1. 3

    I bought a HHKB last year, and it’s been ok. A lot of people seem to over-hype it, and it might be a bit too expensive. There is a difference though, even if you only conciously realize it when using a cheaper keyboard. The default layout (control, backspace, tilde) is also something I miss on other keyboards…

    There is something about ergonomic keyboards that I find “visually” unappealing. I can’t put my finger on it, it might be that they seem to use more space, or that the concept of a split keyboard is just foreign to me.

    1. 2

      That’s my general thoughts as well. It’s way too expensive for what it is… But if you have one and you use the command line a lot, it is really quite ergonomic for the situation.

      1. 2

        I luckily got mine for about 100 euros less than it is currently being sold for (at least on Amazon), but even then it is a lot.

        1. 2

          How do you get around the lack of CTRL and ~ in the command prompt?

          1. 1

            What do you mean by lack of CTRL?

        2. 2

          I really enjoyed my HHKB, but yes, definitely expensive. Now I’m on a much cheaper OLKB and I can’t even use my HHKB. I may have to sell it finally.

          1. 2

            I’m a big fan of the HHKB but did apply some mods, mainly the Yang ble controller & bke redux domes (ultra light).

            A controller with firmware customizability made a big difference in my usage. The domes make it slightly more tactile but the difference isn’t that noticeable IMO.

            1. 1

              I have this as well and I am quite disappointed… the keys get stuck every couple days and forces me to restart (I’ve cleaned it a number of times). Rather disruptive…

            1. 3

              Most real-world books are pretty outdated at this point, I’ve been writing the book I wish I had when I got into applied cryptography. I spent more than 2 years writing it and it’s going to print soon, but you can read it online here: https://www.manning.com/books/real-world-cryptography?a_aid=Realworldcrypto&a_bid=ad500e09

              It’s an introduction to cryptography concepts that are used in applications (encryption, authentication, etc.) with more in-depth explanations on how some of the actual algorithms work (for example, AES) and how they can be used in different types of applications (SSL/TLS, secure messaging like the signal protocol, etc.) The second part of the book also covers extra topics like hardware cryptography, post-quantum cryptography, cryptocurrencies, and even some advanced topics like zero-knowledge proofs.

              I also wrote a post here on why I’m writing another book on cryptography: https://cryptologie.net/article/504/why-im-writing-a-book-on-cryptography/ which should give you more background about what kind of book it is.

              1. 2

                Wait, is the full book available online? I’ve been waiting for this book, perhaps I’ve missed an announcement? Regardless, thanks for your hard work. I really enjoy your posts on cryptologie.net, and I’ve been looking forward to “Real-World Cryptography”.

                1. 3

                  I think it is slated for print release in a few months, and it seems like 15 / 16 chapters are available online. I grabbed a copy because this was almost exactly what I was looking for (judging by the preview).

              1. 6

                I think one big resource that’s pretty popular is cryptopals. I’ve only done the first few sets but the exercises are a lot of fun and teach you real attacks

                1. 2

                  I stumbled upon it this morning as I wrote my post :). I’m going to sprinkle these in, seems like a great way to get my feet wet.

                  1. 1

                    In terms of hands-on things, I’ve seen https://cryptohack.org/ be mentioned once or twice. Haven’t tried it myself, so I can’t really say anything about.

                  1. 8

                    Applied Cryptography by Bruce Schneier is a really good primer on crypto. It’s old, but it’s a really good introduction to the basics, which haven’t changed over the 25 years since it was published.

                    1. 12

                      IMO, skip Applied Cryptography and read Cryptography Engineering which is also from Schneier but much more modern.

                      1. 2

                        Crypto Engineering looks perfect. Grabbed a copy, thanks to you and the other commenters.

                      2. 5

                        Required caveats:



                        But in the introduction to Bruce Schneier’s book, Practical Cryptography, he himself says that the world is filled with broken systems built from his earlier book. In fact, he wrote Practical Cryptography in hopes of rectifying the problem.

                      1. 110

                        I tell anyone asking me for career advice the same two things.

