1. 9

    If you’re a maintainer and someone asks you to do something you don’t want to do, they are free to do it themselves. You don’t owe anyone anything, unless your project is also your product.

    1. 6

      I can appreciate that perspective, though I also think there’s a perspective that maintainers are invested in the projects they maintain. When people come asking for more and more “table stakes” there’s a feeling of threat that the project will be wrested from them via fork, they will lose valuable contributors, that the thing they worked hard on will be negatively impacted. The baseline stress level of having useful projects out there rises, and drives away people.

      I don’t have answers, but I think it’s worth acknowledging some of these perspectives.

    1. 2

      Too bad for the vimacs nerds, I guess?

      1. 3

        From the article:

        asking our Vim and Emacs users to commit to a graphical editor is less great. If Codespaces was our future, we had to bring everyone along.

        Happily, we could support our shell-based colleagues through a simple update to our prebuilt image which initializes sshd with our GitHub public keys, opens port 22, and forwards the port out of the codespace.

        From there, GitHub engineers can run Vim, Emacs, or even ed if they so desire.

        1. 1

          For emacs, you’d just have to copy your dotfiles to the image every time, I suppose?

          It’s probably a much better idea to use a (slow) tramp connection, that way you’ll notice the latency only when saving, and not on every keystroke.

      1. 6

        I realize this piece has a strong whiff of PR to it, but I legitimately am interested in the idea of moving past the “local development environment” as a standard practice. Long ago I got real excited about local vagrant and docker for development, and that hasn’t really panned out for me in practice. I’ve been watching cloud development environments with great interest for a while and haven’t had a chance to invest time into them.

        Is this the way?

        1. 27

          Is this the way?

          Not unless you’d like to see the end of accessible general purpose compute in your lifetime.

          1. 5

            I’m convinced it will happen regardless. Too few people care about it passionately. General purpose computing will become a hobby and cult like the Amiga is today.

            1. 2

              Also it’ll probably only be relevant if you’ve got such a big project that it takes you 45 minutes to make a fresh clone-to-dev environment and you’re not working with real hardware but something that’s made with replication in mind like web services. Oh and you don’t want any network problems.

            2. 2

              This could be so, so powerful if the compilation within those codespaces could also be pushed to distributed cloud-build instances. I’d be dying to use this if it came with a prebuilt ccache of previously compiled object files. I’m on a 28 core machine with 64G of RAM and building Firefox still takes up to ten minutes. I know it can be much less than with a distributed compiler like icecc.

              1. 3

                I think this will be the next step. The first and easiest development workflow to cover a scenario that is matches the remote environment as closely as possible (e.g. linux, no ui, etc). So codespaces is perfect as is for Web Development on Python, Ruby, PHP, JS. The next step would be service development where you combine Remote Execution (https://docs.bazel.build/versions/main/remote-execution.html) with CodeSpaces. It’s a bit tricky because now you have to deal with either multiple build systems, which is very difficult, or enforce a given supported built system (e.g. bazel). But at this point you will have very fast Rust/C/C++, etc compilation and can nicely develop there as well. The problem with CodeSpaces is when it comes to Mobile or GUI development, or worse case, 3D software (games). I am curious to see how they will solve that.

                1. 3

                  Back when I used to build Chromium all the time, the worst part was linking (because it happened every time, even if I only touched one source file.) And [current] linkers are both not parallelizable, and heavily I/O bound, so a distributed build system doesn’t help The only thing that helped was putting the object files on a RAM disk.

                  1. 1

                    I don’t recall what was being used because I was a huge Unix fanboy at the time and wouldn’t touch Windows (tl;dr I was even more of an idiot than I am now) but back like 10+ years ago, I recall some folks at $work had this in Visual Studio. I don’t know if it was some add-in or something built in-house but it was pretty neat. It would normally take a couple of hours to compile their projects on the devs’ machines, but they could get it in 5-20 minutes, depending on how fresh their branch was.

                    I haven’t seen it because it was way before my time but I had a colleague who described basically this exact mechanism, minus the cloud part, because this was back in 2002 or so. ClearCase was also involved though so I’m not sure it was as neat as he described it :-D.

                    Cloud-based instances are, I suspect, what would really make this useful. Both of those two things were local, which wasn’t too hard for $megacorps who had their own data centres and stuff, but are completely out of my one man show reach. I don’t have the money or the space to permanently host a 28-core machine with 64G of RAM, but I suspect I could afford spinning some up on demand.

                    I wish this didn’t involve running an IDE in a damn browser but I guess that ship has sailed long ago…

                    1. 2

                      Back when we had all those powerful workstations co-located in an office, we had them running icecc, which is really damn awesome and got us above 100 shared cores. For a while, I even ssh’d into my workstation remotely and it worked quite well. But my machine failed me and getting it home was easier than making sure it’s never going to require maintenance again. Especially given that physical office access is very limited.

                      (As an aside, I agree running an IDE in a browser feels wrong and weird but vscode is pretty OK in terms of usability, considering it’s running on chromium)

                  2. 2

                    Docker and Vagrant can be heavy to run and often don’t make reproducible builds. Something like Nix or Guix can help with this part, and if you throw in a Cachix subscription, you can safely build and push once from a developer’s machine to CI, production, and other developers with less overhead.

                    1. 1

                      Usually I find it very frustrating to do any sort of development where there is human noticeable (and variable) latency on responses to keystrokes. (eg. Working From Home via vnc or something).

                      I suspect I’d find this extremely frustrating.

                      I have been working with a thin schroot container like thing. (ie. Tools, cross compilers, build system etc in a tar ball that gets unpacked into a schroot, gui tools and editor in the native host)

                      That has been working just fine for me. Schroot is smart about updating the tools when they change.

                      1. 1

                        I’m curious what issues you saw/see with a Vagrant setup, that you think some kind of ‘develop in a browser’ environment would solve?

                      1. 26

                        I am beginning to get concerned at the author’s self-promotion here.

                        1. 1

                          Do you just mean the number of self-authored articles posted in a row?

                          What are the lobste.rs rules (or unofficial norms) around submission frequency?

                          1. 18

                            For a user account 1 month old, they have only submitted their own stuff, and 3/4 of it has been variations on OOP clickbait.

                            Personally, I like to see folks submitting their own stuff–unless it’s really, really good and in most cases frankly it isn’t–at like a 1 in 5 or smaller ratio…and only after they’ve been actively engaging in the community for months.

                            1. 9

                              He is engaging substantively here in the comments and isn’t promoting a business so I don’t have an issue with it (don’t have an opinion on quality of this post)

                              1. 4

                                This seems like their way of engaging in the community. I would encourage them to post a variety of sources on top of their own content, but months of other participation before submitting anything of their own seems like gatekeeping. All the posts are well-rated and have led to active conversations that they themselves participate in - I don’t see a big deal.

                                1. 8

                                  I’d say, by the number of spam votes, the community doesn’t want him engaging in this specific way. It’d feel less spammy if he submitted things in addition to anti-OOP rants.

                                  1. 3

                                    About 100 upvotes and 150ish comments vs 22 spam votes, mostly on this post where an influential community member commented about self promotion.

                                    1. 5

                                      I was already seeing the spam votes on this climb well before friendlysock commented. They’re all on this one because his first two posts weren’t spam while this one is, being his third anti-OOP rant in ten days.

                                      1. 4

                                        I see +36, -18, 20 users hidden. I think it’s safe to say it’s controversial.

                                    2. 5

                                      We gatekeep by requiring invitations.

                                      Gatekeeping with social norms works pretty well for keeping the site worth reading.

                                      1. 1

                                        months of other participation before submitting anything of their own seems like gatekeeping.

                                        Yes, that would be the objective.

                                    3. 6

                                      What are the lobste.rs rules (or unofficial norms) around submission frequency?

                                      The top post from an earlier discussion proposed a guideline that one third of your submissions can be your own material.

                                      The source marks users as heavy self promoters if they authored 51% or more of their submissions.

                                  1. 8

                                    This isn’t a Typescript thing, it’s in regular JavaScript https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Optional_chaining (for those who only read the title)

                                    1. 5

                                      I’m also a little surprised at the popularity of this article. Not only is this not really a TypeScript feature per se, but TypeScript support for it has been out for almost two years now. Anyone writing TypeScript in VS Code has probably seen it auto-insert option chaining into statements with nullish properties. This auto-insertion is actually frustrating for those of us free from the shackles of IE 11 and Babel but still stuck with Webpack 4 since the parser it uses doesn’t support this or other recent syntax innovations.

