All aboard the follow train - https://mastodon.social/@mulander

Something that I think would fit the federated model well, if @jcs wanted to do it (or let someone else do it with the domain), is if there were a lobste.rs server. In addition to being able to follow individual people who use any federated server, the client also supports viewing a global firehose (all federated servers) or a local firehose (just this server). The latter, on smallish servers, can provide a kind of IRC-like community, while also interoperating with the broader Twitter-like usage.

I think people are still working out what the social configuration of a federated system would look like, though. Some tech exists, but a lot is still up in the air.

I’m https://mastodon.social/@stevelord if anyone wants to follow me. Mostly posting AVR development and security stuff.

I’m there at @NinetyNine.

I’m there at pnathan.

My Twitter tends to be a blend of liberal retweets, bad jokes, and occasional tech remarks.

I also have some kind of other gnu social account I forgot somewhere, but it wasn’t interesting enough there…

I’m there, https://mastodon.social/@balrogboogie

nobody knows how to deliver good software

This is provably false with data available, but with a caveat I think you’d probably agree with me on.

We definitely know how to deliver good software, and we figured it out somewhere in the mid-80s. Capers Jones even has a textbook called “The Economics of Software Quality” where it’s even cheaper in the long-term to produce high quality software over low quality software with less definition and explicit effort on quality. They also ship sooner, with less bugs according to the data.

EXCEPT: We don’t know how to define our work, and most people in management fear committing to any outcome, as they can be judged by it. Without a definition of what we’re trying to achieve with any serious amount of design work, any other attempts at quality are largely a joke. When management says something like “we should be flexible in the ever changing landscape of <insert completely static requirements>”, call them out.

Finally, individuals have made enormous sums of money shipping absolute piles of steaming shit because they are defining new markets of which they are monopolies. I strongly believe they could have made MORE with higher quality software.

That’s not true. Airplanes, air traffic control systems, space craft, and most other safety critical embedded systems all have “good” software that doesn’t fail very often. The problem is that it takes a lot of time and is very expensive, and most people choose cheap and broken over expensive and correct.

Open office plans make all kinds of development more expensive because nobody can concentrate for long and that makes everything take longer.

I’d take it a step further. For the most part we don’t really have an agreement on what good software is, which is pretty much a pre-requisite for reliably delivering it.

Is the facebook android app “good” software?

Is the linux kernel “good” software?

Einstein once said time is what you measure with a clock and space is what you measure with a stick. For most of us, good software is defined to be software our superiors think is good and our customers are willing to use.

That’s provably wrong. There’s companies that have been delivering good software for years. The high-assurance field all do it. Then there’s companies in competitive industries that charge a bit more for delivering better stuff. Comments downthread act like you need a NASA budget. They didn’t see the evidence clearly.

Cleanroom’s empirical results had it delivering very, low defects at an overhead ranging from slightly less than broken software to not much more:

http://infohost.nmt.edu/~al/cseet-paper.html

Old, high-assurance systems showed that reaching level of formal verification of design and near-exhaustive testing of system’s security (their focus) was between a 30-40% premium over regular, software process:

https://cryptosmith.files.wordpress.com/2014/10/lock-eff-acmp.pdf

A modern shop that does similar stuff claimed a 50% premium for software with almost no defects whose TCB could often provably avoid common defects:

http://www.anthonyhall.org/c_by_c_secure_system.pdf

Then there’s niche operators doing things such as using logic programming to encode the specs of the problem in a way that bypasses much of the coding and flexibility problems:

https://dtai.cs.kuleuven.be/CHR/files/Elston_SecuritEase.pdf

So, yes, there’s companies delivering good software. Some Cleanroom companies and Altran/Praxis even warranty their software to a specific defect rate. They fix any other problems at their own cost. Most of the problems are from either (a) industry not knowing the methods available to deliver low-defect software or (b) bad management making sure that doesn’t happen. Michael writes about the latter. My stuff is about the former mostly. There’s a lot of both going on.

Yes, it’s even more fascinating if you think about it: Cameras nowadays are very much capable of capturing all perceivable colours. This information is still present in the raw files, but once you do raw postprocessing, this information get lost.

This is one reason why if you take a photo of a sunset with the rich, almost spectral reds and yellows, it turns out to be dull and almost uninspiring on your screen. Display technology is a joke, and I’m sure we’ll look back at our display technology nowadays in twenty years like we now look back at CRT screens of the mid 90’s. It’s hard to find good fluorescents in screens, but OLEDs and mLEDs might change this dramatically (research is underway).

Linux really needs better colour management. Everything is assuming sRGB, and we missed the chance in Wayland to do it right. Hell, even GIMP didn’t have proper colour management until a few years ago. Like in the Allegory of the Cave, we might be shocked in a few years when we realize that the entire infrastructure needs to be “reworked” in the interest of being able to actually see the colours our cameras are capturing. And up to this point, I hope everybody keeps their RAW data so they might actually be able to leverage the screens of the future. For what it’s worth, nobody would only keep the b/w prints if they had taken the images in colour in the first place.

