Threads for pushcx

  1. 5

    @calvin didn’t get the warning about the URL having been submitted before, this bug is back. I’m looking into it.

    1. 15

      Per OP, have you tried turning it off and on again? It’s unreasonably effective.

    1. 16

      I added the workaround for Lobsters. A better workaround would probably be to detect the <script> they MITM and replace the page contents with an explanation of the attack. Lobsters doesn’t serve js to logged-out users and I don’t want to start for this; it seems real likely they’ll be forced to stop by the platform or regulators within a few weeks.

      The author doesn’t say how they detected the attack. I wonder if it was CSP.

      1. 1

        The author doesn’t say how they detected the attack. I wonder if it was CSP.

        I wonder if a strict CSP could be effective against this, since they control the webview. If that is the case, it is just another good reason for any website owner to dedicate some time to write a proper policy.

      1. 22

        I wanted to leave a hatted comment in the mod log, and there happens to be a usefully ironically story at #1 on the homepage I can use. We just had a couple hours of downtime because the disk on our one (medium vm) server filled with logs. It looks like logrotate broke a few months ago. Sorry for the outage. As a reminder, the chat room is also where we post status updates during outages.

        1. 15

          Not big enough

          1. 1

            Womp womp.

          1. 2

            @hwayne the “Stories with similar links” thing below seems to think your post is a dupe? Dunno why the dupe detection didn’t catch it, or perhaps I’m mistaken?

            1. 7

              I’ve pushed a fair amount of code in the last week or two that touched the dupe warning that shows up during story submission, so it’s real likely @hwayne didn’t see it.

              1. 1

                No worries, and FWIW I’m glad he reposted it! It’s a great article and I sent it to one of our internal “Developers should read this” lists :)

              2. 2

                Huh, that’s odd. Doesn’t even have a different URL.

                1. 9

                  Sorry for the bug, I’ve deployed the fix. https://github.com/lobsters/lobsters/pull/1116

                  1. 4

                    Thank you for the transparency.

              1. 21

                No code is absolutely the direction to push to include more humans in the power of computing. But once you’re paying engineers to optimize your no code (like the airtrble timeout example in this article) you’re better off grabbing an engineered tool for that part most of the time.

                1. 7

                  No code is absolutely the direction to push to include more humans in the power of computing.

                  I really hate the term ‘no code’ because it’s misleading. ‘End-user programming languages’ are a much better description of what’s actually happening: you’re still writing code, but in a language that is designed to require understanding of the business logic and not understanding of computer science.

                  That doesn’t mean that no one needs to understand those principles, it means that you have a strong separation of concerns. The business-logic expert writes[1] something in an end-user programming environment, a software engineer builds the components that are exposed in that environment.

                  [1] Or, often, draws or drag-and-drops.

                  1. 2

                    The problem with such attempts is evident when you look at the history of things like COBOL (or maybe even BASIC): in the end, where the rubber meets the road, people will still look to professionals to do the thing for them because it gets complex quite quickly. And the professionals by and large don’t want to touch that shit with a 10-foot pole (for good reasons, most of which are in the article). So you end up with something that you can’t seamlessly “scale”. And the more they try to make these “no-code” things scalable, the more code-like they become.

                    There just may be a middle ground, but I don’t really buy it - you can’t teach non-programmers to build something in a way that fits development’s best practices such that it can be extended programmatically in a sane way (not without turning them into programmers, that is).

                  2. 6

                    That’s pretty much what I took away from it, too. It was interesting to see both that how far “no code” solution could grow and how utterly typical the migration story was.

                  1. 2

                    I really like this idea but have no idea what its implementation would represent in terms of additional load to the server.

                    1. 5

                      I’ve moved most of the vote into the db, but not all. If calculated_confidence finished its move into the db almost any algorithm would be faster than the current implementation.

                    1. 7

                      Is it possible to get a data dump of all of Lobsters comments/links/threads? Would be interesting to do some data science on it.

                      1. 9

                        No, but @pushcx will run queries for you: https://lobste.rs/about#transparency

                        1. 2

                          Out of curiosity, what is the reasoning behind keeping this data private instead of publicly open to all?

                          Does Google get to fully index lobsters?

                          1. 17

                            Users haven’t agreed to their comments being reused.

                            The 800 pound gorilla indexes whatever it would like to. We’ve also been indexed by ArchiveTeam, Archive.org, and many hobbyists. There’s some mild rate-limiting in place, and we have trivially predictable URLs with .json endpoints on many.

                            1. 7

                              Gotcha, this is a considerate policy that I can certainly appreciate. Thank you kindly for explaining.

                      1. 3
                        1. 2

                          Seems pretty plausible. As the article notes, it’s currently valuable for high-security environments (enterprise, government, finance) but there’s also a lot of benefit for anyone with a lot of junior developers; getting a well-configured dev environment is very fiddly. Sounds like it’ll show up in schools and bootcamps and become a pretty standard practice from there. There’s a lot of plumbing infrastructure for managing VMs (technically and organizationally) that I think will take a decade or so to settle out, but when a trend like this is valuable to both the very top and very bottom of the market it’s probably going to do well for itself.