                                      1. 1

                                        How has it come about that you are able to use modern tsc while simultaneously being stuck on old webpack?

                                        1. 2

                                          Stuck on Vue 2 like much of the Vue ecosystem, at least at the time we started our project.

                                        2. 1

                                          I used it as a jumping-off point to talk about optional chaining in general TBH

                                      1. 12

                                        Ruby has had this for a little while, and I accept that this is a popular language feature… HOWEVER: the more I see this sprinkled around code, the worse of a code smell I find it to be. I have actually seen a style emerge where people default to using this rather than traditional method-calling, and it drastically increases the complexity of a piece of code. It’s almost never tested behavior, it’s more of a way to avoid failing-fast, ensuring that tracking down the true source of a problem is much, much harder.

                                        Like any tool it can be useful and it can also be misused - I have to accept that it’s here to stay in null-permitting languages. For now it bums me out, though.

                                        1. 3

                                          Yes. I think it should only be used at the boundaries as part of quick and dirty validation. If you’re using it outside of a constructor/converter, you’re using it wrong.

                                          1. 3

                                            Speaking from TypeScript, in which you can constrain away nulls at any declaration:

                                            I think it’s a matter of the data you’re dealing with. If a data type has optional properties, it should be fair game for use with optional chaining. Getting an optional result from a property lookup means you can collapse multiple null checks into one and get code that’s easier to read, for instance.

                                            But first, the data type has to be suitable. Most functions’ argument types ought to disallow undefined / null, if what the function would do in that case is return undefined / null anyway. Push the responsibility for that check back to the caller, and it will both reduce the function’s complexity and prevent calling it with optional-chained expressions. “For best results, squeeze tube from bottom.”

                                            1. 2

                                              Clojure has a threading macro which allows this, and doesn’t turn into a code smell but a warning that there will be special casing for nil and the check for a valid value is in that section. Normally the behavior it guards is tested or relied on elsewhere, and not just a throwaway “don’t crash here please.”

                                              1. 2

                                                In Ruby code at work, we have a strict rule against chaining the safe navigation operator.
                                                Single use is discouraged, but allowed in situations like simple presentational code, or if used in a way that does not propagate null values further, e.g. when the code provides a default:

                                                user.favorite_color&.titleize || "None"
                                                

                                                In cases like this it is being used a slightly-more-terse replacement for a ternary operator:

                                                user.favorite_color.present? ? user.favorite_color.titleize : "None"
                                                

                                                I don’t care for it myself, but enough of the team does, so the compromise has been allowing these singular uses, but never chaining.

                                                I agree with you. Chaining is a big red flag. If one is drilling down into some crazy deep object chain as in user&.company&.address&.state, it is a sign that something else is wrong, and the need to reach for the safe navigation operator is a smell pointing to that.

                                              1. 2

                                                I wouldn’t go so far as to suggest merging, but I would point out that there’s a connection between this and another recent post: https://lobste.rs/s/tdalbi/gpsd_time_will_jump_back_1024_weeks_at

                                                This article is a bit broader-scoped, and gives great context. 🍻

                                                1. 3

                                                  I applaud the effort, but

                                                  With a tenkeyless (TKL) layout, your mouse is only a short hand movement away.

                                                  ^ or just mouse with your left hand (actually not that hard for right-handers, if you give it a try for a short while). The lack of numpad is a showstopper for me, but I’ll be watching out for any developments, if they offer a with-numpad version in the future.

                                                  Also: The compact layout kind of turns me off. I fear that my muscle memory would conflict too often. (I dislike laptop keyboards for this reason.)

                                                  1. 4

                                                    Agreed — I need a numpad for real work, not for numbers but as a dozen or so macro keys. Most vitally, I map the top row to undo, cut, copy, paste so I can whack those with the right hand while mousing with the left.

                                                    This is objectively the best keyboard layout for all people who are exactly like me. When will the industry learn?!

                                                    1. 2

                                                      I used to have strong pro-tenkey opinions, and have found myself converted to using a separate tenkey (or macro pad as you describe). Yes, it’s one more thing, and it also offers more flexibility. It’s an acceptable trade off in my mind.

                                                      If you like what ya got and don’t want to change that’s a-ok too. I wanted to give voice to an alternative at least.

                                                      1. 1

                                                        Nice to meet someone who works similarly to me! We seem rare. I have my numpad mapped to [KDE] desktops, giving me one-key access to numerous windows. Your practice of mapping the clipboard functions to the numpad is interesting. I guess I haven’t run into that because I use the Dvorak layout, where Ctrl-C and Ctrl-V are manageable with the right hand.

                                                        1. 2

                                                          Sounds like @snej needs a Sun Type 5. Props key to you!

                                                      2. 1

                                                        There is no reason the numeric block isn’t on the left side of the keyboard, save for adhering to tradition at any cost.

                                                        1. 6

                                                          Throwing this out there - the distance you created can be reclaimed. The maintainers today would welcome fresh contributions!

                                                          I also agree that Chelimsky was an incredible steward, maintainer and contributor. He set the course that made RSpec what it is today, and it’s dang good.

                                                          It’s worth calling out that Myron Marsten, Jon Rowe, Penelope Phippen carried that forward into being rock solid, reliable, and dependable.

                                                          What I would like to see going forward is some kind of bridge into property based testing. I don’t have a complete vision for what that might look like, but it would open up a world of possibility.

                                                          1. 8

                                                            Oh, I’m not sure I care to reclaim any distance. It’s a mostly good memory at this point. I have regrets, which I think I shared effectively, but I couldn’t be more proud of where it’s at today. And the current maintainers are fantastic.

                                                            I tried picking up some tickets a few years back, and it didn’t feel like home anymore.

                                                            I guess I like what they’ve done with the place, but all of my furniture is gone, so it doesn’t feel like home anymore. Maybe the future holds something different, though.

                                                          1. 3

                                                            I loved reading the process behind cracking this. I do not have a ton of background about the state of previous efforts - was this already solved/decrypted by the FBI? Here’s what stood out:

                                                            David submitted this solution to the FBI Cryptanalysis and Racketeering Records Unit (CRRU) on Saturday, December 5, 2020. Shortly after, the FBI was able to officially confirm the validity of our solution.

                                                            Was it confirmed because they already solved it (and kept it to themselves)? Was it confirmed because they agreed that the approach was sound and yielded information they could confirm via other evidence?

                                                            Any which way, the results give surprising insight into the mindset and twisted motivations of the killer. I have to wonder if this unlocks any investigative avenues or anything. They say it’s an open case, but it feels like something that will never have a satisfying resolution.

                                                            1. 3

                                                              “Verified” in this case means that they followed their steps and arrived at the same solution and gave their approval that the approach was sound. One of the people who collaborated on the solution made a very good video detailing the process: https://www.youtube.com/watch?v=-1oQLPRE21o

                                                              1. 2

                                                                AFAIK, the FBI had not cracked it prior to this, which makes this sort of thing even cooler.

                                                                1. 1

                                                                  You never know. Look the case with Golden State killer who got caught thanks to one of their relatives doing a DNA test. While it would be interesting to get into the mind and motives of the killer while they are still alive, identifying that person after they have died would also bring some satisfaction. So I wouldn’t rule out that one day authorities might actually find the killer.

                                                                1. 3

                                                                  This same issue has affected the Golang community also. Sounds like tooling had removed some GPL notices, which at some point then got copied into these shared libraries. The tooling was fixed and recently some obvious IP/license violations have been identified. It’s a bummer, but seems to be getting resolved reasonably.

                                                                  1. 3

                                                                    That discussion got… heated. But interesting, because people are raising the (genuinely interesting and relevant) question of whether a database of mime-type information is even copyrightable – under US law – in the first place, as US copyright law generally does not extend to compilations of facts. There’s a certain amount of unfortunate misinformation and misunderstanding of the key concept there, too (generally, the “creative effort” required to make something copyrightable is not “it took creative effort to discover this fact”; otherwise you could copyright things like fundamental physical constants, since it takes “creative effort” to find a way to determine their values).

                                                                  1. 8

                                                                    My own philosophy is that blogs don’t need comments. If you want to respond you can contact me or write your own blog post or tweet or tiktok about it - whatever it may be. I don’t want to assume responsibility for moderating and/or curating somebody else’s words that will show up alongside my own.

