It measures the wrong things, draws the wrong conclusions from what it does measure, and is more or less random. I think it’s long past time to stop defending that.

                                                                            1. 2

                                                                              I never said that the processes were effective, nor am I defending them. I am merely pointing out that they are ultimately an attempt (however ineffective) to select candidates with relevant skills and reject those without.

                                                                              “Why not actually test for the skills you’ll care about on the job?” is unhelpful in that the intention is blatantly obvious, but offers absolutely no suggestion of how to achieve it.

                                                                              1. 6

                                                                                “Why not actually test for the skills you’ll care about on the job?” is unhelpful in that the intention is blatantly obvious, but offers absolutely no suggestion of how to achieve it.

                                                                                Tthere are a ton of articles and talks floating around on how to do better tech interviews – I’ve even written/presented some of them, based on my own experience helping to rebuild interview processes at various places I’ve worked – and people could quite easily find them if they wanted to.

                                                                                But here goes. Again.

                                                                                As I see it, there are several fundamental problems, and various ways to avoid them.

                                                                                Problem #1 is playing follow-the-leader. People implement processes based on what they think bigger/more successful companies are doing, without considering the tradeoffs involved or indeed whether those processes had anything to do with the size/success of those companies. Google’s admitted high false-negative rate is the quintessential example: they really can afford to throw away qualified applicants, because tomorrow another hundred will have submitted applications. The typical tech company can’t afford this, or can’t afford other unquestioned assumptions baked into large-company interview processes.

                                                                                The solution here is to question the assumptions and expose the tradeoffs. The extremes are “Never hire an unqualified person” and “Never pass on a qualified person”. Google optimizes for the former at basically all costs. Many companies, on the other hand, need to push the needle further toward the latter, which means a more forgiving process that doesn’t flunk people as quickly or for reasons as minor as large companies do. True story: I know one person who flunked Google because they had to write and then read out a bash script over the phone and the interviewer mistranscribed it. I know another person who flunked at Twitter because they provided one of two textbook algorithms for the problem posed, but the interviewer only knew the other and didn’t bother looking more deeply than just “that’s not the answer I know”.

                                                                                Those should be unforgivable interviewer errors at any company, but are especially unforgivable at companies which can’t afford to just throw qualified applicants into the trash can.

                                                                                Problem #2 is poor targeting. A lot of interview processes, especially at BigTech, explicitly or implicitly target fresh graduates, by quizzing on the sorts of things fresh graduates will have top-of-mind. Many of those things are not top-of-mind for working programmers who’ve been in the industry a while, since they’re rarely used in actual day-to-day programming (this includes a lot of algorithm and data-structure questions, since most working programmers don’t implement those from scratch on a routine basis). This biases away from experienced programmers, and creates a self-reinforcing cycle: you hire a bunch of recent grads, and they come in and start interviewing people which pushes even more toward preferring recent grads, so you hire even more of them, and… then one day you look around and wonder why it’s so hard to find experienced people. This is especially bad in the places that do algorithm challenges, because usually they’re posing things that want you to come up with a solution that took top people in the field decades to come up with while not under any particular pressure, and they want it from you in 20 minutes. On a whiteboard. While they watch. The only way to pass these is to “cheat” by already knowing the answers in advance, which you do either by reading a book about interview problems, or by being a recent grad who just passed a bunch of exams on the material.

                                                                                The solution here is to interview based on things that are actually relevant to day-to-day programming. You can, if you want to, find out about someone’s problem-solving skill while using questions and problems that involve things real working programmers actually do.

                                                                                Speaking of which, problem #3: far too many interview problems are contrived and unrealistic.

                                                                                You can do interviews based on real-world practical problems. Two of the best interview processes I’ve ever gone through did exactly this: one had a work-sample test where they gave you a simplified version of an actual problem from the domain they worked in, the other did a collaborative session where you had to debug a piece of code extracted from their real system and find the real problems in it. Putting together an interview based on these kinds of problems doesn’t take a ton of time, and gives you a much more realistic idea of how someone will perform in your company than the million and first shibboleth problem that tries to test for “fundamentals” but really only checks whether someone was taught the test.

                                                                                Problem #4 is measuring things that don’t matter. Whiteboard design can be useful, but whiteboard coding isn’t. Algorithm regurgitation isn’t. Trivia isn’t. Having open-source contributions on GitHub isn’t. Having lots of free time to do competitive “challenges” isn’t. And a lot of “soft” factors like confidence aren’t.

                                                                                Measure the things that matter. Measure how well someone can ask questions about a problem or communicate ideas on how to solve it. Measure how well someone works with others (pair programming can make a great interview session if you do it right). Measure how well someone finds and uses resources to help them work through a problem. Measure how well someone interacts with non-engineer colleagues. We’ve all worked with people who were good and people who weren’t so good; figure out what the good ones had in common and measure for that. It’s almost never going to be things like “they were really good at writing linked-list implementations on a whiteboard”.

                                                                                Here are some concrete ideas for more useful interviews.

                                                                                First, always let the candidate use a real computer with real programming tools and access to references, Google, and Stack Overflow. I make a point of telling people that I’ve written significant chunks of Django’s documentation but I still have that documentation open in tabs when I’m working; it’s outright nonsense to forbid that while also claiming you measure realistic performance.

                                                                                Second, use technical sessions that avoid the problems outlined above. Here are ideas:

                                                                                • Code review. Bring a piece of code (as realistic as possible) and have the candidate work through it with you. Have them demonstrate that they can read and understand it, ask productive questions about it, and offer constructive and useful feedback on it.
                                                                                • Pair programming. Bring something with a known bug, have them debug and fix it with you. Have them demonstrate that they understand how to approach it, search for and identify the problem, and work up a fix.
                                                                                • Give them notes from a real problem, and be prepared to answer questions about it, and have them write a brief post-mortem for it. Have them demonstrate they can take in the information you’re giving them, usefully probe for anything missing, and synthesize it all into an explanation of what happened.
                                                                                • Bring them a rough feature spec and ask them to refine it and break it down into assignable units of work. Have them demonstrate they can ask good questions about it, figure out the needs and the tradeoffs involved, and come up with a sensible plan for how to go after it.

                                                                                Third, use non-technical sessions! And not just a “culture fit” lunch with the team. Have them do a session with a PM or designer or other non-engineer colleagues to see how they interact and watch for signs of whether they’ll have productive working relationships with those folks.

                                                                                Finally, standardize your evaluations. It’s OK if there are different possible combinations of sessions (some people may prefer to do a take-home work sample, others may prefer to pair live and in person, etc.), but it’s not OK if interviewers have different rubrics for grading. Write out, explicitly, the qualities you’re looking for, in specific terms (i.e., not “confidence” or “professionalism” – those are vague weasel words that shouldn’t be allowed anywhere near an interview scorecard). Write out how interviewers are supposed to look for and evaluate those qualities. Set explicit baseline and exceeds-expectations bars for each session. Write scripts for interviewers to practice on and follow when presenting problems. Have interviewers practice running the sessions with current employees, and have some of your acting “candidates” try to pull sessions off-script or fail, to make sure interviewers know how to handle those cases gracefully.

                                                                                And finally, treat candidates like people. Someone you’re interviewing should be seen as a colleague you just haven’t worked with yet. Designing a process to be adversarial and to treat everyone as a con man will yield miserable and unproductive interviews.

                                                                                Now, I got voted “-2, troll” in my previous comment for citing sources that the typical coding interview doesn’t measure things that actually matter and in fact selects for things that correlate negatively to on-the-job performance. But I could cite plenty more. This video, for example, is a former Google employee who at one point recounts the story of a frustrated recruiter who revealed to a hiring committee he served on that they’d all just voted “no hire” on slightly-anonymized versions of their own interview packets and how it exposed the brokenness that was going on there. This article from a company that provides interviewing tools goes into detail on just how unreliable it is to use something that seems like it might be a proxy for real on-the-job skills (key takeaway: scores assigned to candidates by interviewers were all over the place, and inconsistent even for the candidates with the highest mean performances, fully one-third of whom outright bombed at least one interview).

                                                                                Interviewing is broken. It can be fixed. Both of these should be uncontroversial facts, but the fact that multiple people here saw them as “trolling” is indicative of the real problem.

                                                                                1. 2

                                                                                  I regret I have but one upvote to give for your comment.

                                                                                  1. 1

                                                                                    Excellent comment. I particularly like the part that goes from practices focusing on recent grads that becomes self-sustaining. That could be actionable under anti-discrimination laws. I’ll try to remember that.

                                                                                    If -2 was what I think it was, then that might be how intro had a tone that looked aggressive, dismissive, or something else. People here are more sensitive to that than most places both in terms of most of us wanting civility and what a large group deems as inclusive speech. Your comments will get better reception if you present your counterpoints without any rhetoric that comes off as a personal attack or dismissal.

                                                                          2. 0

                                                                            In my CV you can see that I have created number of large services to be used by entire countries, 24/7. This can easily be checked even real time (I have admin access to all of them which I can demonstrate immediately ). You want me to whiteboard ? No!

                                                                            Furthermore, I will make sure all of my senior IT friends and colleagues know how much you suck as a company (in this land, you can count seniors on fingers ATM) so good luck for you finding one.

                                                                            It looks to me that many people do not get it - senior developers are celebrities today.

                                                                            Me? I’ll rather collect peanuts then make somebody else rich(er) on my work without fair compensation, respect and professionalism.

                                                                            1. 6

                                                                              Me? I’ll rather collect peanuts then make somebody else rich(er) on my work without fair compensation, respect and professionalism.

                                                                              Your response made me take a step back and think about what we’ve all been saying here, and I came to a couple of conclusions.

                                                                              1. I am not a software developer per se. I work in the devops space. I do write software, but it’s nothing even remotely on the order of magnitude that the average Crustacean does. I write simple process automation scripts in Python and occasionally Ruby or Bash. This informs both my world view and the kinds of things I would ask people to whiteboard. As in, they are not at all algorithmically hard, things like “Print the duplicates in this list of numbers” and the like.

                                                                              2. Reading all of you express such vehement opposition to the idea certainly has me questioning its wisdom when interviewing software devs, and also wondering if the experiences you’ve all had were at the hand of people who weren’t very mindful of candidate experience in how they were conducting their interviews in general.

                                                                              In any case, it’s all very good food for thought, and I will now shut up on this topic and think on all of this.

