1. 10

    The Code Cognitive Load is a great idea. I think. There has been a lot of conversations happening about what is good and what is bad code and this might be a great answer especially if we can automate it. I’d love a linter that tells me that I have written something impenetrable and make me think of to the Tony Hoare’s principle of “There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult.”

    1. 2

      Thank you. Its a really great article and I have the impression of finally having understood fix.

      1. 1

        Not knowing Star Trek that well, I thought that the Prime Directive was about the Prime Directive of Agile Retrospective (https://www.retrospectivewiki.org/index.php?title=The_Prime_Directive)

        1. 1

          Having more open source software is always good, so congrats on putting something out there.

          I’m very curious why this takes the approach it appears to take: running two docker containers with opensmtpd in one of them, and then scanning the maildir for message content; compared to what the numerous existing solutions (mailcatcher, mailtrap, mailhog, maildump) all do: run an in-process SMTP server.

          1. 1

            I agree that the current deployment method is somewhat overkill. The idea was to be able to scale api independently of smtpd containers, extending both to use external storage instead of a docker volume if the need arises. It noticeably fell short of the original plan, as I wanted to do a release and prove its usefulness before doing more.

            1. 1

              I’m more referring to the general approach (smtp > maildir > scanning) as opposed to the approach taken by other tools in this space (a single process with an smtp server embedded), than the specifics of using two docker containers (although I always question why a project uses docker as its only supported deployment method).

              1. 1

                I see. I haven’t really found an up-to-date SMTP server library for haskell, and did not want to roll my own, so I decided to go for a well-proven tool instead, and composed it like the other unix tools would. It has proven successful and I really like how simple the API code turned out in the end doing one thing. Sorry for not being able to compare unverified.email to the way other tools are doing it - I haven’t researched it that much. I guess I just started building it from a different angle and made different choices along the way.

                1. 1

                  That’s a completely reasonable approach, and (albeit hamstrung by the docker setup) it allows for updating the smtp component via system packages, in the case of e.g. a vulnerability or incompatibility.

                  Sorry if my comment came off as overly negative or aggressive!

          1. 2

            Is it JMAP conpatible or it’s just ad-hoc serialization of email and mailboxes?

            1. 1

              This is an interesting idea. I was not aware of JMAP - thanks. Currently, the code is just finding the “To”, “From”, and “Subject” lines, and adds the the raw mail data with all the fields as received by the SMTP. The whole email “parser” is here: https://github.com/ptek/api.unverified.email/blob/112a1f002bc7bf22651603523de414452be89612/src/Model/Email.hs#L19-L30

              EDIT: Is there any particular application you have in mind with JMAP? Dies it somehow help with testing?

              1. 5

                Compared to IMAP, JMAP is a much simpler spec that more closely matches how people typically use email.

                Also, using https as the transport means you get a very widely understood / supported TLS stack vs the compatibility mess that is StartTLS et al.

            1. 1

              Cool project!

              Edit: I’m a bit new to lobsters: Shouldn’t this post have the “show” tag? Just trying to understand this community better.

              1. 1

                That is probably true. I have not thought of it.

                1. 1

                  When this happens you can also suggest tags!

                  1. 1

                    I don’t think I can do this (I have limited access to stuff since I’m new)

                1. 7

                  Neat! Congrats on releasing it and thanks for sharing.

                  The one minor nitpick I have is the use of HTTP GET to create an inbox. It just rubs me the wrong way.

                  1. 5

                    I raised an eyebrow at that too, but it does let you quickly create a mailbox from your browser by simply typing a URI.

                    1. 2

                      Thanks for the feedback. I guess its about the fact that RESTful APIs became the norm, right? I should maybe read up on that way more - did not quite get the concept completely. Do you have a recommendation for a good read on REST?

                      1. 25

                        The short (and relevant) part here is that GET requests should not mutate the state of the resource. If you mean to create some new thing, it should be a POST request.

                        Consider this: what happens if a search engine starts crawling the site? Should that change the state of your database? Probably not.

                        See this pertinent anecdote for more: https://mobile.twitter.com/rombulow/status/990684453734203392

                    1. 1

                      I have been building a very similar, minimalist, cron based aggregator, but it generates HTML instead of email. Not sure I’ll adopt what you’ve got instead, but certainly worth a deeper look! Thanks for posting!

                      1. 1

                        Thanks!

                        Actually, Crossbow does not generate email. Cron generates local email out of the cronjob’s standard output/error. If crossbow is configured to be silent, or if it executed outside cron, no email will be generated.

                        For example, you can invoke crossbow-fetch manually and redirect the output on a file.