                                                                    1. 2

                                                                      Personally, I’m often disappointed to find that a blog post doesn’t have a comments section. Writing an e-mail just to express your gratitude feels weirder than leaving a comment.

                                                                      1. 3

                                                                        I appreciate gratitude expressed by email way more than that expressed by comment.

                                                                        I also feel a comment section is meant to serve other readers of the article at least as much as its author, so in fact I feel expressions of gratitude about the article are misplaced in the comments.

                                                                        1. 1

                                                                          I also feel a comment section is meant to serve other readers of the article at least as much as its author

                                                                          That’s a good point, and I agree!

                                                                          What I dislike about writing e-mails is the ceremony involved. I need to explain what article I’m referring to, why I’m writing, say hello and goodbye and so forth. In a comments section, all of those things are implied. (That’s not to say I dislike writing e-mails in general, just as a replacement for comments.)

                                                                          1. 1

                                                                            Indeed. That is why I appreciate emailed expressions of gratitude so much more – here I have someone so compelled to say thanks that all the trouble they had to go through didn’t deter them. It just hits differently.

                                                                            (Doesn’t mean a graceful and sincere response necessarily comes naturally, so sometimes I have taken a long time to reply and in a handful of cases I never did – but don’t let fear of shouting into a void discourage you. I promise, if the author does see your message (which spam filters unfortunately do make uncertain), it will almost certainly be gladly received, even if you never hear back.)

                                                                        2. 1

                                                                          I make a point of writing emails to express gratitude. Maybe it’s a little weird, but it’s almost always appreciated.

                                                                        3. 1

                                                                          I how many (if any) tiktoks exist that are replies to blog posts.

                                                                        1. 6

                                                                          Yeah this makes sense. Every single line I write is a part of a puzzle that makes sense with the rest. The order of statements and their interaction and meaning is more of a problem to solve than a transfer of information. I wish I could phrase it better.

                                                                          I would bet that if you verbally gave a riddle to someone their brain would light up the same way.

                                                                          1. 2

                                                                            This sounds similar to how I think about writing code. It’s creating a puzzle, part of which is also a puzzle itself: to create it with enough clarity that it can grow over time. If the puzzle you create can be understood quickly by other puzzlers you did a good job. Oftentimes that other puzzler is yourself in 6 months. There’s also something important in the puzzle design around compartmentalizing features so that as they grow changes don’t have broad-reaching effects to other areas of the puzzle. A lot about how you approach a puzzle can depend on the tools you are using, the most-important tool being the language you write it in.

                                                                          1. 18

                                                                            People who stress over code style, linting rules, or other minutia are insane weirdos

                                                                            Having an automatic clang-format filter on git check-in solves so many of these pointless arguments.

                                                                            1. 20

                                                                              Oh, the insane weirdos will find things to bicker about even if you pass every linter rule there is.

                                                                              I wish I were kidding but you’ll find, for example, that if you do something like this:

                                                                              buffer.append("\r\n");
                                                                              buffer_len += 2;
                                                                              

                                                                              in a single place, as part of a completely non-essential function in a 2,000-line program, they’ll complain about the magic number on the second line. Rewrite it like this:

                                                                              buffer.append("\r\n");
                                                                              buffer_len += len("\r\n");
                                                                              

                                                                              yep, you’ve got it, they’ll complain about the magic string on both lines, plus what happens if someone changes the first one and forgets to update the second one (“yes I know the spec says lines are always terminated with \r\n but it’s not good programming practice!”)

                                                                              No problem, you say – ironically, they’re kindda right this time, so okay:

                                                                              buffer.append(CR_LF);
                                                                              buffer_len += len(CR_LF);
                                                                              

                                                                              …but the meaning of CR_LF is very opaque, it doesn’t emphasize that this is meant as a line terminator and it may not be obvious to people who come from a Unix background, rather than Windows (oh yeah, totally, I always wondered what those weird ^M signs were in my files, yeah, it’s not obvious at all). Perhaps we should call it CR_LF_TERMINATE_LINE instead?

                                                                              Sure,

                                                                              buffer.append(CR_LF_TERMINATE_LINE);
                                                                              buffer._len += len(CR_LF_TERMINATE_LINE);
                                                                              

                                                                              Okay, you say to yourself, clearly this is the end of the line? Nope, they’ll get back to you with something like:

                                                                              “I think it’s okay in terms of variable names but the code as it is right now is inelegant to the point where it’s unmaintainable. It’s bad programming practice to repeat yourself (links to DRY entry on Wikipedia) – you should refactor this into a single, general function that appends a user-defined sequence to the original buffer and modifies its length accordingly.”

                                                                              When you do that, the problem, of course, will be that the function is too general now, and you’ll really want is to add a separate, buffer_terminate_line function that calls the more general “append” function with "\r\n". Of course, you’ll now have two functions, both called from just one place: one is called by the other function, the other one is called in your code above. You got a longer, probably buggier program, but it’s so much more readable now. Assuming you named the functions correctly, that is ;-).

                                                                              The example above is fictional for obvious reasons but I ran into it regularly throughout my career.

                                                                              It’s a little better now that I’m a contractor – I no longer fuss about these things and will happily bill companies that don’t keep their “well ackshually” developers in check, unless they want something that’s literally wrong.

                                                                              Edit: some of the comments around here are… like, so blissful, like y’all think these are just things that you read about on The Daily WTF but surely nobody encounters this all the time, right? You have no idea how lucky you are and I have no nice words to say to you, your happiness fills me with dread and the fact that there are programmers who don’t experience these things on a weekly basis is so foreign to me I just hate you all right now and I’m going to go to bed and hate you all while I’m waiting to fall sleep! Did I say how much I hate you, lobste.rs? Ugh!

                                                                              Okay, no, seriously, these things are just so common that, with every year that passes, I find myself spending more and more time wondering why I still put up with it instead of, I dunno, anything?

                                                                              1. 4
                                                                                buffer.append("\r\n");
                                                                                buffer_len += 2;
                                                                                

                                                                                Dumb question but, ah, is there some reason why buffer_len isn’t a field on buffer which is updated for you by the .append() call? ;)

                                                                                weirdos will find things to bicker about even if you pass every linter rule there is

                                                                                The inverse of this is finding weird people who go to elaborate lengths to defeat a linter a rule that is pointing out a genuine bug in software, rather than just fixing it.

                                                                                (This is not an accusation towards you, just that sentence reminded me of it.)

                                                                                1. 7

                                                                                  Dumb question but, ah, is there some reason why buffer_len isn’t a field on buffer which is updated for you by the .append() call? ;)

                                                                                  The fictional code example above is written in a fictional language that doesn’t allow integer fields for objects called “buffer” :-P

                                                                                  The inverse of this is finding weird people who go to elaborate lengths to defeat a linter a rule that is pointing out a genuine bug in software, rather than just fixing it.

                                                                                  Oooh, I have a collection of stories about this one, too :(. Way back when I was working for $megacorp, I was more or less the chief intern herder in the worst internship program you’ve ever seen. They’d hire a bunch of interns over the summer and the only plan about what to have them do was “something easy because we don’t have anyone to supervise them”. I was in one of the few teams that wasn’t ran by morons and I had some idle cycles to spare once in a while, so I’d try to help the poor souls who ended up there over the summer.

                                                                                  One of the things they regularly ended up doing was run Coverity scans, fix the trivial bugs and report the more complex ones (super easy to quantify, right?). This would roughly go as follows:

                                                                                  1. Ian Intern would report a bug to Grumpy Senior

                                                                                  2. Grumpy Senior would close it without even looking at it because he had no idea who Ian Intern was, probably an intern

                                                                                  3. I’d reopen the bug, ask them to at least confirm it before closing it.

                                                                                  4. Grumpy Senior would close the bug immediately saying there’s nothing to confirm, it’s just a linter warning

                                                                                  5. Ian Intern would reopen the bug with a crash dump

                                                                                  6. Grumpy Senior would close the bug as unreproducible, Ian Intern probably did something wrong

                                                                                  7. I’d reopen the bug because it’s a fuckin’ crash and we can’t tell our users they’re holding it wrong (this is usually where I started bringing out the tiny guns, i.e. Cc-ing managers in bug reports).