                                                                              1. 5

                                                                                Based on my own experience, it is not that uncommon to find someone with “years of programming experience” on their resume, but has trouble solving basic programming tasks. This is because experience comes in a ton of different shapes and sizes. For that reason, before I can be okay with hiring someone in a technical capacity, I really need some kind of evidence that they can write code well. Whether that’s looking at code they wrote previously, giving them a new coding assignment, a white board interview, a presentation or maybe just prior experience working with them, I don’t really care. But there needs to be something. If I just took peoples’ word for it, the results would be pretty bad.

                                                                                I think people in this thread generally underestimate just how many people are out there that claim coding experience but fail to meet some really minimal standards. I’m talking about things like Fizz Buzz. Some kind of evaluation process is necessary in my experience.

                                                                                Personally, I think the person you’re talking too is being way too unreasonable.

                                                                                Everyone gets way too hung up on this shit. There’s a saying that goes something like, “all models are wrong, but some are useful.” It applies just as well to hiring practices. You can’t get it right all of the time, and some of your techniques might indeed yield false negatives. This is basically impossible to measure, but since a false positive is generally perceived as being much more costly than a false negative, you wind up trying to bias toward rejecting folks that might be otherwise qualified in favor of avoiding false positives.

                                                                                The whole thing is super hand wavy. People just seem to get obsessed with the fact that Hiring Practice X is wrong one dimension or another. And they’re probably right. But so what? All hiring practices are wrong in some dimension. And even this differs by experience. For example, a lot of people love to poo-poo whiteboard interviewing because that’s not reflective of what the job is actually like. But that’s not true for me. I use the whiteboard all the time. It’s a pretty useful skill to be able to go up to a whiteboard and communicate your ideas. Obviously, the pressure of evaluation isn’t there when you’re on the job, but I don’t see how to relieve that other than by limiting yourself to hiring people you already know.

                                                                              2. 1

                                                                                In my CV you can see that I have created number of large services to be used by entire countries, 24/7.

                                                                                I want to remind you that this doesn’t matter at all in terms of good, software engineering. There’s both lots of crap tech out there with high usage and countries that demand even crappier tech. High uptake doesn’t mean anything except you worked on something that had high uptake due to you or more likely someone else given how businesses/governments decide what to use. If you doubt this, I hit you with my COBOL argument: why not hire someone how knows what billions of lines of mission-critical code are written in? Must be better than almost everything else if argument by uptake and net worth in critical areas is meaningful.

                                                                                Or that’s just social-economic forces making that happen in a world where we need to consider other things. ;)

                                                                            2. 1

                                                                              I think the whole point of the article here is that there is no one best type of interview. Some candidates have anxiety attacks when mild pressure is applied, and do much better in a lower-pressure situation like a take-home assignment, and don’t mind spending the time on it. Some candidates have families or other obligations and can’t spend (unpaid) hours outside of their normal job writing up a solution to somebody’s take-home assignment, but do just fine solving problems on whiteboards. Probably some others have issues with both of those and need something else again.

                                                                            3. 9

                                                                              I think that’s a very different situation when you’re already comfortable with your environment.

                                                                              1. 9

                                                                                Couldn’t disagree more with you, either. I’ve also been in this industry for 30 years with almost all of them being an actual ‘software developer’ and I can count on one hand the number of times that I’ve had “produce now!” moments. Perhaps I’ve been lucky, but in my experience, these are rare, 1% times, when there’s a demo or something the next day and you’re trying to get something out the door. Given that, why exactly should we measure this? Even given those high pressure situations, you’re not standing alone, at a whiteboard or in front of a panel, with no resources ( google, library, other engineers ), no context ( mystery problem… you don’t get to know until you have 2 hours to solve! ) and no backup plan. Even with all of those caveats, I have NEVER had to cough up a random data structure with no reference material/resources/etc. in less than an hour or two EXCEPT in an interview.

                                                                                1. 1

                                                                                  What I’m hearing is that a lot of people have had really bad experiences with whiteboard interviewing.

                                                                                  If the interviewer is hung up on syntax, they’re IMO doing it wrong.

                                                                                  1. 2

                                                                                    If someone presents a problem for you, do you immediately recall all algorithms you’ve learned and start whiteboarding that? That’s generally what happens in these whiteboarding sessions that I’ve been in. I don’t remember a ton of stuff off-hand and search for it all the time. Should that count against me? If it does, I don’t really want to work at that place anyway.

                                                                                    1. 1

                                                                                      I realized (as I wrote in another reply to someone else) that there’s a disconnect here.

                                                                                      I’m not a software developer. I do devops work which means I write a lot of VERY simple process oriented automation scripts in Python and occasionally Ruby or Bash.

                                                                                      When I do whiteboarding with candidates, the most algorithmically complex I get is “print the duplicates in this list of numbers” but mostly it’s things like “Here’s a json blob that lives on an http server. Write code that grabs the blob and connects to each host in a group given on the command line” type things.

                                                                                      But even so I certainly see where you’re all coming from, and can appreciate the idea that there are definitely better tools out there, especially for cases where you’re not doing hiring at scale.

                                                                                      Which makes me wonder, how might one apply all this anti-whiteboarding sentiment in a large corporate environment? How do you get take home exams, pairing, or whatever to be effective when you need to hire 50 people in a month?

                                                                                      1. 2

                                                                                        I used to work at Capital One and we were always trying to hire people. Each team largely handled its own hiring, though, and we had .. so many teams. Some teams do a whiteboarding session, some do a take home assignment, some do a little pair programming exercise. It really depends on the team and the people.

                                                                                        I’m not anti-whiteboarding for things like what you mentioned, but if someone is asking me to regurgitate a CS algorithm that I haven’t touched in decades, I don’t really get the point.

                                                                                2. 3

                                                                                  Hmm. I’m not up to 30 years experience at this point (closer to 20), but I’ve never had this happen to me. Even when production bugs hit, it’s not a “We need you to produce. NOW” scenario, but an all-of-us circling the wagons type of deal to track it down. Even in startups where I was the only person writing code, it was never like that. That seems really unusual to me. I don’t know what country you’re in, but for context, I’m in the US.

                                                                                  1. 4

                                                                                    OK. We need you to produce. NOW

                                                                                    Oh, you work for those type of guys who think programming is like manufacture so you can measure it by the number of bricks in the wall, LOC, or something. I don’t accept that kind of job. I know better. I witnessed it dozens of times for other companies I consult for and that kind of job is always substandard.

                                                                                    I envy you

                                                                                    Its better idea to fight for your rights (our rights, really).

                                                                                    but I’m unsure whether or not your experience is one that many others share

                                                                                    I am sure its not. I am sure its opposite. But that is where I draw the line. I don’t mind fixing simple things here and there ASAP, but designing entire/parts of app/service without adequate time is no bueno.

                                                                                    1. 4

                                                                                      Oh, you work for those type of guys who think programming is like manufacture so you can measure it by the number of bricks in the wall, LOC, or something. I don’t accept that kind of job. I know better. I witnessed it dozens of times for other companies I consult for and that kind of job is always substandard.

                                                                                      This is kind of a cheap shot and also? It’s not true.

                                                                                      But even if it was, people work for different reasons. I live in a society that doesn’t provide much of a net if you fall, and I have some medical conditions which require some fairly expensive care.

                                                                                      So, yes I work for a company that pays well. I put a LOT of blood, sweat and tears into my job, and I won’t apologize for that.

                                                                                      Might it not be the kind of place you’d want to work? I don’t doubt that, and I’m glad you’ve been able to find work that suits your particular needs and wants, but please consider that not everyone is you before making broad statements about people and workplaces when you have zero information.

                                                                                      1. 4

                                                                                        Besides the broad generalizations, I find myself between both of you. majkinetor strikes a cord when he says one must fight for their rights. I’d add that once one finds ones self (if ever) in a position wherein one can enlighten the company masses than one should do what one can. But, feoh, isn’t incorrect either. Sometimes you just gotta play the game. I have only worked for places that tend to think of programming in terms of lines of code. It’s really why I am always looking for a new place to work. And, yes, I hate interviewing as well, which makes my conundrum annoying.

                                                                                        1. 1

                                                                                          But even if it was, people work for different reasons. I live in a society that doesn’t provide much of a net if you fall, and I have some medical conditions which require some fairly expensive care.

                                                                                          We do generalization here, any kind of behavior may be adequate in specific context.

                                                                                          So, yes I work for a company that pays well. I put a LOT of blood, sweat and tears into my job, and I won’t apologize for that.

                                                                                          Who asked you to do this ? When I speak, I speak about myself and what I think, I am not giving lectures or judgement.

                                                                                          when you have zero information

                                                                                          Not zero, I am in this business more then 30 years (also with medical conditions). Don’t be angry :)

                                                                                          1. 2

                                                                                            Not zero, I am in this business more then 30 years (also with medical conditions). Don’t be angry :)

                                                                                            I can see where I came off as defensive there. I’m not angry, I’m just surprised at the expectations some folks have around the interview process.

                                                                                            If you can find work with those expectations, that’s fantastic.

                                                                                    2. 1

                                                                                      I think you’re combining two different things here - having a candidate write things on a whiteboard in an interview, and interviewing a candidate based on solving highly abstract problems that have little relation to the actual day-to-day work of building software, stuff like writing binary tree manipulation algorithms.

                                                                                      I think the second is a ridiculous thing to judge candidates based on almost all of the time, unless of course you’re doing one of the few jobs that actually involves doing stuff like that.

                                                                                      The first though, is a perfectly good way to determine whether candidates can actually produce code.

                                                                                      1. 0

                                                                                        The first though, is a perfectly good way to determine whether candidates can actually produce code.

                                                                                        Producing code on whiteboard? I had that on university on exams and many “programmers” came out of it without using a computer single time during the entire studies (I know, my sister was one of them, never turned a computer on until she finished computer studies! and got a job). Doesn’t inspire…

                                                                                    3. 4

                                                                                      Mine is kind of like the protagonist’s job in Office Space, but with more SIP trunking.

                                                                                      1. 3

                                                                                        At most places I’ve worked pressure was 99% of the simmering kind. Less than 1% I’ve had that flashpoint pressure but frequently it was artificially created to “increase productivity”. Basically the only time when you have to deliver NOW is during major production incidents.