                        1. 2

                          This is great! I’ve just realised from your comment, that it can then be hooked up to something like noti

                          1. 1

                            In true Unix fashion… it can be hooked to anything and it can hook sub processes and pipe the data into them

                      1. 4

                        I wonder how does the categorisation help thinking in the TDD process. It seems to me that such tags, although very precise when looking back at the tests that are already written, would be too much for me to remember and to think about upfront.

                        1. 2

                          There are manu possible classes but each axis is simple enough to remember. A team may need some time to get used to the idea but once it happens - it helps. So, technically when you write a test you always know that you shouldn’t break encapsulation, should try to concentrate on contracts and should avoid any integrations. When you need something apart of that - you may think a bit how to choose the class with minimal weight which would work for you. The same applies for refactorings - you always have some basic guidelines on how to make a test “better”.

                          It’s very hard to explain people thinking in traditional terms why their whitebox-evil tests don’t return invested efforts.

                        1. 13

                          I use Hakyll. It’s written in Haskell and is completely programmable. It’s actually more of a framework for writing static site generators. That said, there are example codebases that you can get started with. It supports all your desires.

                          1. 3

                            I use Hakyll, too, but it’s complete overkill for me. And I’m not deep enough in Haskell any more to do much development on it, so I’ve been considering moving to something else.

                            I still endorse Hakyll, fwiw, but its strength lies in either: 1- leveraging your existing Haskell knowledge, and/or 2- generating sites that are far more complex than most personal sites/blogs.

                            1. 4

                              I still endorse Hakyll, fwiw, but its strength lies in either: 1- leveraging your existing Haskell knowledge, and/or 2- generating sites that are far more complex than most personal sites/blogs

                              It’s also fun to spend more time programming your blog than writing blog posts.

                              1. 1

                                i use hakyll and i’ve used it to also teach myself odd bits of haskell.

                                i like how extensible it is, and i’ve occasionally used it to add various bits and pieces

                                the main downside w.r.t. github is that you have to commit all the generated artefacts; which is definitely a shame.

                                i’ve not done too much funky stuff with it; but on my companies website i’ve used it to build some (very simple) features, such as lists and specialised rss views, next/previous blog post buttons, etc.

                                it’s not the most elegant code; but gets the job done.

                                1. 1

                                  Late to the party, but you might be interested in rib.

                                  Why? Because by using rib, you will automatically learn Shake which it is built on top of. Compared to Hakyll, rib is relatively simple to use.

                                  Disclaimer: I’m the author. :-)

                                2. 3

                                  hakyll here as well

                                  1. 2

                                    Great to see you’re blogging (again), Pavlo!

                                  2. 2
                                    1. 1

                                      Hakyll too. It’s simple if you only want to convert text into HTML, however, if you want something more advanced be prepared that you might spend more time figuring out how to implement this instead of writing.

                                      I’m also using supplementary python scripts and relying on external means (e.g. jupiter/emacs) to generate HTML too, I shared my setup here

                                    1. 3

                                      Waiting for my wife to go into labour, pretending to do work while at work and last but not least learning Rust by writing a High Score app for our Git repo. Just another week in a so called life.

                                      1. 2

                                        Good luck!

                                      1. 4

                                        Just released https://api.unverified.email - a catch-all smtp to automate email testing. There are still some challenges - for one I don’t quite know if the license is right. I would like to know if someone installs a fork and is running it on their own, but also I would like the current deployment to be open for everyone regardless if they are having their code open or not.

                                        1. 7

                                          The sole question and the fact that she felt that she has to justify if „is it legal” raised my eyebrows tbh. I didn’t think that anonymity is perceived illegal on its own.

                                          1. 9

                                            I’m not sure it is perceived as illegal (yet) but I do think it is at least seen as deeply suspicious.

                                            Employers have consistently run credit checks against applicants - many now regard a lack of presence on social media as a red flag. And heck, just visiting the Tor project page or searching for encryption and privacy software flags you to the NSA

                                            I truly do hope we haven’t crossed over to people thinking anonymous publishing is inherently illegal.

                                            1. 4

                                              many now regard a lack of presence on social media as a red flag.

                                              I find this statement worrisome. I stopped using social media (Twitter and Facebook, at least) because of the effects it had on my mental health – do you know what do I risk if I am “flagged” as a non-social media user? Besides the strange looks, I mean.

                                              1. 4

                                                I wouldn’t worry about it. I’ve never heard of anyone getting “flagged” for not using social media. I don’t doubt that they exist in some capacity, but I see no evidence that it’s a normal thing to do.

                                                1. 1

                                                  Whereas many people have gotten reprimanded or fired for posts on social media. I think using it is higher risk.