                                                                                  8. Grumpy Senior would reluctantly look at it but it’s definitely not that, that’s just a linter warning.

                                                                                  Now comes the beautiful part:

                                                                                  1. Three days later, Grumpy Senior would push a bullshit fix and close the bug.

                                                                                  2. That same day, they’d push the actual fix, with a commit message saying “Misc. style and Coverity warnings fixes”

                                                                                  And so on – multiplied by about 40 Grumpy Seniors all over the organisation, and about six months’ worth of bad code because Coverity fixes took a lot of work so they only ran the scan once every six months :-D.

                                                                                  1. 1

                                                                                    The fictional code example above is…

                                                                                    Heh. ♥️

                                                                                    the worst internship program

                                                                                    Oh the poor little darlings. The way the org behaved to them sounds toxic. Good on you for trying to improve it. (But alas maybe Sisyphean.)

                                                                                    1. 2

                                                                                      Sisyphus the game (for the Atari 2600 no less!).

                                                                              2. 7

                                                                                found the weirdo! (I’m only poking fun at you)

                                                                                I have 100% grown to appreciate “deciding once” with automatic formatters, and resisting urges to “re-decide” as much as possible. I have ALSO realized that it can be a HUGE pain to “decide once” after you’ve already scaled to many teams + lots of code. You want to do that up front, early-on, and stick with it.

                                                                                1. 4

                                                                                  :)

                                                                                  The big advantage of having settled on a particular clang-format is that it’s not someone else’s choices that annoy, but just the arbitrary decisions of the formatter & that seems to defang the drive to nit-pick over formatting choices.

                                                                                  I agree that it’s a huge pain to enforce a format late into a project though.

                                                                                  1. 3

                                                                                    My biggest gripe with many automatic formatting tools is that they pointlessly frob with line endings: clang-format will enthusiastically add or remove them by default, leading to code that I can describe as nothing short of butt-ugly by any standard. Luckily you can disable this with ColumnLimit: 0, but it’s a horrible default that too many projects use IMO. Splitting a 81-column sting over two lines is silly, and forcibly put all the arguments for XCreateWindow() on 1 or 2 lines “just because there is space” is even worse.

                                                                                    1. 2

                                                                                      Personally, I find working with a column limit set to around 120 nice and comfy, so I set clang-format to that & if it occasionally does something a bit odd I decide not to care about it. I save more time by never having to hand format code than I do obsessing over the odd corner case where it doesn’t make the “perfect” aesthetic choice.

                                                                                      1. 1

                                                                                        yep, or messing with vertically aligned code

                                                                                      2. 2

                                                                                        It’s not even that, I think. Not that the automation makes it so you’re not mad about the choices, but rather that you’re not forced for manually reformat a fuckload of code to please some arbitrary whinging program as the final step of every change.

                                                                                        1. 6

                                                                                          I often just write stuff like if x==y{return 42} now and just let gofmt deal with all of that. A small but measurable productivity boost.

                                                                                          1. 1

                                                                                            Exactly. Code formatters let you get on with with the actual job of writing code.

                                                                                            I setup emacs to invoke the formatter on every enter, or with a key-binding when I want to invoke it directly. Why waste time inserting spaces / carriage returns when the formatter does a perfectly good job?

                                                                                    2. 1

                                                                                      Tried that in the last place I worked and people just started complaining about the formatter configuration ahaha

                                                                                      1. 1

                                                                                        That probably depends on the team. We have a clang-format style that isn’t my preferred style but it’s consistent and I’d much rather use a consistent style that is not quite my ideal than argue about style. Because everything is consistently formatted, if I cared enough, I could apply a different style, modify the code, and then format it back. I actually supervised a student building a tool designed for exactly that workflow (which he presented at EuroLLVM some years back; CELS: Code Editing in Local Style). I wish GitHub would integrate something like that into their code view. Don’t like the style of the project? Render it in a different style in code reviews and when you browse their code.

                                                                                        1. 1

                                                                                          I’m kind of okay with that in theory as long as the result is (possibly rejected) patches to the repo containing the formatter config.

                                                                                          It might be helpful if the formatter config looks scary so people are hesitant to frob it unnecessarily.

                                                                                      1. 87

                                                                                        I work at Signal, and here are my two cents:

                                                                                        Signal is incrementally better than the incumbents on the technology side. We do a better job encrypting message contents than most and I think we do a much better job staying ignorant about message metadata (e.g. who you’re talking to) than our competitors. I’m proud of the work my colleagues have done and I do think we have some significant differentiators, but Signal’s architecture is similar to WhatsApp’s.

                                                                                        The bigger shift, I think, is not technical. People know that corporations don’t always have users’ best interests in mind; Facebook is emblematic of this problem. In my view, shifting from a for-profit app to a nonprofit one is as significant as switching from a centralized platform to a federated one, if not more significant.

                                                                                        That’s not to say Signal gets a pass; we are far from perfect. But I think we’re a baby step towards the ideal.

                                                                                        I spend a lot of time on Mastodon and the cries for a better federated/decentralized system are loud there. I, too, would love to see messaging get there in the mainstream. Maybe it’s Matrix, maybe it’s Berty, maybe it’s Briar, who knows. But I see Signal as an important step to get there.

                                                                                        This isn’t an official response from Signal, just my opinion!!

                                                                                        1. 12

                                                                                          Thanks for the input here! I think these are reasonable ways to view things even if I periodically express frustration at the ways Signal falls short of (or operates on a philosophy that contradicts) my personal ideal. I derive a tremendous amount of value from it even if I’m uncomfortable with, say, the stances laid out in the ecosystem is moving, and I’m grateful for the utility provided in a very hard space to work in.

                                                                                          The bigger shift, I think, is not technical. People know that corporations don’t always have users’ best interests in mind; Facebook is emblematic of this problem. In my view, shifting from a for-profit app to a nonprofit one is as significant as switching from a centralized platform to a federated one, if not more significant.

                                                                                          As someone who works for a nonprofit on a public good that’s extremely centralized in architecture (I’m an employee of the Wikimedia Foundation), I tend to share this view. The way software labor gets paid for is crucial, and if there might be better models than a foundation, then there are certainly also far worse ones.

                                                                                          That said, though I’d far rather work for a donation-supported nonprofit than most of the realistic alternatives, our centralization sure is a vulnerability that keeps me awake at night. All institutions are vulnerable to capture, corruption, or collapse, and I wish we had better models for mitigating that risk. I’m pretty sure federation / distribution of architecture is an important piece of the puzzle, but it’s often difficult to discuss that in a way that’s also clear-eyed about the benefits and affordances of centralization.

                                                                                          1. 4

                                                                                            That’s not to say Signal gets a pass; we are far from perfect.

                                                                                            Out of curiosity, in what ways would you hope the project would improve?

                                                                                            1. 4

                                                                                              Maybe it’s Matrix

                                                                                              Matrix’s future is encouraging, because they tackle not only centralisation but also moderation.

                                                                                              The answer is to remove the centralisation. Users should be able to make up their own minds and make their own censorship decisions - something that we’re actively working on and supporting via Matrix’s decentralised reputation work. – https://element.io/blog/2021-escalated-quickly/

                                                                                              1. 3

                                                                                                I don’t think we automatically get a pass because we’re a nonprofit. I’d trust a nonprofit’s incentives over a corporation’s, but we could still do plenty of bad things. I’m not aware of us doing anything like this, but I want to avoid saying “nonprofits = always pure and good”.

                                                                                                The most obvious improvements I see are with the desktop app, which is what I work on day-to-day. It’s no secret that the app is buggy, consumes a lot of resources, and isn’t at feature parity with the mobile apps. I joined in an effort to improve those things, but there’s still a ways to go. Turns out it’s hard to build a good native app for three different operating systems (especially when no two Linux installations are the same)!

                                                                                                1. 1

                                                                                                  For what it’s worth, there’s no love lost between me and the Electron end-user experience in the general case, but Signal at least manages to be the one Electron app I run routinely. On my fairly new and expensive desktop system I don’t usually have performance complaints and I can’t remember it crashing much. That may sound like damning with faint praise, but then again if you’ve used the typical Electron-based chat app maybe not…

                                                                                                  1. 1

                                                                                                    Tangent on this, a lot (or at least some) would like to know if OWS has a stance on making bots and clients for unsupported operating systems. That bear has to be poked eventually and we can only hope for a positive response! :)

                                                                                                2. 4

                                                                                                  I know you can’t answer this (and might not be fair for me to ask) but what’s your opinion of the Radio Free Asia (CIA spin off) funding that seeded Signal? I’m not trying to create FUD, just not seeing much talk about it. How do you convince a skeptic like me?