                                                                                        I’d bet that even at your “Major Cloud Company” the percentage of people involved in solving a major production incident are in the low double digits.

                                                                                        I have frozen during whiteboard interviews and I’m far from a shy person. Day to day I’m more likely to be the kind of person that makes others freeze - and I don’t say that as some sort of self-praise, quite frequently it’s not a good trait.

                                                                                        In my opinion, even with your highly data driven process, if you work for a “Major Cloud Company” you can just ask for a painting competition among your candidates and you’d get the same results. Your company probably pays a very high salary compared to the market so competition would be fierce and people willing to train for 6 months on the intricate details of painting while holding a full-time job at the same time would probably make at least half-decent coders :)

                                                                                        TL;DR: It’s the high salaries and very competitive recruitment pipeline that produce results, not necessarily the actual interviewing details, in my opinion.

                                                                                        1. 1

                                                                                          I share your opinion - note that, in my mind, the “increase productivity” methods actually are very harmful in the long run

                                                                                        2. 1

                                                                                          But like any other fight / flight response where no actual mortal peril is involved, you can work through the anxiety and learn to process the situation differently, and once you do, it’s incredibly empowering!

                                                                                          I’ve been thinking about this point for several days now.

                                                                                          I haven’t been in the habit of thinking about interviewing in terms of a set of skills one can acquire/improve. However, perhaps if I can get myself into this mindset, it will help me to do something other than just walk into a new place and fly by the seat of my pants :)

                                                                                          1. 1

                                                                                            I’ve been thinking about this point for several days now.

                                                                                            I haven’t been in the habit of thinking about interviewing in terms of a set of skills one can acquire/improve. However, perhaps if I can get myself into this mindset, it will help me to do something other than just walk into a new place and fly by the seat of my pants :)

                                                                                            I am sincerely grateful for the fact that at least one person took the advice I was giving in the spirit in which it was meant :)

                                                                                            It most definitely is a skill, and here’s how I know that:

                                                                                            There was a period in my career when I was much better at interviewing than actually doing the work. My work ethic has never been in question, I will work to the point of stupidity at times, but I had made some rather near sighted choices around which skills to build (learning new technologies in a very shallow way VERY quickly) over skills I should have focused on (attaining mastery in a few key tools and subject areas)>.

                                                                                        1. 2

                                                                                          I don’t want to bash† this project because it seems really, really cool. It’s the kind of thing I hope becomes very popular, but I have one pet peeve. I’m not part of the Rust Evangelism Strike Force, but a modern language like this should be written in a modern systems language, in my opinion.

                                                                                          It could be Rust, it could Go, it could be Swift, it could be C#/F#, heck, even Java can be AOT compiled these days :)

                                                                                          I’m guessing that the project is reasonably old for something announced recently (I see commits in the Github interface from 2 years ago and if I’m reading the Github commits graph correctly, the first commits seem to be from 2014), plus the author probably already knew C aaaand C is portable so it helps with Ops adoption.

                                                                                          Anyway, this is a minor point, I hope this gets mass adoption, it’s badly needed. We need a language designed in the 21st century as the default Ops language. Powershell is a bit clunky plus adoption is a bit low so there’s plenty of room in this space.

                                                                                          Good luck!

                                                                                          † Pun intended.

                                                                                          1. 3

                                                                                            I see what you did there with bash :)

                                                                                            Don’t have time to elaborate too much but C was chosen

                                                                                            • as the language that I will be never be stuck with and won’t be able to solve something.
                                                                                            • I can look how the problems I will be seeing are already solved in bash, Ruby, Python (all in C)

                                                                                            I also pushed as much as I can into stdlib which is in NGS, hoping that if I need to change the implementation it will not be harder than it needs to be.

                                                                                            Thanks!

                                                                                            1. 4

                                                                                              I can tell you rust isn’t so hot for interpreters due to the ownership model being at odds with GC, and Go/C# ain’t so hot for low level things because of the runtime with many background threads.

                                                                                              1. 1

                                                                                                the ownership model being at odds with GC

                                                                                                Could you elaborate more on this? As far as I understand there are tons of ways to move the borrow checking to runtime.

                                                                                                1. 1

                                                                                                  Then your interpreter takes a large performance hit, which isn’t the greatest thing. I didn’t say it is impossible, just not as great as people claim.

                                                                                                  1. 1

                                                                                                    Why does writing a GC in Rust mean a larger performance hit than doing it in some other language like C?

                                                                                                    1. 1

                                                                                                      Because you need to use runtime ownership reference counting on every mutable operation with RefCell (I think) .

                                                                                                      1. 1

                                                                                                        You don’t have to. You can just use raw pointers the same way you would in C.

                                                                                                        One could argue that using unsafe operations like that defeats the purpose of using Rust, but I disagree. You can limit these unsafe operations to your gc/allocation code and vet them for safety, while the rest (bulk) can be in safe Rust.

                                                                                                        Having written GCs in both C and Rust I prefer doing it in Rust. You don’t get much better safety but you can get better ergonomics.

                                                                                                        1. 1

                                                                                                          Having written GCs in both C and Rust I prefer doing it in Rust. You don’t get much better safety but you can get better ergonomics.

                                                                                                          How do you use GC’d types from rust safely? The GC owns the value so they are usually always immutable values in rust gc’s.

                                                                                                          1. 1

                                                                                                            Since we’re talking about a scripting language, you would only directly access the GC’d types from Rust in the actual runtime code itself. However you don’t have to expose those values directly to any “user” code. For example, Lua uses a stack for interop instead of giving direct access (and all the mess that entails).

                                                                                                            In Rust, you could give the user code in those cases something like a &Handle<RealType> that counts as a borrow on the stack and thus prevents destructive operations from invalidating the reference.

                                                                                                            This gets a lot hairier if your runtime allows concurrent access, but at the end of the day anything you can do in C you can also do in unsafe Rust.

                                                                                                            If you mean to implement a GC for Rust itself to be used seamlessly with other code, then yeah you run into the issues you’re talking about but that’s not the case here.

                                                                                                            1. 1

                                                                                                              I see what you mean, I guess it may be easier to divide the objects into two areas and not use safe rust to access gc objects ever.

                                                                                                        2. 1

                                                                                                          runtime ownership reference counting on every mutable operation with RefCell

                                                                                                          RefCell does not do reference counting; are you thinking of Rc? Rc is reference counting garbage collection - that’s the whole implementation, just use Rc. No extra cost over a reference counting garbage collector implemented in C. If what you want is a tracing GC, many exist: for instance, this one by withoutboats. https://github.com/withoutboats/shifgrethor

                                                                                                          1. 1

                                                                                                            RefCell does do reference counting, but not like you think… From the docs of RefCell:

                                                                                                            A mutable memory location with dynamically checked borrow rules

                                                                                                            The way they dynamically check borrow rules is by reference counting them…

                                                                                                            As for your tracing GC reference, you could read the full readme of that GC to find more of it’s limitations.

                                                                                                            1. 1

                                                                                                              RefCell does do reference counting, but not like you think… From the docs of RefCell:

                                                                                                              If you want to be pedantic, then sure, a RefCell does “count references”, but it does not implement a reference-counting GC pattern (the memory is freed only in accordance with normal ownership rules, as can be seen by the simple fact that it does not implement Drop (see src)) and therefore isn’t really relevant here.

                                                                                                              If you are unhappy with that GC you could take a look at the lustre GC which is used in a Lua VM at the moment, or at Manishearth’s gc and his blog post on it, or at this WIP gc for use with VMs, or at any of the other interesting GC projects written in Rust.

                                                                                                              Perhaps you are thinking of rcgc, which does use Rc reference counting to implement a garbage collector.

                                                                                                              I guess I’m just not sure what it is you’re trying to show here. Implementing a GC has a cost, but my point is that there is no additional cost from using Rust. Because you are implementing the component of the system that enforces memory safety, this is the appropriate place for unsafe code and therefore you will not have any mandatory performance penalty from using previously implemented abstractions.

                                                                                                              1. 1

                                                                                                                if you want to be pedantic, then sure, a RefCell does “count references”

                                                                                                                but my point is that there is no additional cost from using Rust.

                                                                                                                This is a direct contradiction… Let me put it this way, in rust who owns a GC ref? to use a GC ref in a mutable way you need to use something like RefCell which has a runtime cost. You don’t need that in C. That is all that I am saying…

                                                                                                                1. 1

                                                                                                                  You don’t have to use RefCell, so it doesn’t matter what RefCell costs. If you were to implement a RefCell-like counter for mutable vs immutable references, you couldn’t do much better than RefCell, but if you don’t need that functionality you can just forgo it and use raw pointers, just like in C.

                                                                                                2. 2

                                                                                                  What would be your ideas for modern ops language? Here are mine:

                                                                                                  • Steal the sh pipe syntax (Python, Ruby, TCL, Lua fail here)
                                                                                                  • More data types than string (bash, zsh fail here)

                                                                                                  Powershell would qualify. Is there anything really wrong with it except it looks verbose?

                                                                                                  1. 2

                                                                                                    Powershell would mostly qualify but it needs higher adoption and in my opinion it needs to be a truly Open Source project, preferably a foundation. Microsoft might decide to add stuff that is detrimental to it, overall, just to further business interests.

                                                                                                    It also needs to start popping up in distribution repos. You should be able to just apt install pwsh and yum install pwsh, from the default repos of most Linux distributions.

                                                                                                1. 4

                                                                                                  On one hand, that’s kinda cool. I know vaguely that there’s precedent to running linux in user space, so ain’t exactly news, but it’s a good idea, because emulation would always be a bit behind.

                                                                                                  On the other hand … this feels like way friendlier embrace, but still embrace-ish. Can’t help but wonder what the extinguish phase will look like.

                                                                                                  1. 9

                                                                                                    There is no “extinguish”, at least not in 2018’s world. The world has changed since back when Microsoft was all powerful.

                                                                                                    Just look at the tables in this article: https://www.joelonsoftware.com/2003/08/01/rick-chapman-is-in-search-of-stupidity/

                                                                                                    2001 annual revenue: Microsoft $23bn. Everyone else in the top 10, put together, less than $23bn (!).

                                                                                                    2018 annual revenue: Microsoft $110bn, Apple $265bn, Alphabet (Google) $136bn, Amazon $232bn, IBM $79bn, Alibaba $39bn, Samsung $210bn, Tencent $50bn, Sony $70bn, Nintendo $10bn.