                        The first: the deeper in the world’s dependency tree you are, the less frequently things will churn, and the longer your skills will last. TCP doesn’t change very often. Theoretical skills may be applicable for your entire career. Human skills are more durable than any technical skill. Kernels don’t change very often (but more than TCP). Databases don’t change very often (but more than kernels). There is a spectrum of skill durability, and you will burn out faster if you find that all of your skills become worthless after a very short time. Dependency forces things not to change their interface, which causes the work to shift toward performance and reliability among other things that some people find far more rewarding over time.

                        The second: the more people who do what you do, the worse you will be treated, the more BS you will have to put up with, the worse your pay will be, the faster you will be fired, the harder it will be to find a job that values you, etc… etc… Supply and demand applies to our labor market, and if you want to be happier, you should exploit this dynamic as heavily as possible. Avoid competition like the plague. But don’t avoid funding. How do you avoid competition without going off into the wilderness where there is no money to be made? Hype drives funding, but it also drives a lot of competition. However, using rule #1 above, the hyped things depend on other things. Many of these dependencies are viewed as “too hard” for one reason or another. That’s the best place to be. Go where other people are afraid, but nevertheless have a lot of money depending on.

                        All hyped things rely on things that for one reason or another are not commonly understood, and tend not to change quickly. That’s a good place to find work involving durable skills that tend to have lower competition. Go where the dependency is high but the competition is low, and you have a better chance of being happy than people who go where the competition is high or the dependency is low. Bonus points if it’s actually “hard” because then you won’t get bored as quickly.

                        There are areas of front-end that are high-dependency, durable, slow-changing, and low-competition. That’s where engineers are likely to be happiest. But these two principles apply to every field or zooming out to any business generally. I’m pretty happy working on new distributed systems and database storage engines for the time being. But I’m always looking for the things that are viewed as hard while also receiving significant investment, as these are the things that will ultimately give me more opportunities to live life on my own terms.

                        1. 10

                          Go where other people are afraid, but nevertheless have a lot of money depending on.

                          There is an old Yorkshire saying: “where’s there’s muck, there’s brass”.

                          1. 7

                            This is so true, I’ve gone to my car to fetch my laptop just to upvote and comment. It’s an exceptionally important piece of advice I wish I had understood as early as possible in life, but I didn’t.

                            CS (pure) and Math degrees are so good because they teach you really basic theories that are mostly timeless. Whenever I’ve gravitated towards more trendy or applied skills, either in coursework or in jobs, there’s always been a really poor and transient ROI.

                            […] using rule #1 above, the hyped things depend on other things. Many of these dependencies are viewed as “too hard” for one reason or another. That’s the best place to be.

                            What are some examples of these dependencies right now, or in the near future?

                            1. 6

                              Thank you very much for this post. Great distillation of essential career advice, especially the part about the durability of human skills. So many developers would derive far more value from a single public speaking or improv class than from learning yet another new programming language.

                              1. 3

                                Oh man, the number of times I’ve echoed this exact same message to others almost verbatim in the first two paragraphs. Thanks for posting this. Thinking about my career in this way a few years ago was probably the most valuable change I made.

                                1. 4

                                  Thank you for the kind words :)

                                  Large-scale ML, blockchain, IoT, serverless, k8s, etc… are all areas recently flooded by newly minted experts in the topical skills, but like the Australian poop diver who claims to have never worked a day in his life, there are great opportunities for high-respect jobs in the dirty internals of the systems :) Particularly with this set of hyped tech, there are very few people who seem to specialize in getting bugs to jump out in distributed systems. Everybody is still writing almost all of them in a way that assumes the happy path. But there are techniques for building all of these systems in ways that encourage the race conditions to jump out. The few people who take pride in building correct distributed systems will have their plates full for a while!

                                  Another reason why this kind of bug hunting and prevention is not all that popular may be that the sorta-similar yet way-cooler-seeming field of systems security tends to absorb a lot of the people who may have otherwise been predisposed to this type of work.

                                2. 1

                                  love this comment. like the other commenter, do you have any examples of “hard, but trendy” in frontend or elsewhere?