                                                                                                  Also, why isn’t Signal investing in p2p? Maybe you can answer the second question…

                                                                                                  1. 16

                                                                                                    You are swallowing FUD from the same people that has been trying to discredit the Tor project for the past 6-7 years on the same reasons.

                                                                                                    Inherently it doesn’t matter if CIA throws money on secure crypto. Because it’s secure. The double ratchet algorithm has had eyes on it for years and considering the fairly good track record of people finding suspicious crypto I’m not even batting an eye on the conspiracy some people are trying to push.

                                                                                                    1. 6

                                                                                                      If a US government run conspiracy exists around Tor I would be far more worried it relates to the laughably low count of active nodes and the potential that a not so insignificant count of them are being run by malicious parties.

                                                                                                      1. 11

                                                                                                        You don’t need a conspiracy to point at the multiple successful attacks against the Tor network and active sybil attacks people have used on it though.

                                                                                                        1. 3

                                                                                                          Who brought up conspiracy theories? Is it a conspiracy to think that the intelligence community would be more likely to fund a project that they can crack?

                                                                                                          1. 5

                                                                                                            When a large group of people with disparate goals and interests are treated as though they were all cooperating on a single unified goal, yeah, that’s conspiracy. At the very least, the intelligence community is divided into two very different groups: “attackers” and “defenders”.

                                                                                                            It’s quite plausible that the “attackers” group would want to fund vulnerable crypto systems in the hope that more useful traffic would be unprotected. However, it’s also quite plausible that the “defenders” group would want to fund very strong crypto systems, so that their agents’ communications would be secure, and hidden among a flood of equally-secure civilian communications.

                                                                                                            Just saying “Ah, this was funded by a spin-off of the CIA!” is not in itself evidence of vulnerability or security. If you could prove whether that funding came out of the “attackers” or “defenders” budget, that would be interesting and useful.

                                                                                                            For me, the fact that the CIA money was part of the seed funding (not when Signal was already popular) suggests that the money came from the “defenders” budget — they hoped it would get big enough that their own agents’ traffic would go unnoticed. I’d expect a donation from the “attackers” camp to come later on, once they had found a weakness, to help Signal establish a lead over competing apps without known weaknesses. That’s not proof, of course, but without hard evidence nothing’s certain.

                                                                                                            1. 1

                                                                                                              When a large group of people with disparate goals and interests are treated as though they were all cooperating on a single unified goal, yeah, that’s conspiracy.

                                                                                                              is anyone saying that?

                                                                                                              Just saying “Ah, this was funded by a spin-off of the CIA!” is not in itself evidence of vulnerability or security.

                                                                                                              …or that?

                                                                                                              1. 1

                                                                                                                There are people saying that. Which is why this is being discussed in the first place.

                                                                                                                1. 1

                                                                                                                  who/where?

                                                                                                      2. 6

                                                                                                        What FUD are they swallowing exactly? They only stated that a CIA spin off initially funded Signal, which is true. It’s reasonable to ask why the U.S. intelligence apparatus would want to fund projects like Signal and Tor.

                                                                                                        1. 2

                                                                                                          Sure but in some cases, the CIA’s and the public’s interests can be aligned. Strong crypto, safe communication, identity hiding proxies are needed for both.

                                                                                                          1. 3

                                                                                                            sure, for some definitions of “the public.” during periods for which we have records of CIA activities, the peasants of southeast asia probably would’ve preferred the CIA to be less able to secure identities and communications.

                                                                                                          2. 1

                                                                                                            The FUD is that this somehow compromises the integrity of signal.

                                                                                                            1. 1

                                                                                                              Depends what you mean by integrity and what you think of Radio Free Asia.

                                                                                                            2. 1

                                                                                                              Well, when someone asks on lobste.rs, where they know that the chances of getting a factual answer to this question are zero, you might reasonably think that the question isn’t a straightforward request for factual answer. What else might it be? FUD and innuendo are among the possiblities.

                                                                                                              Personally my first guess for that funding would be someone at the CIA used some money in a way that helped their own performance reviews and maybe get them promotions, without regard to what effect it would have on other people at the CIA or NSA.

                                                                                                              “Tasks accomplished this year:

                                                                                                              • Blah that helps Chinese/Burmese/Indonesian blah blah against state wiretapping”

                                                                                                              This is a guess, not a factual answer. I’m just assuming that the CIA is no better coordinated than the places where I’ve worked. That people at the CIA will put their own department’s tasks and goals above those of other people in other buildings, just like… I could digress into frustrated rambling here.

                                                                                                              1. 1

                                                                                                                so you’re insinuating through innuendo that the only reason they would ask for an open ended opinion on this topic, is to spread FUD

                                                                                                            3. 4

                                                                                                              A union election is about to start in the Amazon facility in Bessemer, Alabama. Amazon wanted the election to run on their internal voting system instead of mail in ballots. The union reps declined because they were suspicious about running a union vote on the companies own platform for what seems to be like a good reason. Of course Amazon made the same arguments, that their software is secure an anonymous.

                                                                                                              The question is it legitimate FUD? Because it seems to me, if people are getting on Signal because they are worried about US government monitoring, then it would seem like a legitimate concern that the CIA funded the same software they are trying to use.

                                                                                                              Just because it’s FUD doesn’t mean it’s illegitimate. Just like just because it’s a conspiracy theory doesn’t mean there isn’t a conspiracy. I personally think this is a legitimate concern and there is no reason to believe Signal at face value given it’s history.

                                                                                                              Let’s also point out that technically, it’s very easy to shut signal down. Look at the recent outage. Look at the fact they are renting AWS hardware. Even if you don’t believe the FUD, nothing technically about signal seems robust.

                                                                                                              1. 5

                                                                                                                A union election is about to start in the Amazon facility in Bessemer, Alabama. Amazon wanted the election to run on their internal voting system instead of mail in ballots. The union reps declined because they were suspicious about running a union vote on the companies own platform for what seems to be like a good reason. Of course Amazon made the same arguments, that their software is secure an anonymous.

                                                                                                                How does this apply to signal? Union workers that has consistently been under threat and pressure in the US are completely sane to consider something else. For this argument to make sense then you are just suggesting signal is in direct opposition to the goal of their users. This feels like constructing some strawman.

                                                                                                                The question is it legitimate FUD? Because it seems to me, if people are getting on Signal because they are worried about US government monitoring, then it would seem like a legitimate concern that the CIA funded the same software they are trying to use.

                                                                                                                I disagree that some undocumented donation from a government agency is funding anything. The article Yasha has written is pay walled. Whatever donation they made years ago doesn’t matter as they have created a non-profit and gotten a significant donation from the whatsapp founder.

                                                                                                                Just because it’s FUD doesn’t mean it’s illegitimate. Just like just because it’s a conspiracy theory doesn’t mean there isn’t a conspiracy. I personally think this is a legitimate concern and there is no reason to believe Signal at face value given it’s history.

                                                                                                                The argument needs to be stronger then “some government agency gave a donation”.

                                                                                                                1. 3

                                                                                                                  The union comparison is correct because there is a long history of vulnerable groups being targeted by the US government. Isn’t it sane for the same groups to be suspicious of tech funded by their oppressors?

                                                                                                                  1. 1

                                                                                                                    Are you saying that any organization taking donations from the US government is ultimately working for the US government to do their bidding?

                                                                                                                    Isn’t it sane for the same groups to be suspicious of tech funded by their oppressors?

                                                                                                                    This is inane. How much money was given how many years ago?

                                                                                                                    1. 2

                                                                                                                      Obviously if the USPS funded it, or national park service, or the NSF, I wouldn’t be really be that concerned…

                                                                                                                2. 3

                                                                                                                  The term FUD is only honestly used to describe disingenuous propagandising. Amazon’s voting software is not widely used FLOSS, unlike Tor and Signal. You are actively spreading FUD by making this misleading comparison.

                                                                                                                  1. 3

                                                                                                                    What if it doesn’t matter if the messages are encrypted. What if the metadata, who talks to who when is what they’re trying to capture? Because getting the rest of the conversation is easy… Simply arrest them and get access to the phone.

                                                                                                                  2. 3

                                                                                                                    I don’t think that a donation from the CIA is sufficient enough reason to worry. However it would have surely been smart for a project like Signal not to accept it, given the clear conflict of interests at play.

                                                                                                                    1. 2

                                                                                                                      Or alternatively that money would’ve enabled a lot of good and may not have come with significant strings - after all, I’m sure the CIA would use Signal too if it met their needs.