                                              2. 3

                                                And heck, just visiting the Tor project page or searching for encryption and privacy software flags you to the NSA

                                                Just FYI - and please take this in the spirit of transparency in which it’s meant - the article doesn’t say that at all. What it says is that this Tor server admin found his server’s IP address listed in XKeyscore.

                                                The only thing we can concretely infer from this is that this Tor server in question is itself a discrete target of XKeyscore. I think extrapolating to say that if you even search for Tor you’ll be targeted seems like a very far fetch indeed.

                                                From the Wikipedia article on XKeyscore: According to a slide from an XKeyscore presentation, NSA collection sites select and forward less than 5% of the internet traffic to the PINWALE database for internet content.[18]

                                                Does your analysis differ?

                                                1. 4

                                                  It differs significantly. From the actual XKeyscore rules as linked in the article:

                                                  // START_DEFINITION
                                                  /*
                                                  The fingerprint identifies sessions visiting the Tor Project website from
                                                  non-fvey countries.
                                                  */
                                                  fingerprint('anonymizer/tor/torpoject_visit')=http_host('www.torproject.org')
                                                  and not(xff_cc('US' OR 'GB' OR 'CA' OR 'AU' OR 'NZ'));
                                                  

                                                  Another comment on a rule:

                                                  This fingerprint identifies users searching for the TAILs (The Amnesic
                                                  Incognito Live System) software program, viewing documents relating to TAILs,
                                                  or viewing websites that detail TAILs
                                                  
                                                  1. 2

                                                    Thanks very much. Super interesting, I’ll need to read that in depth.

                                                    Kind of a pity he didn’t also leak a query log, be interesting to see just how narrow band the average XKeyscore search was :)

                                                    1. 3

                                                      That’s why they call it mass, not selective, surveillance. They grab as many as they can justify. One of their slides basically considered anyone using privacy tech to be a potential enemy. Another thing you might find helpful is the three hops rule. If one person on Lobsters is interesting, then all people on Lobsters are under surveillance and their friends/families one hop out. Social media makes that more interesting.

                                                      1. 2

                                                        At the end of the day, the fingerprinting hurts only privacy advocates, journalists or people who want to avoid being tracked or having their privacy breached.

                                                        For criminals, terrorists and “bad guys”, it’s rather easy to avoid all this and bypass the fingerprinting, as privacy is not their main concern, but rather long distance communication and information exchange. They can do this on gaming platforms, big community sites, live streaming sites with chat, ebay, craigslist and just “blend in”. Obviously, for people that want to protect their privacy while browsing the internet, this method is useless.

                                                        Seems just a little bit unfair and I’d be interested to find out some statistics from the data collection like: “This year we’ve collected, tagged and flagged data belonging to XXX milion people. Out of this surveillance effort we have managed to apprehend, identify or kill XXX bad guys.”. At least I would know the “benefits” of having my privacy breached.

                                                        1. 1

                                                          It would be noce. Except they keep lying about stuff they didnt achieve instead. My favorite example to disprove their BS is Boston Bombers. Main one was on social media talking shit, visiting places raising flags, etc. Easiest guy to catch but NSA had nothing.

                                            1. 37

                                              Disclaimer: I’m one of the newest users here, so if my ideas about what’s on-topic don’t line up with the community’s, I understand that that indicates that I should move on, not that the community should change to suit me :-)

                                              How do you think the person who submitted this neat project feels when only a tiny fraction of the replies to their submission even talk about it?

                                              That person probably feels pretty bummed out about the lack of technical discussion. I understand and empathize with their disappointment. But I’m surprised that a discussion of the broader context around the submission would be considered off-topic. Nothing happens in a vacuum.

                                              We’ve seen throughout history that people who are willing to act unethically have an advantage over those who aren’t. Pragmatically, the main things preventing companies from behaving unethically or immorally are the threat of legal repercussions, the consciences of their employees, and the criticism of the general public. You could summarize the latter two as “shame,” and if our venue prohibits that mechanism then we’re effectively siding with the companies that are willing to get ahead at any cost.

                                              1. 18

                                                Allowing moral policing in comments creates an environment where technical posts and discussion (the lifeblood and differentiator of lobste.rs) will suffer. Two ways this happens include:

                                                1. It discourages people from submitting interesting technical projects due to potential backlash. I wouldn’t want to miss out on good technical discussion.

                                                2. It discourages comments and discussion about the project. If the top comment has 95 upvotes and takes up 10 pages of scrolling, it will make it harder to justify commenting on the project technically. If I post, will anyone see it anyway?

                                                A deterioration in the quality of technical discussion will lead to users who care only about the technical content leaving, and thus further deterioration of content.