                                  1. 7

                                    Spitballing, I’m going to google “hyped programming field” and see what comes up, then I’ll try to break it into areas for investigation. Ok, my results on the first page seemed to be about AI, python, golang. I mentioned high-scale ML depending on distributed systems skills and correctness skills above, so I’ll think about the others. Python feels harder for me to answer so let’s dig into that.

                                    Python is immensely popular and I think that becoming an expert in alleviating any friction point that people often hit will be lucrative. But what about things that SOUND really boring? When I think about things that suck about Python, the most dreadful thing that comes to my mind is migrating large applications from Python 2 to Python 3. Python 2 stuff is still everywhere, and it’s increasingly hazardous over time because its support has run out. But people don’t want to touch things that are still ticking along. Legacy systems, like geriatric medical care, becomes more important every day.

                                    But despite being extremely important and an excellent place to apply interesting mechanical (yet supervised) translation and correctness analysis during modernization, so many people have been burned by consent issues at work where their managers forced them to work on legacy despite them not wanting to work on them. So much of the overall programming population has been burned by non-consensual legacy engineering that almost everyone wants to stay as far away as possible. The only question is how to find the companies who realize that modernizing their legacy systems is actually something you want to pay a specialist to do instead of forcing the task on junior devs with no negotiating power. Banks are well-known for paying consultants for this kind of work, but to be honest I’m not sure.

                                    Maybe Python 2 modernization isn’t exactly a golden ticket due to the difficulty in finding companies who are willing to hire specialists to perform this task. Maybe it’s too easy. But may it’s not. I’m not sure. In any case, this maybe demonstrates the general search technique, and can be used to illuminate further areas for research. If general Python 2 modernization is “too easy” then you can slap on more filters. Python 2 modernization for automotive codebases. That sounds much more correctness-critical and likely to pay a specialist to accomplish.

                                    Anyway, the general pattern is: what feels repulsive and hard? Maybe that sense of repulsion creates a dynamic where the few people who do the thing are extremely well treated due to their scarcity. If that scarcity of talent aligns with an extremely popular overall field, there’s a good chance that there are folks who require a specialist to address this niche.

                                    1. 6

                                      Anyway, the general pattern is: what feels repulsive and hard? Maybe that sense of repulsion creates a dynamic where the few people who do the thing are extremely well treated due to their scarcity. If that scarcity of talent aligns with an extremely popular overall field, there’s a good chance that there are folks who require a specialist to address this niche.

                                      Here’s an example of scarcity working out well for an expert. Another company in my industry was converting to a different accounting system. These projects are incredibly complex and can last years. Part of the process required recreating hundreds of templates for the new system. One contractor handled the template conversion; she retired at a young age after the project was complete.

                                      1. 3

                                        non-consensual legacy engineering

                                        Have you written about this anywhere? I’d be curious to hear more about it. It immediately struck a chord with me, and probably does with most software engineers.

                                  1. 2

                                    I’ve been plugging every link into https://outline.com/ to generate a pure text version, but it has some drawbacks (and, of course, NYTimes, etc. won’t work with it).

                                    But I can see what you’re getting at, since there’s no easy way to search for something like this. I would wonder, given a sample of relevant websites for a query, whether the ones without ads will still be of the same quality / relevance as the ones with ads.

                                    1. 8

                                      I’ve been wanting to learn Rust forever so finally going to start. My plan was to go through the books on their site (probably Rust by Example), and then find some projects to apply it to. I’d certainly welcome advice from anyone who has done something similar.

                                      1. 4

                                        Do Rustling project. And once you are done with that, contribute to it by opening a PR. I found you learn a lot by contributing to others code.

                                        1. 3

                                          That’s how I got started, as well. I also read from Programming Rust.

                                          But my biggest success, the one that made the borrow and reference system finally click for me, was using Rust for a 30-day game jam project. The extended time frame, as opposed to the usual 24-72 hour window for most game jams, made a huge difference in terms of learning since it reduced my “code code code” tunnel vision. I also prototyped the game in Ruby, one of my strongest languages, and then used bridges like Rutie to convert the project to Rust class-by-class. Having a working code base to start from made everything less less intimidating.

                                        1. 3

                                          I think this would be fascinating, and I’d be especially curious how much of an improvement it actually is on discovering new or relatively unknown authors.