                                                                                                                      Ultimately we just don’t know. That’s what breeds the conspiracy theory. I’m not convinced we’re entitled to an answer, but it is something that could be easily disspelled if the project wanted to.

                                                                                                                      1. 3

                                                                                                                        You underestimate conspiracy theorists’ ability to do mental gymnastics if you think this can be easily dispelled. Look at how insistent mempko is being about factually incorrect assertions about metadata.

                                                                                                                        Bottom line, historical funding is not evidence of ANYTHING. It’s clear (to me) why the CIA might want something like Signal to exist and be rock solid, but that will never satisfy some who choose to see opportunity for conspiracy.

                                                                                                                        1. 1

                                                                                                                          As far as I know, only contact discovery is in the SGX enclave. Signal themselves made it clear they are working on not knowing who sends messages to who but as far as I know, they aren’t there yet. Am I factually wrong here? I would love to see the evidence. I’m a big boy and can admit when I’m wrong.

                                                                                                                          Signal set themselves up on a huge up hill battle by insisting on a centralized architecture. They could have gone p2p and would have no idea when people are talking and who they are sending messages to. They decided against that because it’s easier to upgrade the client with shiny new features. In other words they chose ease of development over security.

                                                                                                                          And you know what? It worked! They are really popular now and have a really nice client.

                                                                                                                    2. 2

                                                                                                                      I think people are more worried that facebook selling their data than US gov wiretapping. The latter happens anyway.

                                                                                                                    3. 1

                                                                                                                      The double ratchet algorithm has had eyes on it for years

                                                                                                                      The double ratchet algorithm is also fairly simple, and quite obviously correct. Any student in applied cryptography can examine it and convince themselves there’s nothing fishy there.

                                                                                                                      1. 2

                                                                                                                        I’ll repeat what I said above. What if it doesn’t matter if the messages are encrypted. What if the metadata is what they are trying to capture. Signal knows who is connected and who talks with who, when. Getting the rest of the conversation is easy, just get physical access to the phone.

                                                                                                                        1. 5

                                                                                                                          Signal knows who is connected and who talks with who, when.

                                                                                                                          They don’t.

                                                                                                                          https://signal.org/blog/sealed-sender/

                                                                                                                          https://signal.org/bigbrother/eastern-virginia-grand-jury/

                                                                                                                          1. 3

                                                                                                                            additional resistance to traffic correlation via timing attacks and IP addresses are areas of ongoing development.

                                                                                                                            “area of ongoing development” means “we have no solution for this yet”

                                                                                                                            1. 2

                                                                                                                              And? They removed a whole class of metadata, pushing an attack from a trivial lookup to the statistical realm. Is your complaint that they haven’t done enough? That the CIA protected you from everyone but them?

                                                                                                                              I’d love a chat app that advertised itself as “literally only the CIA can read your messages.”

                                                                                                                              1. 1

                                                                                                                                I was responding to /u/Foxboron’s claim that Signal doesn’t know who talks with whom. My understanding is that the IP address logging and traffic correlation can be done by Signal, so they could figure out who talks with whom.

                                                                                                                              2. 2

                                                                                                                                There are solutions for this problem. Examples - Pond by imperialviolet and Vuvuzela. Both hide the fact that you are sending the message. The cost - your device sends data all the time. Most of the time it’s white noise, sometimes it’s encrypted message. Observer can’t distinguish. Obviously, this does not work on mobile because of power requirements.

                                                                                                                                Alternatively, you can introduce random delays. This means you are no longer in chat territory - you are operating mailing service.

                                                                                                                                Anything short of two solutions above makes correlation attacks directed at contact network discovery very doable. And decentralization does not help - it will leak the same or greater amount of metadata, depending on implementation.

                                                                                                                                1. 1

                                                                                                                                  In this case I think the attacks are a lot easier than with e.g. Tor because all messages go through Signal’s servers and they know the identity of the recipient.

                                                                                                                                  1. 1

                                                                                                                                    https://signal.org/blog/sealed-sender/

                                                                                                                                    They know the identity of the recipient, but not the identity of the sender.

                                                                                                                                    There is an argument to be made, that by partitioning users into federated servers (or relay nodes, without permanent residence) you partition your anonymity set.

                                                                                                                                    1. 1

                                                                                                                                      Correct me if I’m wrong but it seems really easy to deduce or guess with high confidence who the sender is, based on the information that Signal servers have access to. For example if you receive a message and reply to it immediately, Signal could get a pretty accurate mapping from your IP address to your identity for that message, no?

                                                                                                                                      If I’m right it’s quite interesting that this blog post is being spread around as evidence that Signal doesn’t know who talks to whom.

                                                                                                                                      There is an argument to be made, that by partitioning users into federated servers (or relay nodes, without permanent residence) you partition your anonymity set.

                                                                                                                                      I don’t see an argument for that. In this case it seems like your “anonymity set” is the group of people who could plausibly use the same IP address as you at the time you are sending a message, which is quite small if not a group of one.

                                                                                                                                      1. 1

                                                                                                                                        Correct me if I’m wrong but it seems really easy to deduce or guess with high confidence who the sender is, based on the information that Signal servers have access to.

                                                                                                                                        Yes. Definitely. But that is also true for an attacker who just controls the routers around signal’s servers, which is cleaner way to attack the network (hard to get caught!).

                                                                                                                                        In this case it seems like your “anonymity set” is the group of people who could plausibly use the same IP

                                                                                                                                        That would be trying to hide the fact that you are using the communicator.

                                                                                                                                        No. I’m speaking about hiding whom is talking to whom. Imagine your server handling high amount of traffic. And we have a hostile router that can see packets and their destinations, but not packet contents. When router does time correlation attack to identify whom is talking to whom, the worst thing server can do is immediately forward messages from sender to the receiver. This makes connecting the dots trivial. Now, if multiple pairs of people talk at the same time, server can introduce a small random delay (lets say below 1s) between receiving and forwarding to confuse the router. More people talking - more possible permutations there is. AFAIK this method of confusing the observer is not a very good one. I recall seeing papers about de-anonymization of Tor users via capturing and analyzing traffic data for a long period of time. But that is a problem of every low latency communication method. To work around that you would need to lots of wasted bandwidth (as in vuvuzela) or long delays (as in mixnet).

                                                                                                                                        1. 1

                                                                                                                                          I think we are talking about two different things. It’s easier for Signal because for each message they know the IP address of the sender (at the time of sending) and the identity of the recipient. If they can figure out who maps to the IP address for a given message, they know the identity of the sender and the recipient for that message – not just that the sender is using their service.

                                                                                                                                          1. 1

                                                                                                                                            My real point - you wont get much in terms of privacy just by distributing servers :-)

                                                                                                                                            1. 1

                                                                                                                                              probably true, but you do get interface stability and independence

                                                                                                                                2. 1

                                                                                                                                  That still means Signal does not know though. You would only get the information with a global adversary which is fairly hard to protect against.

                                                                                                                                  IP (still) does not correlate to a person though.

                                                                                                                                  1. 1

                                                                                                                                    It’s not even a global adversary. You just need an adversary sitting in AWS. And who is bigger a global adversary than the USA?

                                                                                                                                    1. 1

                                                                                                                                      are you saying U.S. intelligence funded a project with vulnerabilities that could only be reasonably exploited by a hegemonic adversary? :)

                                                                                                                                      1. 1

                                                                                                                                        To add to my snarky reply, I don’t think you are right that Signal doesn’t know. If you reply to a message within a few seconds of receiving one, your IP address probably hasn’t changed, so Signal would know your identity as a sender. That’s just one example, and it’s not hard to think of ways that Signal could figure out the sender and receiver in most cases (or at least have a confident guess).

                                                                                                                            2. 5

                                                                                                                              You’ve expressed confidence in Signal’s message encryption. It’s open, well analyzed, and widely used.

                                                                                                                              You’ve expressed concern about Signal retaining metadata. Your only specific threat of “who talks to who when” has been specifically and repeatedly addressed: https://signal.org/blog/sealed-sender/

                                                                                                                              Well over a year after that announcement, I looked at their code to see how it worked. It didn’t. It wasn’t on. And I don’t care enough to look again because…

                                                                                                                              Signal is still strictly more secure than every other major messaging app.

                                                                                                                              Finally: both the autobahn and the US interstate highway system were national defense projects. Should I be skeptical of them?