What resources do you recommend as an alternative? I’m interested in color theory and alternate color spaces, but haven’t really found any accessible resources for learning about it.

Are there non-RBG displays coming down the pipeline? It makes sense to design for the displays that exist rather than the ones that might. I think this article is, as the title says, going for practical color theory rather than comprehensive color theory.

Real color theory is very complex

I think the issue here isn’t really about “real color” theory as in “all there is no know about color” but “i am making a blog what color what I make all the stuff in it?” and choosing 2 colors then making a light and dark version of each is a solid strategy for an otherwise ‘design-illiterate’ developer.

I deal with this a lot: don’t use NoSQL reflexively. Use a dang Postgres instance until it’s clear that the reasons for using a NoSQL database ( e.g., dynamodb) outweigh using a SQL database (approximately this looks like “very high volume with very few relations”, but YMMV - do the due diligence).

I think this is backwards. If you’re using Postgres you’re signing up to a lot of constraints and non-obvious failure modes (“you want to do a 5-way unindexed join? Sure, knock yourself out. Oh, you put a few more rows in that table and your query’s running slowly?”) when you aren’t necessarily reaping the benefits (e.g. your database may be doing a lot of work enforcing ACID when you haven’t actually set up your transaction boundaries to correspond to something with business meaning; your inserts may commit slowly because your indices have to be updated every time when actually those indices are only used by daily batch queries; your database server may spend most of its CPU time parsing SQL syntax when you don’t even do any ad-hoc queries).

WL seems to be primarily operating as a Russian infowar asset these days, wittingly or not.

I agree that this dump is crap. https://wikileaks.org/ciav7p1/cms/files/Sassy-Cat-Pic-640x607.jpg

Unit Tests! The CIA’s secret NOFORN weapon!

https://wikileaks.org/ciav7p1/cms/page_11629048.html

Well, it’s a hell of a distraction.

Sounds like there’s room for an open source solution that handles abstracting over the major cloud providers.

I worry about the inevitable “you can’t get car insurance unless you attach this gps dashcam to your car”. I’m sure there will be similar problems with “let us track your TV viewing/temperature/electricity/internet usage for a percentage off”.

This is a lesson I had to learn the hard way…

Knuth’s hilarious chestnut “beware of bugs in the above code; I have only proved it correct, not tried it” is, as typical, both useful and on-point. =)

One other thing that might help you is to remember there can be error in any technique of quality assurance. It can come from a lot of places. The important thing is it might show up. Knowing this, it’s wise to have some redundancy with one technique catching problems in another helps counter a lot of that. It’s why A1 class of the Orange Book required formal specs, proofs, reviews, info-flow analysis, testing, and pentesting. In high-assurance systems, authors would find each of these would catch at least one, unique defect others missed. Precise specs, human reviews, and tests discovered the most consistently over time at reasonable cost. Proofs discovered most obscure or corner cases at high cost. Note that type systems are a form of formal specification but way weaker than what they were doing. Quick & dirty specs that catch common, small issues.

I look forward to having a fully independent crypto real-time messaging system that federates (i.e., allowing you and your friends to stand up a server and control its software)

Check out https://conversations.im. It’s federated (based on XMPP), and supports multi-end to multi-end encryption using OMEMO, an improvement on the Off-The-Record protocol that Signal and WhatsApp use.

Like matrix.org/riot.im? Been using it with a few friends. They have E2E encryption with a system to easily trust/distrust other clients keys and they put a lot of work toward bridge to external network such as really well working IRC and an incoming full Slack bridge.

sbcl is the consensus standard libre Common Lisp on Linux. It’s not a bad thing to support other implementations, but when your time is limited, locking to SBCL is absolutely the right thing to do.

One dependency I’ve been trying to add for a long time is Alexandria. So we can use parse-body to correctly process the declaration and documentation string in defcommand

If you look into the code base you’ll find a worse (re)-implementation of split-sequence (split-seq) and other utilities in Alexandria

SBCL only will simply the event-loop implementation, which currently is separated in SBCL and it will allow easy access to OS features through sb-unix and sb-posix. Another way to achieve this would be using iolib but that requires the installation of libfixposix which would bea burden on users.

Well, as a StumpWM user and Common Lisp developer, I welcome both of these changes. They make it much more likely that I’ll contribute to the project in the future.

I follow StumpWM development a little bit on GitHub, and I really don’t think these changes are a surprise to anybody or will affect very many people.

I’m pretty sure all of the Linux distros that have StumpWM in their repositories already build with SBCL anyway.

Sadly yes. Most bizarre is that he seems to be directly contradicting some positions he’s held re:professionalism and “real engineering”.