                                          This isn’t built on book texts as far as I know, but to the broader point of finding new authors, I have played around with https://www.literature-map.com/ in the past with decent results, in case you haven’t come across it yet.

                                          I think to do what you are suggesting though, you could do it via public domain as the @dvaun suggested (but then you have a lack-of-content problem making it less useful), or get indexing agreements with publishers (which can be difficult).

                                          We kind of do this for scientific articles at my current job, and beyond the challenges of getting more indexing agreements to make it useful, there’s a non-trivial infrastructure cost for storing & processing (and potentially re-processing) all of that content.

                                          Would be neat if there was someone with a boat load of money willing to fund this! :)

                                          1. 3

                                            The https://www.literature-map.com/ resource and other Gnod tools have proven useful to me in the past. Though, the mapping of authors (or music, movies, and other Gnod projects) is quite broad in scope.

                                            What would be neat to utilize is an engine that would work well in topic exploration within various subjects, including fiction categories (e.g. thrillers, fantasy, historical fiction) as well as fields of research.

                                            Having a resource like that on-hand, paired with a community of folk interested in putting together curricula for entering and diving into new domains would be awesome. I’d imagine a resource that had the ability to analyze articles and other sources (e.g. Wikipedia entries) in addition to books, in conjunction with an ability to put together these “curriculums” or “paths” would be great for any auto-didacts exploring a new field.

                                            I am out of my field when discussing this, as I don’t have any ML-experience. If there were a project that worked on this, though, I’d be happy to contribute in other ways.

                                            Would something like this need to be monetized to be sustainable?

                                            1. 2

                                              There is the cost of hosting. However, text is cheap. I can see a tool suite that is as follows

                                              1. There is a command line tool that, given plain text will spit out a feature vector
                                              2. The feature vectors are submitted to a central repository and collected into a file of feature vectors, this could be github
                                              3. You can checkout/download the feature vector file, run another command line tool (or a simple GUI or SPA) on it, mark out your favorite books and the tool will propose an ordered list of books you might like based on the content.

                                              I really like the idea of trying this out on copyright lapsed books hosted on gutenberg, but surely someone must have done this already.

                                          1. 27

                                            With respect and love, @pushcx, this ain’t it.

                                            In my experience moderating internet forums there are precisely two kinds of people that are interested in moderating:

                                            • people motivated by a deep desire to improve the communities they participate in and who plan to moderate with the lightest possible touch in order to grow the community and allow it to express its norms and standards
                                            • petty fucking assholes who plan to wield their power to grind axes, antagonize enemies, and reshape the community as they themselves see fit

                                            These posts bring out both of these kinds of people, but unfortunately you’ll be lucky if you get a 1:10 ratio of good to bad.

                                            Now, you’ve said you plan to announce the new moderator slate. That means, at best, you and @irene plan to try to separate the wheat from the chaff. My $.02: don’t. Pick ten people that each of you have interacted with and think you can live with as moderators. Then ask them directly. If you are lucky you’ll get two of them to accept and only reluctantly so. Then you’ll have found good moderators.

                                            1. 11

                                              I spent the last year trying that, though I contacted nine users rather than ten. None were both interested and available, though one maybe came around a few days ago and I believe applied earlier today.

                                              1. 3

                                                None were both interested and available, though one maybe came around a few days ago and I believe applied earlier today.

                                                I hope like hell they did, and wish you the absolute best of luck finding a second (or more).

                                              2. 8

                                                I am deeply distressed by the direction these comment threads took for many reasons, but not least because I had believed, perhaps naively, that this community was distinct in how its members practiced a cautious self-moderation to avoid making - or even cast votes behind - statements they lacked expert authority to make, knowing those statements could (and likely would), be seen by actual experts who could be engaged in earnest discussion.

                                                I post under my real name because it means I have to stand by the things I say, and it forces me to pause to consider the effect my words will have on the people I say those things to. Posting anonymously or pseudonymously removes the first obligation one has to oneself, but nothing removes the second obligation one has to others.