                                                                                                                              1. 1

                                                                                                                                Moxie doesn’t like p2p and decentralization. He made an entire talk about that during 36c3 and the recording of that talk was promptly deleted after a wave of backlash and criticism since apparently Moxie didn’t actually agree to have the talk recorded.

                                                                                                                                edit: I was wrong and posted rumors.

                                                                                                                                1. 5

                                                                                                                                  that talk was promptly deleted after a wave of backlash and criticism.

                                                                                                                                  That’s not true. The talk was deleted because Moxie asked for the talk to not be recorded and to not be made public: https://twitter.com/moxie/status/1211427007596154881

                                                                                                                                  I just prefer to present something as part of a conversation that’s happening in a place, rather than a webinar that I’m broadcasting forever to the world. I have less faith in the internet as a place where a conversation can happen, and the timelessness of it decontextualizes.

                                                                                                                              2. 2

                                                                                                                                Get to work unionizing so you can force Signal to allow third party clients and federation!

                                                                                                                              1. 42

                                                                                                                                Boring prediction: TypeScript. By the end of 2021 TypeScript will broadly be seen as an essential tool for front-end teams that want to move faster without breaking stuff.

                                                                                                                                The alternatives which launched around the same time (Reason, Elm, Flow, etc…) have all fallen by the wayside, and at this point TS is the clear winner. The investment is there, the ecosystem is there, the engineers (increasingly) are there. The broad consensus isn’t quite there in wider world of all Javascript engineers, but I think it’s coming.

                                                                                                                                Eventually good engineers will leave teams that won’t switch to TypeScript, ultimately hobbling those companies. Their lunch will be eaten by the competitors who’re using TypeScript. But there’ll be money to made dealing with legacy messes of JS / Coffeescript, Backbone, jQuery etc, for the people who’re willing to do it. It’ll be a long-lived niche.

                                                                                                                                Knock-on effects will include decreased use of Python in an application / API server role (I know there’s MyPy, but I think TypeScript is ahead) except where it’s coupled to data-sciency stuff. I think something similar will be seen with Go. I don’t know how big these effects will be.


                                                                                                                                Unrelated prediction: Mongo will make a comeback. I’ve really disliked working with Mongo, but I was completely wrong about the price of Bitcoin this year so I assume Mongo’s comeback is inevitable.

                                                                                                                                1. 10

                                                                                                                                  Eventually good engineers will leave teams that won’t switch to TypeScript, ultimately hobbling those companies. Their lunch will be eaten by the competitors who’re using TypeScript. But there’ll be money to made dealing with legacy messes of JS / Coffeescript, Backbone, jQuery etc, for the people who’re willing to do it. It’ll be a long-lived niche.

                                                                                                                                  This is quite the prediction. I think I can see it happening. Working with a large, untyped JS codebase is a nightmare and can eat through morale quickly.

                                                                                                                                  1. 10

                                                                                                                                    I work in a place with a lot of Node JS, but it’s not my day to day. I quickly went from enjoying javascript to hating it. Recently I have been enjoying doing some small stuff on my own again. I think I’ve decided that hell is other people’s javascript.

                                                                                                                                    1. 6

                                                                                                                                      I’ve decided that most new JS code I write actually should be TypeScript these days. The tooling around the language is too nice.

                                                                                                                                      1. 5

                                                                                                                                        As a hobby I write Ableton plugins in Max MSP. It has JS support, but only ES5, that’s from 2009, and gross. Turns out the best modern transpiler to target that is TS! I was so happy when I found out.

                                                                                                                                        1. 2

                                                                                                                                          I should probably give TypeScript a go. I was pretty annoyed with JS for a while so I didn’t want to spend my spare time learning TypeScript. Unfortunately, the bits of Javascript that I tend to touch are largely agreed to be the worst in the org and there isn’t a lot of energy to move them over to TypeScript. C’est la vie.

                                                                                                                                      2. 1

                                                                                                                                        yep. I’m in the midst of a large feature-add to an angular 1.5.5 site. I’m a bit envious of other teams working with new angular and Typescript.

                                                                                                                                        I think vosper is right - there’s going to be plenty of work available to those who are willing to maintain older frontend tech.

                                                                                                                                      3. 7

                                                                                                                                        Eventually good engineers will leave teams that won’t switch to TypeScript

                                                                                                                                        Any engineer who will leave purely because the company doesn’t switch to $my_favourite_tech_choice is, by definition, not a good engineer. We’re supposed to professionals for crying out loud, not children insisting on our favourite flavour of ice cream.

                                                                                                                                        1. 14

                                                                                                                                          I’d argue switching companies in order to use better tech is what a professional engineer does. Strong type systems are equivalent to constraints in CAD for mechanical engineering or ECAD for electrical engineering. They are absolutely crucial for proper engineering.

                                                                                                                                          A mechanical engineer that wants to use something like Solidworks or Onshape at a company using TinkerCAD would not be looked down upon. Engineers need to use the right tools to actually engineer things.

                                                                                                                                          So yes, switching companies to use and practice with proper tooling is a damn good engineer.

                                                                                                                                          1. 4

                                                                                                                                            I interviewed a bunch of professional engineers a couple years back. Most of them were stuck on using Excel spreadsheets. One was yelled at by his boss for using python scripts.

                                                                                                                                            1. 1

                                                                                                                                              I mean, Excel is a battle-tested functional programming environment which has intermediate states easily visualized and debugged! It has its faults, but I’d imagine it was being used for something like BOM inventory management? In that case it is definitely the right tool compared to Python.

                                                                                                                                              In any case, yes there are many engineering jobs like that in other engineering fields, but there are also many software engineering jobs which deal exclusively with k8s yaml files, which I’d argue is similar but worse.

                                                                                                                                              1. 2

                                                                                                                                                In that specific interview it was for finite element analysis.

                                                                                                                                            2. 2

                                                                                                                                              They [Strong type systems] are absolutely crucial for proper engineering.

                                                                                                                                              Says you. The rigor and engineering approaches “crucial” to systems depends HEAVILY on the domain, but I’m not sure I can identify ANY domain that “requires” strong typing (which is how I interpret “crucial”). Plenty of critical software has been and is being built outside of strong type guarantees. I’m not prepared to dismiss them all as bad or improper engineering. There may be a weak correlation, or just plain orthogonal - hard to say, but your staked position seems to leave no room for nuance.

                                                                                                                                              I think your analogy muddles the conversation, as most software engineers are not familiar enough with those fields to be able to evaluate and understand the comparison beyond taking your statement as true (maybe it is, maybe it isn’t).

                                                                                                                                              Defining “a good engineer” and “proper engineering” seems heavily rooted in opinion and personal experience here. That’s not to say it’s fundamentally un-study-able or anything, but I’m not sure how to make any headway in a conversation like this as it stands.

                                                                                                                                              1. 1

                                                                                                                                                Says you. The rigor and engineering approaches “crucial” to systems depends HEAVILY on the domain, but I’m not sure I can identify ANY domain that “requires” strong typing (which is how I interpret “crucial”). Plenty of critical software has been and is being built outside of strong type guarantees. I’m not prepared to dismiss them all as bad or improper engineering. There may be a weak correlation, or just plain orthogonal - hard to say, but your staked position seems to leave no room for nuance.

                                                                                                                                                Sure, no domain “requires” strong typing. No domain “requires” a language above raw assembly either. We use higher level languages because it makes it significantly easier to write correct software, compared to assembly. A strong type system is a significant step above that, making it much easier to write correct software compared to languages without it.

                                                                                                                                                Having worked at companies using languages such as Python, Javascript and Ruby for their backends, and having worked at companies that have used C++, Java, and Rust for their backends (even given the faults and issues with Java and C++‘s type systems) the difference between the two types of companies is night and day. Drastic differences in quality, speed of development, and the types of bugs that occur. Strong type systems, especially the ones derived from ML languages, make a massive difference in software quality. And sure, few domains really “need” good software, but shouldn’t we strive for it anyway?

                                                                                                                                                I think your analogy muddles the conversation, as most software engineers are not familiar enough with those fields to be able to evaluate and understand the comparison beyond taking your statement as true (maybe it is, maybe it isn’t).

                                                                                                                                                I mean, if we can’t pull lessons from other engineering fields what is the point of calling it software engineering? I don’t really know how to respond to this point, because clearly we have different opinions on this topic, each derived from our past experiences. My point is no less strong because you or others are unfamiliar with a domain.