                                                Whatever your personal views are, I encourage everyone to take a moral nihilistic stance when it comes to making comments here. There are plenty of places to discuss morals, ethics, and politics on the internet, and turning Lobsters into yet another one of these rather than the best place to find and discuss technical articles on the internet would be a loss.

                                                1. 13

                                                  Moreover, articles on HN/reddit are usually a super set of what’s here. If an article appears here that you would like to make a political comment on, finding the same article on one of the other sites and joining in the discussion should not be too onerous.

                                                  Of course, that robs those with a strong desire to proselytize of a potential audience so is unlikely to be welcomed.

                                                2. 23

                                                  But I’m surprised that a discussion of the broader context around the submission would be considered off-topic. Nothing happens in a vacuum.

                                                  The “broader context” discussion starts with tangents and gets only worse from there. That’s why the SNR on HN is so low, and that’s why I barely read HN.

                                                  When I joined lobsters, the unwritten rule was that the focus is (almost) exclusively on technical content. Maybe I imagined that rule? The way it was enforced was with relevant technical tags (and a bit of activism, not unlike what sock is doing here), but once you get broad enough tags (culture, practices, …) it’s bound to get out of hand. Worse yet, comments aren’t tagged like submissions so there was never a mechanism for enforcing on-topic technical discourse. So that’s getting out of hand too, as more people engage tangents. And now I’m seeing more and more people who think that anything they upvote or anything they find interesting belongs on the site. IDK what to think.

                                                  1. 13

                                                    When I joined lobsters, the unwritten rule was that the focus is (almost) exclusively on technical content.

                                                    Even if that’s no longer the case now - I’d certainly like that to become a rule (written or not).

                                                    1. 3

                                                      I’d prefer not. Pure technical content is sterile and boring. Read a textbook or subscribe to a journal if that’s your bag.

                                                      Technology is only interesting and valuable to humanity where it impacts and has interactions with the humanities.

                                                  2. 1

                                                    Although I understand the fact, that its difficult to judge something without context, I also wish I knew where to draw the line of how broad or narrow the context can be discussed. I don’t think that it is even really possible when it comes to convictions and beliefs that are mostly subjective.

                                                  1. 0

                                                    It is really a great visualisation.

                                                    There is something way off in West Poland though. I wonder where does the data come from. I just don’t think that in “Nowe Warpno” which is a village at the north-west of Poland at the border to Germany has population density higher than Berlin, or Moscow, while Stettin (Szczecin) - the biggest city in the Region - has almost nothing. There is really something strange going on - would be interesting to find it out…

                                                    1. 4

                                                      I am so much impressed by this man being able to get to the core of a very complex problem, and present the insights in an understandable way.

                                                      1. 4

                                                        I switched to the Colemak keyboard layout ~2010 and have been using it since. On GNU/Linux with setxkbmap us -variant colemak and on windows with PKL.

                                                        At home, I use a TVS Gold keyboard - I like its tactile response but the keys are a little to sharp around the edges - ~10 years old now. At work, I use a Microsoft Natural Ergonomic 4000 - ~ 6 years old now.

                                                        1. 1

                                                          How long did it take to learn Colemak for you, so that it became “normal” for you?

                                                          Did it make you type more accurate, as in making less typos?

                                                          1. 3

                                                            Edit: Found an old comment of mine that may more accurately represent my initial reaction (after 2 years) https://forum.colemak.com/post/12525/#p12525

                                                            I used to type around 60wpm in QWERTY - used only 3 fingers on each hand. My unconventional typing style lead to intense, persistent pain between my left ring and middle finger knuckles while writing up my undergrad project reports. I initally blamed it on Emacs and switched to using a folded-in thumb for pressing control instead of my little finger(something I follow till date). However, I realized the pain was due to my unusual finger positions while using E and R. I switched to Colemak in the first few months of my masters where I had a few light weeks when I could switch cold turkey. It took me around 2 weeks to get to ~20wpm and after a month or 2 I hit 60-70wpm. I can currently type at around 80wpm steady and haven’t bothered trying to type any faster. [edit] I try to prioritize accuracy over speed - I did get a little more precise with pressing the keys after switching - but that can be primarily attributed to learning touch-typing and positioning my fingers on the home-row [/edit]

                                                            I don’t use any customizations other than changing the keyboard layout. Some people claim that replacing hjkl by enio in vim helps their case, but I keep things as vanilla as possible. I love the extra backspace instead of caps-lock.

                                                            side note: Not having touch-typed with all fingers before was an advantage. Putting my fingers on the home row automagically switches my mental mapping to colemak while positioning my index fingers over “k” and “d” in qwerty keyboards makes my hand start typing in qwerty instead. This helps when I am on some other person’s computer.