                                                I hope from the bottom of my heart that these threads are uniquely a product of the generally elevated blood pressure of all people at this particular moment, and is not representative of anything else.

                                                I have many things to say about the subject matter discussed in these threads, but this is not the place I will say them.

                                                1. 6

                                                  I can’t agree any more strongly with this post. This (request for moderators) is the way to get toxic moderators. @owen is absolutely right about how to get good moderators, pick them based on their existing community actions and reach out to them. Most of who you reach out to are wonderful, sane people so they will decline… continue down the list. I have moderated communities for a couple of decades and the path laid out by @owen is the only one I have had any success with.

                                                  1. 3

                                                    You are extremely correct. As a member of the third category, I understand that moderation is a powerful tool which I would almost certainly misuse and with which I should not be trusted. And I am simply not a nice person. But, with that said, I at least have an excellent record of antifascist posting.

                                                    1. 2

                                                      This is good advice, and in other communities I’ve been a part of it was exactly how moderators were selected. Some served for 5-10+ years, all part of the same initial friend group / community that seeded it.

                                                      I did assume that @pushcx would still have the ultimate say in getting rid of any false positives, so to speak, considering we have a public moderation log and it would be somewhat obvious if someone was abusing their power, so it might be OK still.

                                                    1. 1

                                                      I’ve never really tracked goals… I sort of just do what makes me happy. In the past year I got to a point where I can run 3-5 miles per day, eat (and cook) mostly vegetarian meals, give up coffee, pick up and get better at sewing, read more books, watch more foreign language films (Korean, Japanese, and French cinema).

                                                      Usually after some dabbling I just sort of know if I’m in love with it or not, and if not then I’d rather stop than force myself to complete any goals I set in advance (without experiencing it fully). But if I am enjoying it, I’ll keep finding new challenges in that space (if it’s repetitive, I’ll get bored) and that helps me naturally grow / improve.

                                                      :shrug:, not sure it’s the best advice to give to someone… but worked well for me so far

                                                      1. 1

                                                        If you import a version of the same module in like 10 different files, e.g. writing this in each file: import * as log from "https://deno.land/std@0.75.0/log/mod.ts";

                                                        And then want to bump the version from say 0.75.0 -> 1.0.0, does this mean you have to bump it in each file…?

                                                          1. 2

                                                            Thanks – I hadn’t gotten that far yet / spoke too soon :).

                                                        1. 1

                                                          Thanks for sharing! Skimmed it a little and bookmarked to read later when I have time. This looks awesome.

                                                          There’s a lot of awesome work going on in federated learning / privacy preserving ML. I heard a talk by someone at Google at NeurIPS 2019 about how they use it for their keyboard prediction (among other things) and thought it was super exciting. Got me down the rabbithole of reading papers in this space, although I haven’t had a chance to apply it in more practical settings (yet).

                                                          1. 2

                                                            Glad you’re interested! Google’s keyboard prediction work is perhaps the most prominent deployment of this stuff so far, and the papers are great. Exactly how that feature works as a piece of software is a little opaque IMO, and I’m a big fan of this blog post as a more accessible real world example: https://florian.github.io/federated-learning-firefox/.

                                                            1. 1

                                                              Yeah I’ve read that post. It made me wonder why search engines haven’t yet tried to do local learning for recommendations, or what that might look like if implemented…

                                                              Do you know if anyone is distilling information in this space (academic / practical applications)? Writing about it is on my TODO list and I finally have time to start consolidating information / putting together resources, but thought I’d see if others already do this. I’m aware of a few yearly reviews done by prominent blogs but not sure if there are niche writers who I haven’t found yet!

                                                              1. 1

                                                                The report I wrote was an attempt at that, although it’s pretty high level, and it’s now two years out of date. (I posted it here because it had just been unpaywalled.) The report was the basis for a StrangeLoop talk last year https://www.youtube.com/watch?v=VUINeZUAlx8 or https://mike.place/talks/fl/ (slides) . The last slide has a bunch of references, but they are all >= 1 year old.