                                                                                                    Those are their competitors, in various domains: OSes, browsers, cloud platforms, development tools, games, etc. Notice how 3 of them are 2x the size of Microsoft. Several of them are smaller but they’re market leaders in their markets. Many of those competitors have a vested interest in Linux being healthy and successful.

                                                                                                    Microsoft could easily bully Adobe around. They can’t bully Apple or Google or Amazon or Samsung.

                                                                                                    The world has changed.

                                                                                                    To make things more interesting, their competitors have learned from Microsoft so Apple or Google are just as big a bullies as Microsoft was, if not more, but they do it with a “gentle touch” (better PR).

                                                                                                    1. 1

                                                                                                      Thanks for the numbers, that’s an interesting point =)

                                                                                                  1. 3

                                                                                                    Isn’t one of the design goals of the Java platform to allow application developers to forget about the platform on which they are deploying their applications ? Docker aims to do this also, by bundling the application libraries along with application code to create a ‘container’ that allows you to forget about the base OS. So by combining docker and Java, you are solving the same problem twice.

                                                                                                    1. 2

                                                                                                      While (somewhat) true, you can have company policies, for example, mandating your tech.

                                                                                                      Maybe the IT department wants everything to run in Docker containers and your app is written in Java. Or you are already using Docker and want to write a Java/JVM based app for various reasons. This basically means that at the end of the day, these two technologies have to work together.

                                                                                                      And in my opinion they don’t overlap completely. Java is/was meant to be platform independent, but it still needs a JDK/JRE for the cases where the JDK/JRE is not bundled. The app might need native dependencies. You might want to sandbox the CPU or disk usage or network usage… There’s a bunch of reasons you might want Docker, too.

                                                                                                      1. 1

                                                                                                        Isn’t one of the design goals of the Java platform to allow application developers to forget about the platform on which they are deploying their applications ?

                                                                                                        “Compiled” Java programs can be run on different platforms, but like any other language you have to pay attention in certain areas if you want to code to actually work across different platforms. (E.g. filesystem semantics). And as the article notes, you need to understand the memory requirements of a particular application in order to successfully deploy it in a production environment or you will have a bad time.

                                                                                                        Docker aims to do this also

                                                                                                        No, Docker aims to containerize services which has a host of benefits, mostly around easy dev environments, CI, CD, and devops. Platform independence could be one, but in practice, Linux is the only platform in serious use, and mostly on the AMD64 architecture.

                                                                                                      1. 4

                                                                                                        The largest feature in this release is the introduction of alternative cargo registries.

                                                                                                        This seems pretty cool. Well, the fact that there’s now some choice as to where to host your code, but the implementation seems difficult.

                                                                                                        I would like a system that lets me throw some code online with minimal effort and allows anybody to use without tying myself to someone else’s infrastructure. The go build system has some oddities, but I really like the way they’ve built go get. 1. I get to use mercurial. 2. The effort required to support go get was basically that of putting a mercurial server online, which I’d already done, plus adding a meta tag to an html file. Literally minutes. It does not appear I will make the same progress in the same time running cargo.

                                                                                                        1. 8

                                                                                                          cargo already supports git dependencies. no one is stopping you from using those nor advising your users to use your code as a git depedency.

                                                                                                          crates.io does not allow crates with git dependencies though, but for a good reason: crates.io wants builds to be repeatable and the only way to guarantee that is if it can guarantee the availability of all dependencies.

                                                                                                          1. 0

                                                                                                            Oh? doc read fail. I wasn’t sure how to do that, but may have just missed it.

                                                                                                            I can understand the point, although this is still lockin. Don’t use our system? You don’t exist.

                                                                                                            1. 9

                                                                                                              Many (edit: well, one or two) of Cargo’s design decisions are a fairly direct reaction to the 2016 left-pad debacle. The decision was made that packages should be immutable by default and, while they can be marked as “don’t use this” (and the build system will warn you if you try), they can’t be un-published or removed by their authors.

                                                                                                              Whether or not this is a good decision is up for debate, that’s just why published packages can’t depend on random git repos. You don’t want to tie yourself to someone else’s infrastructure? crates.io doesn’t want to tie itself to someone else’s infrastructure either.

                                                                                                              1. 7

                                                                                                                Whether or not this is a good decision is up for debate

                                                                                                                I’d say there’s no debate. For professional development, immutable releases in public repositories (heck, any kind of repositories, for that matter) should be mandatory.

                                                                                                                You should only remove releases for legal reasons.

                                                                                                          2. -2

                                                                                                            Why are you always like this.

                                                                                                            1. 4

                                                                                                              Because I’m tired of reading blog posts about leaving centralized services ten years later.

                                                                                                          1. 65

                                                                                                            In the Mastodon universe, technically-minded users are encouraged to run their own node. Sounds good. To install a Mastodon node, I am instructed to install recent versions of

                                                                                                            • Ruby
                                                                                                            • Node.JS
                                                                                                            • Redis
                                                                                                            • PostgreSQL
                                                                                                            • nginx

                                                                                                            This does not seem like a reasonable set of dependencies to me. In particular, using two interpreted languages, two databases, and a separate web server presumably acting as a frontend, all seems like overkill. I look forward to when the Mastodon devs are able to tame this complexity, and reduce the codebase to a something like single (ideally non-interpreted) language and a single database. Or, even better, a single binary that manages its own data on disk, using e.g. embedded SQLite. Until then, I’ll pass.

                                                                                                            1. 22

                                                                                                              Totally agree. I heard Pleroma has less dependencies though it looks like it depends a bit on which OS you’re running.

                                                                                                              1. 11

                                                                                                                Compared to Mastodon, Pleroma is a piece of cake to install; I followed their tutorial and had an instance set up and running in about twenty minutes on a fresh server.

                                                                                                                From memory all I needed install was Nginx, Elixir and Postgres, two of which were already set up and configured for other projects.

                                                                                                                My server is a quad core ARMv7 with 2GB RAM and averages maybe 0.5 load when I hit heavy usage… it does transit a lot of traffic though, since the 1st January my server has pushed out 530GB of traffic.

                                                                                                                1. 2

                                                                                                                  doesnt Elixir require Erlang to run?

                                                                                                                  1. 2

                                                                                                                    It does. Some linux distributions will require adding the Erlang repo before installing elixir but most seem to have it already included: https://elixir-lang.org/install.html#unix-and-unix-like meaning its a simple one line command to install e.g pkg install elixir

                                                                                                                2. 7

                                                                                                                  I’m not a huge social person, but I had only heard of Pleroma without investigating it. After looking a bit more, I don’t really understand why someone would choose Mastodon over Pleroma. They do basically the same thing, but Pleroma takes less resources. Anyone who chose Mastodon over Pleroma have a reason why?

                                                                                                                  1. 6

                                                                                                                    Mastodon has more features right now. That’s about it.

                                                                                                                    1. 4

                                                                                                                      Pleroma didn’t have releases for a looong time. They finally started down that route. They also don’t have official Docker containers and config changes require recompiling (just due to the way they have Elixir and builds setup). It was a pain to write my Docker container for it.

                                                                                                                      Pleroma also lacks moderation tools (you need to add blocked domains to the config), it doesn’t allow remote follow/interactions (if you see a status elsewhere on Mastodon, you can click remote-reply, it will ask your server name, redirect you to your server and then you can reply to someone you don’t follow) and a couple of other features.

                                                                                                                      Misskey is another alternative that looks promising.

                                                                                                                      1. 2

                                                                                                                        it doesn’t allow remote follow/interactions (if you see a status elsewhere on Mastodon, you can click remote-reply, it will ask your server name, redirect you to your server and then you can reply to someone you don’t follow)

                                                                                                                        I think that might just be the Pleroma FA - if I’m using the Mastodon FE, I get the same interaction on my Pleroma instance replying to someone on a different instance as when I’m using octodon.social (unless I’m radically misunderstanding your sentence)

                                                                                                                        1. 1

                                                                                                                          Thanks, this is a really great response. I actually took a quick look at their docs and saw they didn’t have any FreeBSD guide set up, so I stopped looking. I use Vultr’s $2.50 FreeBSD vps and I didn’t feel like fiddling with anything that particular night. I wish they did have an official docker container for it.

                                                                                                                        2. 3

                                                                                                                          Pleroma has a bunch of fiddly issues - it doesn’t do streaming properly (bitlbee-mastodon won’t work), the UI doesn’t have any “compose DM” functionality that I can find, I had huge problems with a long password, etc. But they’re mostly minor annoyances than show stoppers for now.

                                                                                                                        3. 7

                                                                                                                          It doesn’t depend - they’ve just gone further to define what to do for each OS!

                                                                                                                          1. 4

                                                                                                                            I guess it’s mainly the ImageMagick dependency for OpenBSD that got me thinking otherwise.

                                                                                                                            OpenBSD

                                                                                                                            • elixir
                                                                                                                            • gmake
                                                                                                                            • ImageMagick
                                                                                                                            • git
                                                                                                                            • postgresql-server
                                                                                                                            • postgresql-contrib

                                                                                                                            Debian Based Distributions

                                                                                                                            • postgresql
                                                                                                                            • postgresql-contrib
                                                                                                                            • elixir
                                                                                                                            • erlang-dev
                                                                                                                            • erlang-tools
                                                                                                                            • erlang-parsetools
                                                                                                                            • erlang-xmerl
                                                                                                                            • git
                                                                                                                            • build-essential
                                                                                                                            1. 3

                                                                                                                              imagemagick is purely optional. The only hard dependencies are postgresql and elixir (and some reverse proxy like nginx)

                                                                                                                              1. 4

                                                                                                                                imagemagick is strongly recommended though so you can enable the Mogrify filter on uploads and actually strip exif data

                                                                                                                          2. 3

                                                                                                                            Specifically, quoting from their readme:

                                                                                                                            Pleroma is written in Elixir, high-performance and can run on small devices like a Raspberry Pi.

                                                                                                                            As to the DB, they seem to use Postgres.

                                                                                                                            The author of the app posted his list of differences, but I’m not sure if it’s complete and what it really means. I haven’t found a better comparison yet, however.

                                                                                                                          3. 16

                                                                                                                            Unfortunately I have to agree. I self-host 99% of my online services, and sysadmin for a living. I tried mastodon for a few months, but its installation and management process was far more complicated than anything I’m used to. (I run everything on OpenBSD, so the docker image isn’t an option for me.)