A sampler to save people having to read through the thing:

If your answer is that our languages don’t prevent them, then I strongly suggest that you quit your job and never think about being a programmer again; because defects are never the fault of our languages. Defects are the fault of programmers. It is programmers who create defects – not languages.

At some point, we agreed to stop using lead paint in our houses. Lead paint is perfectly harmless–defect-free, we might even say–until some silly person decides it’s paintchip-and-salsa o'clock or sands without a respirator, but even so we all figured that maaaaybe we could just remove that entire category of problem.

My professional and hobbyist experience has taught me that it if a project requires a defect-free human being, it will probably be neither on-time nor under-budget. Engineering is about the art of the possible, and part of that is learning how to make allowances for sub-par engineers. Uncle Bob’s complaint, in that light, seems to suggest he doesn’t admit to realities of real-world engineering.

You test that your system does not emit unexpected nulls. You test that your system handles nulls at it’s inputs. You test that every exception you can throw is caught somewhere.

Bwahahahaha. The great lie of system testing, that you can test the unexpected. A suitably cynical outlook I’ve seen posited is that a well-tested system will still exhibit failures, but that they’ll be really fucking weird because they weren’t tested for (in turn, because they weren’t part of the mental model for the problem domain).

We now have languages that are so constraining, and so over-specified, that you have to design the whole system up front before you can code any of it.

Well, yes, that sort of up-front design is the difference between engineers and contractors.

More seriously, while I don’t agree with the folks (and oh Lord there are folks!) who claim that elaborate type systems will save us from having to write tests, I do think that we can make tremendous advances in certain areas with these really constrained tools.

It’s not as bad as having to up-front design “the whole system”. We can make meaningful strides at the layer of abstractions and system boundaries that we normally do, we can quickly stub in and rough in those things as we’ve always done, and still have something to show for it.

I’ve discussed and disagreed at length with at least @swifthand about this, the degree to which up-front design is required for “Engineering” and the degree to which that is even desirable today–but something we both agree on is that these type systems do have a lot to offer in making life easier when used with some testing. That’s a probably a blog post for another day though.

And so you will declare all your classes and all your functions open. You will never use exceptions. And you will get used to using lots and lots of ! characters to override the null checks and allow NPEs to rampage through your systems.

And furthermore, frogs will fill the streets, locusts will devour the crops, the water will turn to blood and sulfur will rain from the sky! You know, the average day of a modern JS developer.

More likely, you’ll start at the bottom, same as we’ve always done, and build little corners of your codebase that are as safe as possible, and only compromise in the middle and top levels of abstraction. A lot of people will write shitty unsafe code, but it’s gonna be a lot easier to check it automatically and say “Hey, @pushcx was drunk last night and made everything unsafe…maybe we shouldn’t merge this yet” than it is to read a bunch of tests and say “yep, sure, :shipit:”.

~

In general, this kinda feels like Uncle Bob is starting to be the Bill O'Reilly of software development–and that makes me sad. :(

The entire point of software is to do stuff that people used to do by hand. Why on earth should we spend boatloads of hours writing tests to prove things that can be proved in milliseconds by the type system? That’s what type systems are for. If we were clever enough to write all the right tests all the time, we’d be clever enough to just not introduce NPEs in the first case.

I had the same reaction reading this. He’s off his rocker. The whole point of Swift being so strongly typed is that we’ve learned if the language does not enforce it, then it’s not a matter of if those bugs will happen but how often we will waste time dealing with them.

The worst part to me is that right off the bat he recognizes these languages aren’t purely functional; implying that there is a big difference between a language that enforces functional programming and one that doesn’t. Of course there is, and the same thing goes for typing.

He has just posted a follow up… http://blog.cleancoder.com/uncle-bob/2017/01/13/TypesAndTests.html

Alas, he says this…

Types do not specify behavior. Types are constraints placed, by the programmer, upon the textual elements of the program. Those constraints reduce the number of ways that different parts of the program text can refer to each other.

No Bob, Types are a name you give for a bundle of behaviour. It’s up to you to ensure that the type you name has the behaviour you think it has.

But whenever you refer to a type, the compiler ensures you will get something with that bundle of behaviour.

What behaviour exactly? That’s the business of you to decide and tests to verify or illustrate.

Whenever you loosen the type system…. you allow something that has almost, but not quite, the requested behaviour.

In every case I have investigated “Too Strict Type System”, I have come away with the feeling the true problem is “Insufficiently Expressive Type System” or “Type System With Subtle Inconsistencies” or worse, “My design has connascent coupling, but for commercial reasons I’m going to lie to the compiler about it rather than explicitly make the modules dependent.”

In which community is he influential, if I may ask? I’ve only learned of him through Lobsters.

Such blatant refusal (“everything is wrong”) seasoned with mockery (“parroted”) is exactly what has been stopping me from writing posts on this very topic.