                                                                Other than that, the recent reviews I’ve seen are all quite academic (no blog posts that I know of, although I’m sure they exist). Probably the most useful academic review I’ve seen is this one https://arxiv.org/abs/1912.04977. But because it reviews open problems (rather than solved problems!) it necessarily doesn’t have much to say about the real world practicalities. https://arxiv.org/abs/1902.01046 may also be useful, but is a little vague and very Googly.

                                                          1. 1

                                                            Mine is very out of date and in the middle of a (to be soon published) revamp. Thoughts are welcome though! https://www.ashishuppala.com/

                                                            1. 3

                                                              Nice, I wish there was a benchmark as suggested elsewhere. The article confused me a little because of how it uses the word cursor (I thought it was referencing database cursors, which is an alternative for offset pagination as well, but it’s just talking about row IDs…). To me this is more keyset pagination, no?

                                                              I’ve used keyset pagination instead of simple offset with great results. Although it was tricky to implement in cases… when you start adding multi sorts and forward / reverse pagination, it gets a little complicated making sure the query is properly bounding with the “previous” result set.

                                                              Also, being able to use id as a bound for the next page only works sometimes (if you use v1 UUIDs for example, which have time encoded in them, it can work, but v4 UUIDs it can break).

                                                              1. 1
                                                                1. 2

                                                                  Direct link to the benchmark results embedded in that article: https://www.slideshare.net/MarkusWinand/p2d2-pagination-done-the-postgresql-way/42

                                                                2. 1

                                                                  Here’s a page about a similar pagination technique it calls “seek”, with a benchmark showing that it is much faster than “offset” pagination when visiting later pages: https://www.eversql.com/faster-pagination-in-mysql-why-order-by-with-limit-and-offset-is-slow/

                                                                  1. 1

                                                                    To me this is more keyset pagination, no?

                                                                    It is a keyset pagination, somehow this term never got to my conscious. :)

                                                                    Also, being able to use id as a bound for the next page only works sometimes (if you use v1 UUIDs for example, which have time encoded in them, it can work, but v4 UUIDs it can break).

                                                                    Yeah, id in this case was just a simple example, I assumed a simple autoincrement integer field. :)

                                                                  1. 6

                                                                    If management is sad and perplexed and regretful to see an employee leave, then that employee probably did not demand enough change from their managers. Management in this scenario, and in so many others, is not interested in the best interests of the employee. Accordingly, if an employee is depressed or otherwise experiencing negative mental health effects because of employment, then they have a reasonable expectation that their manager, if competent, must do something to improve the situation.

                                                                    1. 14

                                                                      +1. I’ve seen engineers fall into two camps when they’re unhappy with their job. The really vocal ones who never stop fighting / advocating for what they want / should happen, and the ones who just bottle it up and get really quiet.

                                                                      The former will either get what they want eventually, or they will leave but no will be surprised.

                                                                      The latter though… they get stuck in their head, working at the company becomes increasingly depressing / stressful, and one day they just quit. And everyone is surprised because, well, they didn’t say anything (or communicate it in a way that others perceived it as important / etc.).

                                                                      Not saying this is necessarily true of the author, but a more general comment.

                                                                      It’s always the silent ones.

                                                                      1. 9

                                                                        Why ask for something from your manager and risk getting fired when you can keep your job, find a new job, and then resign at your own time on your own timeline?

                                                                        Maybe your manager won’t fire you, but why take that risk? You don’t owe them anything.

                                                                        1. 6

                                                                          This is worth answering.

                                                                          The last two times I spoke up to management like this are still clear in my mind. In one situation, upper management had instructed employees in ways which contradicted federal law; in another situation, state law had been enacted which affected our products. In the former case, I spoke up not for myself, but for other employees who did not understand that they were being disenfranchised; in the latter case, I spoke up not for myself, but for the entire business’s legal safety.

                                                                          I don’t owe my managers anything, yes, but I do certainly owe my employer and fellow employees quite a bit. I have an ethical obligation, as well as possible legal obligations.

                                                                          Also, to be frank, I don’t really mind taking a break of a few months between jobs. Employment is difficult, employers are terrible people, and the entire system of wealth and labor extraction makes me sick and tired.