                                                                                                                            In addition to getting NodeJS, Ruby, and all the other dependencies installed, I had to write 3 separate rc files to run 3 separate daemons to keep the thing running. Compared to something like Gitea, which just requires running a single Go executable and a Postgres DB, it was a massive amount of toil.

                                                                                                                            The mastodon culture really wasn’t a fit for me either. Even in technical spaces, there was a huge amount of politics/soapboxing. I realized I hadn’t even logged in for a few weeks so I just canned my instance.

                                                                                                                            Over the past year I’ve given up on the whole social network thing and stick to Matrix/IRC/XMPP/email. I’ve been much happier as a result and there’s a plethora of quality native clients (many are text-based). I’m especially happy on Matrix now that I’ve discovered weechat-matrix.

                                                                                                                            I don’t mean to discourage federated projects like Mastodon though - I’m always a fan of anything involving well-known URLs or SRV records!

                                                                                                                            1. 11

                                                                                                                              Fortunately the “fediverse” is glued by a standard protocol (ActivityPub) that is quite simple so if one implementation (e.g. Mastodon) doesn’t suit someone’s needs it’s not a big problem - just searching for a better one and it still interconnects with the rest of the world.

                                                                                                                              (I’ve written a small proof-of-concept ActivityPub clients and servers, it works and federates, see also this).

                                                                                                                              For me the more important problems are not implementation issues with one server but rather design issues within the protocol. For example established standards such as e-mail or XMPP have a way to delegate responsibility of running a server of a particular protocol but still use bare domain for user identifies. In e-mail that is MX records in XMPP it’s DNS SRV records. ActivityPub doesn’t demand anything like it and even though Mastodon tries to provide something that would fix that issue - WebFinger, other implementations are not interested in that (e.g. Pleroma). And then one is left with instances such as “social.company.com”.

                                                                                                                              For example - Pleroma’s developer’s id is lain@pleroma.soykaf.com.

                                                                                                                              1. 16

                                                                                                                                This is a completely reasonable and uncontroversial set of dependencies for a web app. Some of the largest web apps on the Internet run this stack. That is a good thing, because when Fediverse nodes need to scale there are well-understood ways of doing it.

                                                                                                                                Success in social networking is entirely about network effects and that means low barrier to entry is table stakes. Yeah, it’d be cool if someone built the type of node you’re talking about, but it would be a curiosity pursued only by the most technical users. If that were the barrier to entry for the network, there would be no network.

                                                                                                                                1. 39

                                                                                                                                  This is a completely reasonable and uncontroversial set of dependencies for a web app. Some of the largest web apps on the Internet run this stack.

                                                                                                                                  Yes, but not for a web app I’m expected to run on my own time, for fun.

                                                                                                                                  1. 6

                                                                                                                                    I’m not sure that’s the exact expectation, that we all should run our single-user Mastodon instances. I feel like the expectation is that sysadmin with enough knowledge will maintain an instance for many users. This seems to be the norm.

                                                                                                                                    That, or you go to Mastohost and pay someone else for your own single-user instance.

                                                                                                                                    1. 2

                                                                                                                                      You’re not expected to do that is my point.

                                                                                                                                    2. 16

                                                                                                                                      completely reasonable and uncontroversial

                                                                                                                                      Not true. Many people are complaining about the unmanaged proliferation of dependencies and tools. Most projects of this size and complexity don’t need more than one language, bulky javascript frameworks, caching and database services.

                                                                                                                                      This is making difficult to package Mastodon and Pleroma in Debian and Ubuntu and making it more difficult for people to make the service really decentralized.

                                                                                                                                      1. 1

                                                                                                                                        I’m not going to defend the reality of what NPM packaging looks like right now because it sucks but that’s the ecosystem we’re stuck with for the time being until something better comes along. As with social networks, packaging systems are also about network effects.

                                                                                                                                        But you can’t deny that this is the norm today. Well, you can, but you would be wrong.

                                                                                                                                        This is making difficult to package Mastodon and Pleroma in Debian and Ubuntu

                                                                                                                                        I’m sure it is, because dpkg is a wholly unsuitable tool for this use-case. You shouldn’t even try. Anyone who doesn’t know how to set these things up themselves should use the Docker container.

                                                                                                                                        1. 1

                                                                                                                                          I think the most difficult part of the Debian packaging would be the js deps, correct?

                                                                                                                                          1. 3

                                                                                                                                            Yes and no. Unvendorizing dependencies is done mostly for security and requires a lot of work depending on the amount of dependencies. Sometimes js libraries don’t create serious security concerns because they are only run client-side and can be left in vendorized form.

                                                                                                                                            The Ruby libraries can be also difficult to unvendorize because many upstream developers introduce breaking changes often. They care little about backward compatibility, packaging and security.

                                                                                                                                            Yet server-side code is more security-critical and that becomes a problem. And it’s getting even worse with new languages that strongly encourage static linking and vendorization.

                                                                                                                                            1. 1

                                                                                                                                              I can’t believe even Debian adopted the Googlism of “vendor” instead of “bundle”.

                                                                                                                                              That aside, Rust? In Mastodon? I guess the Ruby gems it requires would be the bigger problem?

                                                                                                                                              1. 2

                                                                                                                                                The use of the word is mine: I just heard people using “vendor” often. It’s not “adopted by Debian”.

                                                                                                                                                I don’t understand the second part: maybe you misread Ruby for Rust in my text?

                                                                                                                                                1. 1

                                                                                                                                                  No, I really just don’t know what Rust has to do with Mastodon. There’s Rust in there somewhere? I just didn’t notice.

                                                                                                                                                  1. 2

                                                                                                                                                    AFAICT there is no Rust in the repo (at least at the moment).

                                                                                                                                                    1. 1

                                                                                                                                                      Wow, I’m so dumb, I keep seeing Rust where there is none and misunderstanding you, so sorry!

                                                                                                                                        2. 7

                                                                                                                                          Great. Then have two implementations, one for users with large footprints, and another for casual users with five friends.

                                                                                                                                          It is a reasonable stack if you will devote 1+ servers to the task. Not for something you might want to run on your RPI next to your irc server (a single piece of software in those stacks too)

                                                                                                                                          1. 4

                                                                                                                                            Having more than one implementation is healthy.

                                                                                                                                            1. 2

                                                                                                                                              Of course it is. Which is why it’s a reasonable solution to the large stack required by the current primary implementation.

                                                                                                                                        3. 6

                                                                                                                                          There’s really one database and one cache there. I mean, I guess technically Redis is a database, but it’s almost always used for caching and not as a DB layer like PSQL.

                                                                                                                                          You can always write your own server if you want in whatever language you choose if you feel like Ruby/Node is too much. Or, like that other guy said, you can just use Docker.

                                                                                                                                          1. 4

                                                                                                                                            There’s really one database and one cache there. I mean, I guess technically Redis is a database, but it’s almost always used for caching . . .

                                                                                                                                            A project that can run on a single instance of the application binary absolutely does not need a cache. Nor does it need a pub/sub or messaging system outside of its process space.

                                                                                                                                            1. 2

                                                                                                                                              It’s more likely that Redis is being used for pub/sub messaging and job queuing.

                                                                                                                                            2. 11

                                                                                                                                              This does not seem like a reasonable set of dependencies to me

                                                                                                                                              Huh. I must be just used to this, then. At work I need to use or at least somewhat understand,

                                                                                                                                              • Postgres
                                                                                                                                              • Python 2
                                                                                                                                              • Python 3
                                                                                                                                              • Django
                                                                                                                                              • Ansible
                                                                                                                                              • AWS
                                                                                                                                              • Git (actually, Mercurial, but this is my choice to avoid using git)
                                                                                                                                              • Redis
                                                                                                                                              • Concourse
                                                                                                                                              • Docker
                                                                                                                                              • Emacs (My choice, but I could pick anything else)
                                                                                                                                              • Node
                                                                                                                                              • nginx
                                                                                                                                              • Flask
                                                                                                                                              • cron
                                                                                                                                              • Linux
                                                                                                                                              • RabbitMQ
                                                                                                                                              • Celery
                                                                                                                                              • Vagrant (well, optional, I actually do a little extra work to have everything native and avoid a VM)
                                                                                                                                              • The occasional bit of C code

                                                                                                                                              and so on and so forth.

                                                                                                                                              Do I just work at a terrible place or is this a reasonable amount of things to have to deal with in this business? I honestly don’t know.

                                                                                                                                              To me Mastodon’s requirements seem like a pretty standard Rails application. I’m not even sure why Redis is considered another db – it seems like an in-memory cache with optional disk persistence is a different thing than a persistent-only RDBMS. Nor do I even see much of a problem with two interpreted languages – the alternative would be to have js everywhere, since you can’t have Python or Ruby in a web browser, and js just isn’t a pleasant language for certain tasks.

                                                                                                                                              1. 38

                                                                                                                                                I can work with all that and more if you pay me. For stuff I’m running at home on my own time, fuck no. When I shut my laptop to leave the office, it stays shut until I’m back again in the morning, or I get paged.

                                                                                                                                                1. 2

                                                                                                                                                  So is Mastodon unusual for a Rails program? I wonder if it’s simply unreasonable to ask people to run their own Rails installation. I honestly don’t know.

                                                                                                                                                  Given the amount of Mastodon instances out there, though, it seems that most people manage. How?

                                                                                                                                                  1. 4

                                                                                                                                                    That looks like a bog-standard, very minimal rails stack with a JS frontend. I’m honestly not sure how one could simplify it below that without dropping the JS on the web frontend and any caching, both of which seem like a bad idea.

                                                                                                                                                    1. 7

                                                                                                                                                      There’s no need to require node. The compilation should happen at release time, and the release download tarball should contain all the JS you need.

                                                                                                                                                      1. -3

                                                                                                                                                        lol “download tarball”, you’re old, dude.

                                                                                                                                                        1. 7

                                                                                                                                                          Just you wait another twenty years, and you too will be screaming at the kids to get off your lawn.

                                                                                                                                                      2. 2

                                                                                                                                                        You could remove Rails and use something Node-based for the backend. I’m not claiming that’s a good idea (in fact it’s probably not very reasonable), but it’d remove that dependency?