                          The title’s hyperbolic, though. Local dev will never die in the same way old programming languages rarely die. They shrink, but mostly they get relatively eclipsed by how much bigger everything new grows to be.

                          1. 2

                            My inevitable takeaway fro great articles like this is: wat?

                            Why is it hard and obscure by default? I really do appreciate these articles but MAN. How many smart people spin their wheels rediscovering subtle-but-important nuggets of wisdom like this? Better defaults - please!

                            (I realize this is very meta and not speaking specifically to this article)

                            Comment about actual article: I think I prefer the “calc” approach to the css variables approach in the Quality of Life bonus section. IDK, it’s a matter of preference, and I appreciate that multiple approaches were compiled.

                            1. 3

                              Because we learn from experience. em probably would’ve been designed like rem if we had several years of experience working with it before the spec was designed, but we didn’t. The designers took their best guess, people used it for years, we learned what worked and didn’t, we improved the spec, now we share the new knowledge. We’re not going to get them all right on the first try.

                              1. 1

                                I don’t think you can fix “you need to think about and test your code” with different ‘defaults’. Sometimes a bad practise becomes so common that browsers implement stuff to paper over it (like the zoom function multiplying even pixel values these days…)

                              1. 1

                                This looks like a great approach to big merges or long-lived branches. Does anyone know why it hasn’t worked its way upstream into git itself?

                                Does anyone have experience with collaborating on a merge with this tool? I can see how the pairwise commits can be pushed, and it looks like none of the metadata in refs/imerge is strictly necessary, but maybe there’s more aspects to consider, on top of whether the UI is comfortable for the work.

                                1. 5

                                  For some reason ⍼ can’t be in the submission title on lobsters, while it gets fetched successfully via the Fetch button.

                                  The error displayed being Title may not contain graphic codepoints

                                  1. 2

                                    presumably to disallow emoji titles?

                                    1. 8

                                      I’ve created the kotlin tag and backfilled the tag on every story with kotlin in the title.

                                      Thanks for following the guidelines for proposing new tags, it makes my job a lot easier:

                                      To propose a tag, post a meta thread with the name and description. Explain the scope, list existing stories that should have been tagged, make a case for why people would want to specifically filter it out, and justify the increased complexity for submitters and mods.

                                      1. 4

                                        By way of explaining flag: I was under the impression that projects by this language’s creator, in addition to the creator’s own account, were banned here due to the creator’s excessive self-promotion.

                                        1. 16

                                          It was the endless hot takes and pouring gas on arguments that got @drewdevault banned. The fact that his business partner @emersion immediately started posting mirrors of his rants to evade the ban made me think that this was all outrage marketing, picking a fight to get attention to the business projects, so maybe that’s where you got the idea that it was about excessive self-promotion?

                                          Regardless of their intentions for marketing, no, all of his projects are not banned. For example, we have plenty of links to sourcehut. Also see my other comment here for details on how harelang.org was banned to honor a request from DeVault.

                                          1. 4

                                            What’s wrong with hot takes?

                                            1. 3

                                              Note: “endless”, i.e. constant arguing, probably a bit on the aggressive side

                                              1. 5

                                                I assume that’s what /u/pushcx meant by “pouring gas on arguments,” which is not the part that threw me off. If a hot take is “an opinion that is likely to cause controversy or is unpopular” (UD) that doesn’t seem like something that should contribute to a ban.

                                                1. 2

                                                  Ah, sorry for the confusion, my working definition for “hot take” is more like “a cynical or glib response to current news, usually highly moralizing”.

                                            2. 2

                                              That makes sense, I had only dim memories of how it went down, but I remembered there was at least a suspicion of marketing/promotion problems. In that case I rescind my flag.

                                            3. 7

                                              projects by this language’s creator

                                              No, it was just his blog and account.

                                              creator’s excessive self-promotion.

                                              Again, no, it was mostly due to him writing hot takes and then showing up here to join the ensuing flamefest.

                                              In any case, this hardly counts as self-promotion, considering that he didn’t post it.

                                              1. 3

                                                projects by this language’s creator

                                                Why would that be the case?

                                                1. 3

                                                  As far as I can tell (from the moderation log) the ban on harelang.org was lifted about a week ago. Maybe the creator acted poorly in the past, but it seems like Drew has been given a second chance which I think is great!

                                                  1. 24

                                                    The site previously had a note asking readers not to submit it to social news sites. Banning let us be polite and honor that, rather than the site having done anything we consider abusive. The ban message was The page asks "Please do not share this website with others", please ping me to lift this if that changes. Several people, including DeVault, pinged me when the announcement post went up, so I lifted that ban.

                                                1. 30

                                                  For context, this is a response to the LWN thread on Hare’s announcement, where the author had several discussions comparing Hare to C, Rust, and Zig. There’s unlinked reference to this comment.