                                                                          1. 2

                                                                            I do certainly owe … fellow employees quite a bit

                                                                            Definitely! This is a great point. If you have the priviledge to be able to handle it, sticking your neck out for fellow employees is absolutely worth trying.

                                                                          2. 4

                                                                            Managers and ICs are not antagonists. The manager’s job is to interface with other teams and keep the IC out of endless meetings and business processes. This shouldn’t be a yes-boss situation.

                                                                            1. 4

                                                                              Except the manager has the power to fire the underling, and the underling has no influence over the manager. The power imbalance is real, even if most manager like to pretend it is not.

                                                                            2. 3

                                                                              I’m really confused why asking for any of these things would put you at risk of being fired? I’m a manager and I cannot imagine thinking about firing someone for expressing their desire for things to be different or better.

                                                                              1. 3

                                                                                I cannot imagine thinking about firing someone for expressing their desire for things to be different or better.

                                                                                Well, then I’m glad you’re a good manager :) But one is not generally safe to assume their manager is a good manager. “Asking for things to be different or better” is very contentious, and is definitely not just a safe thing to do in general.

                                                                                1. 2

                                                                                  Absolutely agree with this.

                                                                                  If there is genuine concern about being fired for asking a question about additional opportunities, it may be how the question is framed?

                                                                                  1. 1

                                                                                    You’re making the right call, but not everyone does. I lost a job because of this. I escalated a normalization of deviance issue (social and technical – extreme callousness in communication re: legitimate high-severity defects, and an absurdly high potential for PR and/or technical damage to the enterprise), and it ultimately ended my tenure there. I can’t say any more, unfortunately – that’s how bad it went.

                                                                              1. 5

                                                                                Over the weekend I bought and built an industrial sewing machine; a couple hours of drilling, tinkering with nuts and bolts, and it’s finally assembled. I have an iron on the way, along with fabric and thread, and this week is going to be spent familiarizing myself with it / learning to sew. Also passively looking for patterns for when I’m eventually ready to do work on jeans.

                                                                                I’ve also gotten really into Go the past few months and started going through some books / playing a game every night so want to continue doing that.

                                                                                And of course all the usual work-stuff :). I think this week is going to be a set of plumbing / automation / data challenges than front end feature work.

                                                                                1. 3

                                                                                  Sewing is one of my most prized hobbies, the guaranteed path to be out of my worries for hours without end. Some years ago I even bought a sewing machine out of my meagre income at the time, and I still consider it to be one of my top three purchases if all time. Yes, that’s how much I’m into sewing. So I’m thrilled to know you bought an industrial sewing machine. That’s taking the whole thing to a different, more fascinating level!

                                                                                  While wishing I was you, I wish you all the the best with your sewing experiences!

                                                                                1. 2

                                                                                  Besides all the usual work stuff, I’ve been learning to make my own jeans. I finally settled on a Kenmore 158 which supports a lot of stitch types to get me most of the way, and am passively hunting down some old industrial Union Specials if I can find them.

                                                                                  Wanted to do this forever, and finally got time.

                                                                                  Also learning to use Processing.

                                                                                  1. 2


                                                                                    • Working on fleshing out dashboards we’re making for scientific publishers to see how their journals / publications are cited by others.
                                                                                    • Some improvements on the ingestion process I built to ramp up how many papers we’re able to process from our partners


                                                                                    • My mind has been pretty fixated on systems (in a theoretical sense, but also applied in Science and Education). I’ve been trying to categorize my notes to put something out there so I can test some of my ideas; I’m hoping to get started on it sometime this week.


                                                                                    • Finish reading current book on Bletchley Park
                                                                                    • Continue reading an essay a day from https://plato.stanford.edu which has quite an interesting selection
                                                                                    • Figure out an acoustic guitar to buy so I can learn to play
                                                                                    • I’ve been running a lot lately since I stopped going to the gym and trying to take advantage of the beautiful weather this week in Chicago. Goal for this week is to do 4 miles a day (:fingers_crossed:)
                                                                                    1. 6

                                                                                      This is painfully accurate!