                                                                                                                                                        1. 1

                                                                                                                                                          it could just have been a go or rust binary or something along those lines, with an embedded db like bolt or sqlite

                                                                                                                                                          edit: though the reason i ignore mastodon is the same as cullum, culture doesn’t seem interesting, at least on mastodon.social

                                                                                                                                                        2. 4

                                                                                                                                                          If security or privacy focused, I’d try a combo like this:

                                                                                                                                                          1. Safe language with minimal runtime that compiles to native code and Javascript. Web framework in that language for dynamic stuff.

                                                                                                                                                          2. Lwan web server for static content.

                                                                                                                                                          3. SQLite for database.

                                                                                                                                                          4. Whatever is needed to combine them.

                                                                                                                                                          Combo will be smaller, faster, more reliable, and more secure.

                                                                                                                                                          1. 2

                                                                                                                                                            I don’t think this is unusual for a Rails app. I just don’t want to set up or manage a Rails app in my free time. Other people may want to, but I don’t.

                                                                                                                                                        3. 7

                                                                                                                                                          I don’t think it’s reasonable to compare professional requirements and personal requirements.

                                                                                                                                                          1. 4

                                                                                                                                                            The thing is, Mastodon is meant to be used on-premise. If you’re building a service you host, knock yourself out! Use 40 programming languages and 40 DBs at the same time. But if you want me to install it, keep it simple :)

                                                                                                                                                            1. 4

                                                                                                                                                              Personally, setting up all that seems like too much work for a home server, but maybe I’m just lazy. I had a similar issue when setting up Matrix and ran into an error message that I just didn’t have the heart to debug, given the amount of moving parts which I had to install.

                                                                                                                                                              1. 3

                                                                                                                                                                If you can use debian, try installing synapse via their repository, it works really nice for me so far: https://matrix.org/packages/debian/

                                                                                                                                                                1. 1

                                                                                                                                                                  Reading other comments about the horror that is Docker, it is a wonder that you dare propose to install an entire OS only to run a Matrix server. ;)

                                                                                                                                                                  1. 3

                                                                                                                                                                    i’m not completely sure which parts of you comment are sarcasm :)

                                                                                                                                                              2. 0

                                                                                                                                                                Your list there has lots of tools with overlapping functionality, seems like pointless redundancy. Just pick flask OR django. Just pick python3 or node, just pick docker or vagrant, make a choice, remove useless and redundant things.

                                                                                                                                                                1. 3

                                                                                                                                                                  We have some Django applications and we have some Flask applications. They have different lineages. One we forked and one we made ourselves.

                                                                                                                                                              3. 6

                                                                                                                                                                Alternatively you install it using the Docker as described here.

                                                                                                                                                                1. 32

                                                                                                                                                                  I think it’s kinda sad that the solution to “control your own toots” is “give up control of your computer and install this giant blob of software”.

                                                                                                                                                                  1. 9

                                                                                                                                                                    Piling another forty years of hexadecimal Unix sludge on top of forty years of slightly different hexadecimal Unix sludge to improve our ability to ship software artifacts … it’s an aesthetic nightmare. But I don’t fully understand what our alternatives are.

                                                                                                                                                                    I’ve never been happier to be out of the business of having to think about this in anything but the most cursory detail.

                                                                                                                                                                    1. 11

                                                                                                                                                                      I mean how is that different from running any binary at the end of the day. Unless you’re compiling everything from scratch on the machine starting from the kernel. Running Mastodon from Docker is really no different. And it’s not like anybody is stopping you from either making your own Dockerfile, or just setting up directly on your machine by hand. The original complaint was that it’s too much work, and if that’s a case you have a simple packaged solution. If you don’t like it then roll up the sleeves and do it by hand. I really don’t see the problem here I’m afraid.

                                                                                                                                                                      1. 11

                                                                                                                                                                        “It’s too much work” is a problem.

                                                                                                                                                                        1. 5

                                                                                                                                                                          Unless you’re compiling everything from scratch on the machine starting from the kernel

                                                                                                                                                                          I use NixOS. I have a set of keys that I set as trusted for signature verification of binaries. The binaries are a cache of the build derivation, so I could theoretically build the software from scratch, if I wanted to, or to verify that the binaries are the same as the cached versions.

                                                                                                                                                                          1. 2

                                                                                                                                                                            Right, but if you feel strongly about that then you can make your own Dockerfile from source. The discussion is regarding whether there’s a simple way to get an instance up and running, and there is.

                                                                                                                                                                            1. 3

                                                                                                                                                                              Docker containers raise a lot of questions though, even if you use a Dockerfile:

                                                                                                                                                                              • What am I running?
                                                                                                                                                                              • Which versions am I running?
                                                                                                                                                                              • Do the versions have security vulnerabilities?
                                                                                                                                                                              • Will I be able to build the exact same version in 24 months?

                                                                                                                                                                              Nix answers these pretty will and fairly accurately.

                                                                                                                                                                          2. 2

                                                                                                                                                                            Unless you’re compiling everything from scratch on the machine starting from the kernel.

                                                                                                                                                                            You mean starting with writing a bootstrapping compiler in assembly, then writing your own full featured compiler and compiling it in the bootstrapping compiler. Then moving on to compiling the kernel.

                                                                                                                                                                            1. 1

                                                                                                                                                                              No no, your assembler could be compromised ;)

                                                                                                                                                                              Better write raw machine code directly onto the disk. Using, perhaps, a magnetized needle and a steady hand, or maybe a butterfly.

                                                                                                                                                                              1. 2

                                                                                                                                                                                My bootstrapping concept was having the device boot a program from ROM that takes in the user-supplied, initial program via I/O into RAM. Then passes execution to it. You enter the binary through one of those Morse code things with four buttons: 0, 1, backspace, and enter. Begins executing on enter.

                                                                                                                                                                                Gotta input the keyboard driver next in binary to use a keyboard. Then the display driver blind using the keyboard. Then storage driver to save things. Then, the OS and other components. ;)

                                                                                                                                                                              2. 1

                                                                                                                                                                                If I deploy three Go apps on top of a bare OS (picked Go since it has static binaries), and the Nginx server in front of all 3 of them uses OpenSSL, then I have one OpenSSL to patch whenever the inevitable CVE rolls around. If I deploy three Docker container apps on top of a bare OS, now I have four OpenSSLs to patch - three in the containers and one in my base OS. This complexity balloons very quickly which is terrible for user control. Hell, I have so little control over my one operating system that I had to carefully write a custom tool just to make sure I didn’t miss logfile lines in batch summaries created by cron. How am I supposed to manage four? And three with radically different tooling and methodology to boot.

                                                                                                                                                                                And Docker upstream, AFAIK, has provided nothing to help with the security problem which is probably why known security vulnerabilities in Docker images are rampant. If they have I would like to know because if it’s decent I would switch to it immediately. See this blog post for more about this problem (especially including links) and how we “solved” it in pump.io (spoiler: it’s a giant hack).

                                                                                                                                                                                1. 3

                                                                                                                                                                                  That’s not how any of this works. You package the bare minimum needed to run the app in the Docker container, then you front all your containers with a single Nginx server that handles SSL. Meanwhile, there are plenty of great tools, like Dokku for managing Docker based infrastructure. Here’s how you provision a server using Let’s Encrypt with Dokku:

                                                                                                                                                                                  sudo dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git
                                                                                                                                                                                  okku letsencrypt:auto-renew
                                                                                                                                                                                  

                                                                                                                                                                                  viewing logs isn’t rocker science either:

                                                                                                                                                                                  dokku logs myapp
                                                                                                                                                                                  
                                                                                                                                                                                  1. 1

                                                                                                                                                                                    OK, so OpenSSL was a bad example. Fair enough. But I think my point still stands - you’ll tend to have at least some duplicate libraries across Docker containers. There’s tooling around managing security vulnerabilities in language-level dependencies; see for example Snyk. But Docker imports the entire native package manager into the “static binary” and I don’t know of any tooling that can track problems in Docker images like that. I guess I could use Clair through Quay but… I don’t know. This doesn’t feel like as nice of a solution or as polished somehow. As an image maintainer I’ve added a big manual burden keeping up with native security updates in addition to those my application actually directly needs, when normally I could rely on admins to do that, probably with lots of automation.

                                                                                                                                                                                    1. 3

                                                                                                                                                                                      you’ll tend to have at least some duplicate libraries across Docker containers

                                                                                                                                                                                      That is literally the entire point. Application dependencies must be separate from one another, because even on a tight-knit team keeping n applications in perfect lockstep is impossible.

                                                                                                                                                                                      1. 1

                                                                                                                                                                                        OS dependencies are different than application dependencies. I can apply a libc patch on my Debian server with no worry because I know Debian works hard to create a stable base server environment. That’s different than application dependencies, where two applications are much more likely to require conflicting versions of libraries.

                                                                                                                                                                                        Now, I run most of my stuff on a single server so I’m very used to a heterogeneous environment. Maybe that’s biasing me against Docker. But isn’t that the usecase we’re discussing here anyway? How someone with just a hobbyist server can run Mastodon?

                                                                                                                                                                                        Thinking about this more I feel like a big part of what bothers me about Docker, and therefore about Clair, is that there’s no package manifest. Dockerfile does not count, because that’s not actually a package manifest, it’s just a list of commands. I can’t e.g. build a lockfile format on top of that, which is what tools like Snyk analyze. Clair is the equivalent of having to run npm install and then go trawling through node_modules looking for known vulnerable code instead of just looking at the lockfile. More broadly, because Docker lacks any notion of a package manifest, it seems to me that while Docker images are immutable once built, the build process that leads you there cannot be made deterministic. This is what makes it hard to keep track of the stuff inside them. I will have to think about this more - as I write this comment I’m wondering if my complaints about duplicated libraries and tracking security there is an instance of the XY problem or if they really are separate things in my mind.

                                                                                                                                                                                        Maybe I am looking for something like Nix or Guix inside a Docker container. Guix at least can export Docker containers; I suppose I should look into that.

                                                                                                                                                                                        1. 2

                                                                                                                                                                                          OS dependencies are different than application dependencies.

                                                                                                                                                                                          Yes, agreed.

                                                                                                                                                                                          Thinking about this more I feel like a big part of what bothers me about Docker, and therefore about Clair, is that there’s no package manifest. Dockerfile does not count, because that’s not actually a package manifest, it’s just a list of commands. I can’t e.g. build a lockfile format on top of that, which is what tools like Snyk analyze.