                                                  1. 3

                                                    Nice find! Thanks for pulling that out.

                                                  1. 80

                                                    Please take it easy in the comments. Yes, the primary author of the language is famous for posting incendiary, attention-grabbing rants. If you respond to this link with vitriol, even if you’re explaining how you dislike parts of this project’s design, you reward trolling and diminish our community.

                                                    Remember there are always a few thousand readers to every commenter. If you’re disagreeing with someone, you’re more persuasive to readers when you make your points and let them judge than descend into bickering.

                                                    1. 33

                                                      Yes, the primary author of the language is famous for posting incendiary, attention-grabbing rants.

                                                      Rants which I might note that he apologized for, and is doing a lot less of as well.

                                                      1. 17

                                                        Do you have a link to the apology you’re talking about? I’ve steered clear of his projects for a while now because of his toxicity, but if he’s truly making an effort to change that, I may be willing to reconsider.

                                                        1. 16

                                                          (Disclaimer: I don’t know Drew personally. I have found several of his public comments abrasive. I also use and like sr.ht quite a bit.)

                                                          Just because I couldn’t remember when that toxic series of posts went up either, and couldn’t remember when his (apology or at least apology-adjacent) conciliatory comments went up, I used search engines to find the words “fuck” and “asshole” on his site. Those turned up both the earlier vitriolic posts and his statement of his ambitions to no longer make such posts. And they showed that he has largely avoided those two words in the past year, as far as the search engines are concerned, since. Those posts where he did use them don’t direct them pointedly at people, IMO.

                                                          Sample size is small, obviously, but it looks like the stated determination to be less toxic has been accompanied by progress in that direction.

                                                          1. 14
                                                            1. 3

                                                              Thanks! I wish it was a little more prominent, but I’m glad someone was able to find it.

                                                            2. 4

                                                              I went looking for it, and… both the apology, as well as the angry rants which prompted him to apologize, have been deleted from his blog. (Unless I’m misremembering which status update the apology was written in the first place.)

                                                              1. 7

                                                                Thanks for looking! I’m assuming it was his Wayland rant, since I can’t find a link to it from his blog index, but I can confirm the page still exists. I even wrote a pretty large response to it on this site because it was in very poor taste. I’m avoiding linking to it directly because he seems to have taken it down on purpose, and I’m happy to respect his decision.

                                                                I appreciate that he’s taking steps in the right direction. I don’t think I’m quite ready to look past his behavior, but I’m still willing to reconsider if he continues in this direction. It’s a very good sign.

                                                                Less vitriol in the open source community and software in general is definitely a good thing.

                                                        1. 4

                                                          How would you say this repo fits in with the site’s idea of topicality?

                                                          Lobsters is focused pretty narrowly on computing; tags like art don’t imply every piece of art is on-topic. Some rules of thumb for great stories to submit: Will this improve the reader’s next program? Will it deepen their understanding of their last program? Will it be more interesting in five or ten years?

                                                          Is there something in this source you wanted to discuss?

                                                          1. 10

                                                            After every command that takes more than 10 s, I display the elapsed and finish times. This requires bash 4.4 or later.

                                                            timer_file=`mktemp -t bash-timer.$$.XXXXXXXXXX`
                                                            begin_timer () {
                                                                date +%s%3N > $timer_file
                                                            }
                                                            PS0="$PS0\$(begin_timer)"
                                                            end_timer () {
                                                                local begin=$(cat $timer_file)
                                                                if [ -n "$begin" ]; then
                                                                    local end=$(date +%s%3N)
                                                                    local elapsed=$[$end-$begin]
                                                                    if [ "$elapsed" -ge 10000 ]; then
                                                                        local ms=$[$elapsed%1000]
                                                                        local s=$[($elapsed/1000)%60]
                                                                        local min=$[($elapsed/60000)%60]
                                                                        local h=$[$elapsed/3600000]
                                                                        printf '\e[35m%i:%0.2i:%0.2i\e[2m.%0.3i %s\e[0m\n' $h $min $s $ms "`date -d @$[$end/1000] '+%F %k:%M:%S'`"
                                                                    fi
                                                                fi
                                                                echo > $timer_file
                                                            }
                                                            PROMPT_COMMAND="$PROMPT_COMMAND end_timer;"
                                                            before_exit () {
                                                                rm $timer_file
                                                            }
                                                            trap before_exit EXIT
                                                            
                                                            1. 1

                                                              Why do you store the timestamp in a file rather than an env var? Maybe relatedly: how does this not break if you do something like sleep 20 &; sleep 15 &? I’d expect them to share $timer_file so the second command overwrites the filename for the former.

                                                              (Also, thanks for this and your exit code comment, I have been idly wanting both features in my shell for years.)

                                                              1. 1

                                                                PROMPT_COMMAND executes before printing the prompt, so background jobs will not be timed. I wanted to use an env var but had trouble getting it to work, so if you do, please let me know!