                                                                                      The bit about scientist and reviewers not checking references, etc. due to it being time consuming is so true, even from my research days a few years ago. When I started working at the National Cancer Institute I (perhaps naively) spent too much time thoroughly checking all papers/references, and would constantly wonder how others were able to be so much more productive. Evidently cutting corners was rampant.

                                                                                      A shameless (but hopefully relevant) plug: the current project I’m working on is at scite (https://scite.ai), and one of the things we offer for scientists and reviewers is the ability to (quickly) see how papers are cited by others.

                                                                                      In fact, one of our latest additions is the ability to upload a manuscript and see how its references were cited (especially useful when checking if you’re citing heavily disputed or even retracted work).

                                                                                      I thought it’d be relevant to bring up here because we (like many others whom this resonates with) want to improve this system by working within.

                                                                                      Curious to hear what others think…

                                                                                      1. 8

                                                                                        Can someone please explain how it is possible that one malfunctioning SDK can break the entire app? IIUC this is due to Facebook login but still, why can’t the app continue to function regularly?

                                                                                        Or is it broken only for whoever actually logged in with Facebook in the first place?

                                                                                        1. 24

                                                                                          This is due to Facebook’s idiosynchratic engineering practices.

                                                                                          At least last time this happened (https://github.com/facebook/facebook-ios-sdk/issues/1373), two months ago*, just including the SDK was enough to bring your app down before it had even initialised because Facebook ran code in the Objective-C class load method, which no sane person would override, let alone do network calls in.

                                                                                          That’s the idiosynchratic part, but it spells disaster when combined with Facebook’s amateurish development practices: The SDK will load objects from the FB backend, parsing them with brute force, expecting them to always be well-formed. This, combined with no working internal CI/CD system, leads to situations like this, where anyone doing a configuration error on a backend service can bring down millions of clients without them even calling the code in question.

                                                                                          1. 10

                                                                                            “Idiosyncratic” seems like an exceedingly polite way to put it.

                                                                                            1. 5

                                                                                              Realized today that I’m more dismayed by the tech public’s reaction to this than the failures of engineering displayed. Specifically, a bunch of people over at the orange site believe it isn’t fully preventable when the fix is simply to see bad engineering decisions for what they are: static initialization is dangerous and has no place in a SDK deployed at FB’s scope. Full stop.

                                                                                              1. 2

                                                                                                Unfortunately, there are tons of SDKs out there that does static initialization. When brought this issue up with another big-name SDK during integration, the response is in the line: we need to do some initialization, and relying on SDK users to call “init” method properly is a no-go based on what we experienced. That sounds plausible, but the solution is to make sure you have init’ed upon the first call to your library, and this can be solved through tooling (adding a custom LLVM pass to call your init method if not through your public API).

                                                                                              2. 2

                                                                                                Do you have a citation for "no working internal CI/CD system"?

                                                                                                1. 2

                                                                                                  They have a CircleCI instance, but if it did continuous integration and delivery, it would not be all-green.

                                                                                                2. 2

                                                                                                  The SDK will load objects from the FB backend, parsing them with brute force, expecting them to always be well-formed

                                                                                                  I spit water out of my mouth as I read it.

                                                                                                3. 9

                                                                                                  It’s just shoddy code from Facebook, and it’s a hot mess, because their SDK calls home in the initializer, IIRC, and a “bad” result that causes it to throw will blow up any app that includes the SDK, even if the app doesn’t use FB login. It’s a total catastrophe.

                                                                                                  1. 3

                                                                                                    To add my speculative point to the good substantive answers above…

                                                                                                    Another part of the problem is our industry has never really adopted REST as a way of architecting big public APIs. So instead of accessing them over HTTP using common patterns every API is expected to have a client library implementing the API’s custom, closed RPC-over-HTTP architecture.

                                                                                                    (I don’t have any solutions, I’m just lamenting.)

                                                                                                    1. 1

                                                                                                      Which industry are you referring to? Serious question.

                                                                                                      1. 2

                                                                                                        Software. Or that part of it that creates Web APIs.

                                                                                                    2. 4

                                                                                                      I’m guessing this is why a bunch of apps on my iPhone weren’t working this morning (GroupMe, Spotify, etc.). I wasn’t logged in with FB, for what it’s worth.