                                                                                                                                                                                          You don’t need a container to tell you these things. Application dependencies can be checked for exploits straight from the code repo, i.e. brakeman. Both the Gemfile.lock and yarn.lock are available from the root of the repo.

                                                                                                                                                                                          The container artifacts are most like built automatically for every merge to master, and that entails doing a full system update from the apt repository. So in reality, while not as deterministic as the lockfiles, the system deps in a container are likely to be significantly fresher than a regular server environment.

                                                                                                                                                                                      2. 1

                                                                                                                                                                                        You’d want to track security vulnerabilities outside your images though. You’d do it at dev time, and update your Dockerfile with updated dependencies when you publish the application. Think of Docker as just a packaging mechanism. It’s same as making an uberjar on the JVM. You package all your code into a container, and run the container. When you want to make updates, you blow the old one away and run a new one.

                                                                                                                                                                                2. 4

                                                                                                                                                                                  I have only rarely used Docker, and am certainly no booster, so keep that in mind as I ask this.

                                                                                                                                                                                  From the perspective of “install this giant blob of software”, do you see a docker deployment being that different from a single large binary? Particularly the notion of the control that you “give up”, how does that differ between Docker and $ALTERNATIVE?

                                                                                                                                                                                  1. 14

                                                                                                                                                                                    Ideally one would choose door number three, something not so large and inauditable. The complaint is not literally about Docker, but the circumstances which have resulted in docker being the most viable deployment option.

                                                                                                                                                                                  2. 2

                                                                                                                                                                                    You have the dockerfile and can reconstruct. You haven’t given up control.

                                                                                                                                                                                    1. 5

                                                                                                                                                                                      Is there a youtube video I can watch of somebody building a mastodon docker image from scratch?

                                                                                                                                                                                      1. 1

                                                                                                                                                                                        I do not know of one.

                                                                                                                                                                                3. 3

                                                                                                                                                                                  I totally agree as well, and I wish authors would s/Mastodon/Fediverse/ in their articles. As others have noted, Pieroma is another good choice and others are getting into the game - NextCloud added fediverse node support in their most recent release as a for-instance.

                                                                                                                                                                                  I tried running my own instance for several months, and it eventually blew up. In addition to the large set of dependencies, the system is overall quite complex. I had several devs from the project look at my instance, and the only thing they could say is it was a “back-end problem” (My instance had stopped getting new posts).

                                                                                                                                                                                  I gave up and am now using somebody else’s :) I love the fediverse though, it’s a fascinating place.

                                                                                                                                                                                  1. 4

                                                                                                                                                                                    I just use the official Docker containers. The tootsuite/mastodon container can be used to launch web, streaming, sidekiq and even database migrations. Then you just need an nginx container, a redis container, a postgres container and an optional elastic search container. I run it all on a 2GB/1vCPU Vultr node (with the NJ data center block store because you will need a lot of space) and it works fairly well (I only have ~10 users; small private server).

                                                                                                                                                                                    In the past I would agree with out (and it’s the reason I didn’t try out Diaspora years ago when it came out), but containers have made it easier. I do realize they both solve and cause problems and by no means think they’re the end all of tech, but they do make running stuff like this a lot easier.

                                                                                                                                                                                    If anyone wants to find me, I’m @djsumdog@hitchhiker.social

                                                                                                                                                                                    1. 2

                                                                                                                                                                                      Given that there’s a space for your Twitter handle, i wish Lobste.rs had a Mastodon slot as well :)

                                                                                                                                                                                    2. 2

                                                                                                                                                                                      Wait, you’re also forgetting systemd to keep all those process humming… :)

                                                                                                                                                                                      You’re right that this is clearly too much: I have run such systems for work (Rails’ pretty common), but would probably not do that for fun. I am amazed, and thankful, for the people who volunteer the effort to run all this on their week-ends.

                                                                                                                                                                                      Pleroma does look simpler… If I really wanted to run my own instance, I’d look in that direction. ¯_(ツ)_/¯

                                                                                                                                                                                      1. 0

                                                                                                                                                                                        I’m waiting for urbit.org to reach useability. Which I expect for my arbitrary feeling of useability to come about late this year. Then the issue is coming up to speed on a new language and integrated network, OS, build system.

                                                                                                                                                                                        1. 2

                                                                                                                                                                                          Urbit is apparently creating a feudal society. (Should note that I haven’t really dug into that thread for several years and am mostly taking @pushcx at his word.)

                                                                                                                                                                                          1. 1

                                                                                                                                                                                            The feudal society meme is just not true, and, BTW, Yarvin is no longer associated with Urbit. https://urbit.org/primer/

                                                                                                                                                                                        2. 1

                                                                                                                                                                                          I would love to have(make) a solution that could be used locally with sqlite and in aws with lambda, api gateway and dynamodb. That would allow scaling cost and privacy/controll.

                                                                                                                                                                                          1. 3

                                                                                                                                                                                            https://github.com/deoxxa/don is sort of in that direction (single binary, single file sqlite database).

                                                                                                                                                                                        1. 55

                                                                                                                                                                                          Any tool proponent that flips the problem of tools into a problem about discipline or bad programmers is making a bad argument. Lack of discipline is a non-argument. Tools must always be subordinate to human intentions and capabilities.

                                                                                                                                                                                          We need to move beyond the culture of genius and disciplined programmers.

                                                                                                                                                                                          1. 20

                                                                                                                                                                                            Indeed; this practice strikes me as being uncomfortably close to victim-blaming.

                                                                                                                                                                                            1. 15

                                                                                                                                                                                              That’s a good analogy. People like to think they’re good programmers and don’t write buggy code so when faced with the evidence to the contrary in others they defensively blame the other programmer because otherwise they’d need to admit the same thing would happen to them.

                                                                                                                                                                                              I think these broken arguments persist because their psychology and internal logic forces admitting our own faults which most people find displeasurable so defensive thinking kicks in to avoid it.

                                                                                                                                                                                              1. -5

                                                                                                                                                                                                Victim blaming is not a problem. It takes two people to make a person a victim: a bad actor and the actor without adequate protection.

                                                                                                                                                                                                1. 4

                                                                                                                                                                                                  This is a pretty gross saying, even if it’s nice-sounding and pithy.

                                                                                                                                                                                                  1. 0

                                                                                                                                                                                                    Not really. Every victim chose at some point to be a victim. That is not to say the other party can be absolved of blame. Far from it, the other party is the guilty one.

                                                                                                                                                                                                    Take software. If nobody chooses hard languages, unsafe languages, nobody will be victimized. Choosing those languages and then blaming the language leaves you responsible for your choices, even while the tool chain is at fault

                                                                                                                                                                                                    1. 2

                                                                                                                                                                                                      This is absolutely ridiculous. If I walk down the street and I’m mugged, how did “I choose to become a victim”? There’s many, many cases where someone becomes a victim randomly.

                                                                                                                                                                                                      Your logic applies only if we have some sort of perfect foresight. That’s impossible.

                                                                                                                                                                                                      1. -1

                                                                                                                                                                                                        When the mugging starts, do you give up? Do you look for an exit? Or do you just hand over your dignity without a further thought? Did you not notice the people before they started mugging you?

                                                                                                                                                                                                        1. 1

                                                                                                                                                                                                          People who downvoted as troll, look at Active Self Protection on YouTube for examples of places people choose to be or choose to not be victims

                                                                                                                                                                                                      2. 1

                                                                                                                                                                                                        Person’s walking down the street. Hell, let’s make them heavily armed, far more “adequately protected” than most people would think is reasonable. A sniper from outside visible range shoots them in the back of the head. They chose to be a victim? Come on.

                                                                                                                                                                                                        1. 0

                                                                                                                                                                                                          An exception to prove the rule. Most victimizing isn’t as mismatched, nor as final, as the proposed scenario.

                                                                                                                                                                                                    2. 2

                                                                                                                                                                                                      People who downvoted because Troll.

                                                                                                                                                                                                      Come on. This position is in good faith, and I only bring it because yes, saying a person is at fault for choosing their tools is indeed victim blaming. And victim blaming is not a problem.

                                                                                                                                                                                                  2. 20

                                                                                                                                                                                                    We’re at a point where we already were in the 60’s with cars and in the 90’s with planes. Everything was “driver error”, “pilot error”. In that case, since the results were actual fatalities, at a certain point there was this group of people that basically said: “that’s always going to happen, we’re always going to have human error, get over yourselves - how do we prevent people dying regardless”?

                                                                                                                                                                                                    And that’s how we got seat belts, airbags, telescopic steering wheels, etc. for cars and detailed checklists, redundant systems, etc. for airplanes. I think 2017 was the first year with 0 fatalities for air travel. So it can be done.

                                                                                                                                                                                                    It’s a very difficult mindset issue.

                                                                                                                                                                                                    1. 11

                                                                                                                                                                                                      Tool authors should not blame the programmer, but programmers should not blame their tools. Discipline and responsibility are needed from both.

                                                                                                                                                                                                      1. 8

                                                                                                                                                                                                        If you’re writing a lot of code in a memory-unsafe language, and find yourself occasionally writing memory- or concurrency-related bugs, and you know there are languages out there which make such bugs impossible or hard to write with no loss in performance or productivity, is it not okay to blame the tool? When should a carpenter stop blaming themselves for using the hammer incorrectly, and just accept that they need a new hammer whose head doesn’t occasionally fly off the handle?

                                                                                                                                                                                                        1. 3

                                                                                                                                                                                                          Discipline and responsibility means using the most appropriate tools for the job, being aware of the limitations of those tools, and doing what is necessary to compensate for those limitations.

                                                                                                                                                                                                          1. 3

                                                                                                                                                                                                            I agree with that, I work as a C++ programmer specifically because it’s the right tool for the particular job I’m doing. However, we use a safer language (Go in our case, because that’s what we know) for stuff where C++ isn’t completely necessary. If performance and no GC was a higher concern, or if we were on weaker hardware, Rust instead of Go would’ve been very interesting for all the parts where we don’t have to interact with a huge C++ library (in our case WebRTC).

                                                                                                                                                                                                          2. 2

                                                                                                                                                                                                            When a carpenter loses a hand they don’t blame the bandsaw. That I see so many programmers blame dangerous tools for being dangerous means were not even reached the level of a craft yet. Let alone an engineering discipline.

                                                                                                                                                                                                            1. 18

                                                                                                                                                                                                              I appreciate the analogy, but it doesn’t really apply. First of all, there is no tool that can replace a bandsaw for what a bandsaw does well. However, any worker who uses a bandsaw recognizes that it’s a fundamentally dangerous machine, and they take safety precautions when using it. If the analogy really applied, it would be considered unthinkable to write C code without a full suite of static analyzers, valgrind test suites, rigorous (MISRA C-level) coding standards, etc. Second, and more importantly, the saying applies to the quality of tool, but sometimes the tool is simply too dangerous to use: good carpenters will refuse to use a tablesaw without an anti-kickback guard or other safety features. Finally, when there was another tool that would do they job just as well, they’d use it.

                                                                                                                                                                                                              1. 9

                                                                                                                                                                                                                https://schneems.com/2016/08/16/sharp-tools.html

                                                                                                                                                                                                                this is not how tools work, either in programming, or in carpentry

                                                                                                                                                                                                                1. 3

                                                                                                                                                                                                                  This is a fantastic essay and you should submit it as a story.

                                                                                                                                                                                                                2. 8

                                                                                                                                                                                                                  When a commercial carpentry shop has a carpenter lose a hand to a bandsaw, they are more or less forced to stop and try to make the bandsaw safer. This might be done by adding safety features to the tool, or by redesigning the process to use it less/differently, or by ensuring that the workers are trained in how to use it correctly without risk and are wearing proper safety equipment.

                                                                                                                                                                                                                  It’s not the carpenter’s fault, and it’s not the bandsaw’s fault, it’s the fault of the system that brings them together in a risky manner.

                                                                                                                                                                                                                  1. 4

                                                                                                                                                                                                                    The company should not blame the employee or the bandsaw, and the employee should not blame the company’s training or procedures or the bandsaw. Discipline and responsibility are needed from both. That includes the discipline and responsibility needed to make the bandsaw, training, and procedures as safe as is possible, and to only certify employees who are capable of operating the device safely, and the employee’s discipline and responsibility to follow the training and procedures properly and to not defeat the safety measures.

                                                                                                                                                                                                                    Assigning blame is useless. The focus should be on identifying all root and proximal causes, and eliminating each one, with priority chosen based on the heirarchy of values.

                                                                                                                                                                                                          1. 3

                                                                                                                                                                                                            @andyc How crazy am I for thinking of using OSH on Cygwin? Would it be too early to try to do that? I could lend a hand to set up AppVeyor or some other CI system on Windows, probably with Cygwin, maybe also package OSH for Cygwin.

                                                                                                                                                                                                            1. 1

                                                                                                                                                                                                              Hm I guess it depends on how difficult a Cygwin port is? Does Cygwin use the same Makefile and build scripts?

                                                                                                                                                                                                              I think it would be cool to do, but I wouldn’t expect it to be a great experience right now. You’ll probably notice the slowness. That’s my top priority right now. The build will still be ./configure; make; install after that, but the underlying source will look totally different.

                                                                                                                                                                                                              Right now there is a big chunk of CPython, which is why you will see some build warnings. I hope to get rid of that, and I’m not sure how that will affect a Cygwin port. That is, if you have to throw it out when I make things faster, it’s probably not worth it.

                                                                                                                                                                                                              Someone did try it on the Windows Linux emulation and it apparently worked fine. But as I understand it, that’s much easier than Cygwin.

                                                                                                                                                                                                              https://github.com/oilshell/oil/wiki/Oil-Deployments

                                                                                                                                                                                                              But if you want to chat more about it feel free to bring it up on oilshell.zulipchat.com. Thanks!

                                                                                                                                                                                                              1. 2

                                                                                                                                                                                                                Cygwin should normally use the same Makefiles and everything. I’m not sure about the precise dynamics but I expect cygwin.dll to be involved somehow, providing the Unix syscalls behind the scenes. It’s more about paths and such regarding building and running OSH.

                                                                                                                                                                                                                I’ve joined Zulip and posted in oil-discuss, not sure it’s the right place, I haven’t used Zulip before :)

                                                                                                                                                                                                            1. 26

                                                                                                                                                                                                              I’m pretty surprised by the amount of hate for Go in the comments here. I definitely agree with the author. For me the simplicity of Go has been an absolute breath of fresh air. It really feels like a better C.

                                                                                                                                                                                                              C doesn’t have generics and yet you don’t hear people complain about that. Right now if you want a statically typed, garbage collected language, your only real options are Java (JVM languages) or Go. The cross platform support for C# is still pretty poor, and many of the smaller languages just don’t have the library support.

                                                                                                                                                                                                              I just don’t see the lack of generics as an issue right now, but I hope that the new generics proposals for Go2 get it right.

                                                                                                                                                                                                              1. 28

                                                                                                                                                                                                                Generics weren’t really a thing until 1973 with ML. C was released in 1972, so it gets some slack. Generics were pretty well understood for decades before Go came out which is why people go off about it.

                                                                                                                                                                                                                1. 13

                                                                                                                                                                                                                  The problem is that many people aren’t advocating Go as a better C, but as better, period. And many other people are denouncing Go as a bad language, period. The result is polarization which shows up as ‘hate’ (I would prefer to call it ‘unmoderated negativity’, because I don’t know (and cannot really imagine) if people actually feel hate).

                                                                                                                                                                                                                  It would be much nicer if everyone applied the principles of humanity and charity

                                                                                                                                                                                                                  1. 6

                                                                                                                                                                                                                    C has the preprocessor, which lets you build things like generic redblack trees. Of course, in go, you have go generate. So I think it comes out about even, but because the two features aren’t identical people don’t really consider them.

                                                                                                                                                                                                                    For that matter, c++ templates frequently boil down to tons of duplicated code generation, which then the linker has to sift through. Go’s solution requires a touch more work, but eliminates a lot of eventual waste.

                                                                                                                                                                                                                    1. 5

                                                                                                                                                                                                                      C Preprocessir and go generate might be about equal in what they can do, but there’s no question that C Preprocessir has a lower barrier to entry for the basic things.

                                                                                                                                                                                                                      1. 2

                                                                                                                                                                                                                        Preprocessor a separate language and tool from C, though. It’s not like having the feature built into the language with the compiler being able to understand the context as it applies the feature.

                                                                                                                                                                                                                      2. 5

                                                                                                                                                                                                                        I’m not sure that I agree about the C# bit. Why do you say that the cross platform support is poor?

                                                                                                                                                                                                                        1. 10

                                                                                                                                                                                                                          Seriously, it feels bizarre using Mono for about a decade, yet people act like .NET only appeared outside of Windows when .NET Core was busy being born a few years ago.

                                                                                                                                                                                                                        2. 7

                                                                                                                                                                                                                          It really feels like a better C.

                                                                                                                                                                                                                          So… if you ignore the past 30 years of academic research, it’s a good language? How exactly is that impressive?

                                                                                                                                                                                                                          C doesn’t have generics and yet you don’t hear people complain about that.

                                                                                                                                                                                                                          I’ve never used generics, and I’ve never missed ’em.

                                                                                                                                                                                                                          1. 4

                                                                                                                                                                                                                            I more or less begrudgingly agree. Every now and then I find myself wishing for generics or operator overloading in Go (not as often as I would have guessed)… then I remember how refreshing it is to be able to read some unfamiliar Go code and know that I don’t have to wonder what an innocuous looking “+” might be doing.

                                                                                                                                                                                                                            1. 9

                                                                                                                                                                                                                              You can have generics without operator overloading, though. See also: Java 5.

                                                                                                                                                                                                                            2. 0
                                                                                                                                                                                                                              1. 12

                                                                                                                                                                                                                                Not in the sense that anyone cares about. It doesn’t allow for user-defined generic code – the library author has to write the specialized implementations ahead of time, and exhaustively enumerate what types their macro is generic over. This feature exists almost exclusively for the benefit of tgmath.h.

                                                                                                                                                                                                                                C would have been better off without this poorly thought out solution.

                                                                                                                                                                                                                            1. 26

                                                                                                                                                                                                                              The comparison seems a bit forced. C++ is an extreme case of a language with generics. There are languages with generics that are quite compact.

                                                                                                                                                                                                                              1. 10

                                                                                                                                                                                                                                Eiffel comes to mind.

                                                                                                                                                                                                                                1. 7

                                                                                                                                                                                                                                  Comparing generics in other languages to templates in C++ is comparing apples to ham burgers. I wouldn’t call templates “generics”. C++ templates are much more powerful. How powerful are C++ templates? Well, they are Turing complete…

                                                                                                                                                                                                                                  1. 2

                                                                                                                                                                                                                                    C++ templates turned into sth. noone has ever really planned. Many features Templates have are totally incidental.

                                                                                                                                                                                                                                    Templates have some very interesting interactions with other language features. Used in a creative way you can make pure compile-time functions return different values each time:

                                                                                                                                                                                                                                    int main () {
                                                                                                                                                                                                                                      int constexpr a = f ();
                                                                                                                                                                                                                                      int constexpr b = f ();
                                                                                                                                                                                                                                    
                                                                                                                                                                                                                                      static_assert (a != b, "try again");
                                                                                                                                                                                                                                    }
                                                                                                                                                                                                                                    

                                                                                                                                                                                                                                    http://b.atch.se/posts/constexpr-counter/

                                                                                                                                                                                                                                    1. 1

                                                                                                                                                                                                                                      now THAT’S some black magic right there.

                                                                                                                                                                                                                                1. 3

                                                                                                                                                                                                                                  Another oddity: where have all the doodleheads gone?

                                                                                                                                                                                                                                  …What is a doodlehead?

                                                                                                                                                                                                                                  If the author is just referring to emoji, then no, I do not wish for emoji to litter the GitHub UI.

                                                                                                                                                                                                                                  Infantilism is pernicious enough in our industry already.

                                                                                                                                                                                                                                  1. 6

                                                                                                                                                                                                                                    He’s joking about that row of committer avatars. Its utility from a code reader perspective is debatable, but Github wants to be more than a source code repository, it wants to be a coding social network.

                                                                                                                                                                                                                                    From that perspective, the doodleheads make sense, they incentivize people. People are extremely vain, I’ve managed Internet forums and you wouldn’t believe what can motivate people. Sometimes it’s something as ridiculous as a bunch of stars or a numeric rating or a photo displayed prominently on the code repository page of a project they like.