                                                                                                                                                I encourage you to try out various CAD tools, TinkerCAD and Onshape are both free to use and online available, so there isn’t even a need to download software. I think you will very quickly see the difference between the two, TinkerCAD you will master in a few minutes, and Onshape will likely be unapproachable without tutorials. But if you look at the examples, Onshape is used to produce production, intricately designed mechanical parts. And simply without the tools and constraints that Onshape provides you can’t do proper mechanical engineering.

                                                                                                                                                And I really want to highlight that I don’t mean to say that TinkerCAD is bad, or worse in any way. It is incredible for what it is and for opening the door to the world of mechanical design to those who aren’t familiar with it. It is simply not an engineering tool, while Onshape is.

                                                                                                                                                My analogy really stems from how each tool is used. TinkerCAD you just build the thing you want, using the shapes and manipulation tools it provides. Onshape is different, everything has to be specified. You have to set lengths of everything. You have to specify what the angles of things are. Certain things are really hard to do, especially organic shapes, because everything has to parameterized. I hope you’ll agree this is nearly identical to programming languages with and without strong type systems!

                                                                                                                                                Defining “a good engineer” and “proper engineering” seems heavily rooted in opinion and personal experience here. That’s not to say it’s fundamentally un-study-able or anything, but I’m not sure how to make any headway in a conversation like this as it stands.

                                                                                                                                                Of course it is rooted in opinion, at least in the US. I believe some other countries have licensed engineering which makes it more of a distinction. Personally I think it is extremely unfortunate that engineering is not a protected term, because I genuinely really think it should be. The state of software engineering feels very similar to the situation of doctors before modern medicine, where the majority were hacks and frauds besmirching the industry as a whole.

                                                                                                                                                1. 3

                                                                                                                                                  I mean, if we can’t pull lessons from other engineering fields what is the point of calling it software engineering? I don’t really know how to respond to this point, because clearly we have different opinions on this topic, each derived from our past experiences. My point is no less strong because you or others are unfamiliar with a domain.

                                                                                                                                                  That’s the thing: we shouldn’t be pulling lessons until we learn what those lessons are. I had very strong opinions about what software engineering was supposed to look like, then I started interviewing other engineers. Most of what we think “engineering” looks like is really just an ultra-idealized version that doesn’t match the reality. In some ways they are better, true, but in some ways they are much worse.

                                                                                                                                                  EDIT: I just checked and it looks like you used to be a professional electrical engineer? If so then my point about “most people talk about engineering don’t understand engineering” doesn’t apply here.

                                                                                                                                                  Of course it is rooted in opinion, at least in the US. I believe some other countries have licensed engineering which makes it more of a distinction. Personally I think it is extremely unfortunate that engineering is not a protected term, because I genuinely really think it should be. The state of software engineering feels very similar to the situation of doctors before modern medicine, where the majority were hacks and frauds besmirching the industry as a whole.

                                                                                                                                                  Several of the people I interviewed called out the US system as being much better than the European, a sort of “grass is always greener thing”. The only country I know of with ultra-strict requirements on who can be called an engineer is “Canada”. In pretty much all other countries, you can call yourself whatever you want, but only a licensed engineer can sign off on an engineering project. This means that most professional engineers don’t need to be licensed, and many aren’t.

                                                                                                                                                  1. 1

                                                                                                                                                    Do you have a write-up of your interviews anywhere? I would be really interested in reading it! You are right I used to be an electrical engineer, and still tinker on the side, but went into software simply because the jobs in electrical engineering are not very interesting. I think there is a lot that software does better than other engineering fields (although I wonder if that is simply due to how new the field is, and that it will inevitably end up with the more bureaucratic rules eventually), but the extreme resistance to strong typing by so many software engineers feels extremely misguided in my opinion and not something you see in other engineering fields.

                                                                                                                                                    Canada was the primary place I was thinking of, but I’m not particularly familiar with the details of it all. I know the US has some licensing requirements for civil engineering projects (and most of those requirements are written in blood unfortunately). It is almost certainly a “grass is greener,” and I should certainly educate myself on some of the downsides of other countries systems. If you have any resources here I’d appreciate it.

                                                                                                                                                    1. 2

                                                                                                                                                      Working on it! I’m in the middle of draft 3, which will hopefully be the final draft. Aiming to have this done by end of February.

                                                                                                                                                  2. 1

                                                                                                                                                    if we can’t pull lessons from other engineering fields what is the point of calling it software engineering? […] My point is no less strong because you or others are unfamiliar with a domain.

                                                                                                                                                    Fair. Your expanded explanation here helped clarify a lot, I appreciate that. One point of interest in your explanation was

                                                                                                                                                    Certain things are really hard to do, especially organic shapes, because everything has to parameterized

                                                                                                                                                    Doesn’t this seem an admission of there existing domains where - according to analogy - strong type systems might be less suitable? Or would you consider this a breakdown in the analogy?

                                                                                                                                                    As far as the meaning of “engineer” I take that as a very different conversation. I do think that’s murky territory and personally would be in favor of that being a more-regulated term.

                                                                                                                                                    I’ve been doing software development myself for 20 years, and have worked in both strong typed and duck typed. I think they’re both good - there’s trade offs. Rather than wholesale dismissing either, I think discussing those trade offs is more interesting.

                                                                                                                                                    Drastic differences in quality, speed of development, and the types of bugs that occur

                                                                                                                                                    I agree with this statement. I don’t think it implies a clear winner for all development though. While a strong type system guarantees a certain kind of error is not possible, in my practice those kinds of errors are rarely a significant factor, and in fact the “looseness” is a feature that can be leveraged at times. I don’t think that’s always the right trade off to make either, but sometimes creating imperfect organic shapes is ok.

                                                                                                                                                    I would also offer that there can be approaches that give us “both ways” - ruby now has the beginnings of an optional type system.

                                                                                                                                                    I’m tapped out for this thread.

                                                                                                                                                    1. 2

                                                                                                                                                      Fair. Your expanded explanation here helped clarify a lot, I appreciate that.

                                                                                                                                                      Yes, sorry about not expanding in my original comment. As you can probably tell, I’m extremely passionate about this idea, and my original comment was made in a bit of haste. I’m glad my expansion was helpful in clarifying my points!

                                                                                                                                                      Doesn’t this seem an admission of there existing domains where - according to analogy - strong type systems might be less suitable? Or would you consider this a breakdown in the analogy?

                                                                                                                                                      I completely agree there are domains where strong type systems are less suitable. Especially the more exploratory areas, such as data exploration and data science (although Julia is showing that types can be valuable there as well). I think my distinction is that there is a difference between domains where strong types are not as suitable, like prototyping, and production engineering systems where I think strong types are extremely important.

                                                                                                                                                      As far as the meaning of “engineer” I take that as a very different conversation. I do think that’s murky territory and personally would be in favor of that being a more-regulated term.

                                                                                                                                                      I’ve been doing software development myself for 20 years, and have worked in both strong typed and duck typed. I think they’re both good - there’s trade offs. Rather than wholesale dismissing either, I think discussing those trade offs is more interesting.

                                                                                                                                                      It is truly a murky term, which I think leads to a lot of the communication issues in this area of discussion. I should probably start future conversations like this with a clear definition of what I mean in terms of “engineering,” because I mean it more in terms of production engineering, rather than prototyping engineering. (Unfortunately not a distinction in software, but is in all of the other engineering fields. Prototyping engineering values malleable materials, like 3D printing, while production engineering is what is shipped to users and its very particular about materials used which minimize cost and maximize strength. Different fields, different requirements, and oftentimes different tools used to even CAD/design).

                                                                                                                                                      So using the production engineering vs prototyping engineering distinction, I would completely agree that there are trade-offs between strong typed and duck typed languages. I think one is fantastic for prototyping, while the other is fantastic for production. And similar to say 3D printing and injection-modling processes, the two can bleed into each other’s fields given the right opportunity. I should not have used “proper engineering” in my original comment, and I should have clarified I meant “production engineering.”

                                                                                                                                                      However, the number of companies that I’ve been at that have actually treated the two types of languages as different parts of the development life-cycle is exactly one, my current company, and that was after fighting to use Python for a prototype project. (Of course, when the prototype was successful, there was then reluctance to rewrite it in a strongly typed language because “its already built!”)

                                                                                                                                                      Similar to how you would feel frustrated if the new computer you bought had all of its internals built with 3D printed parts and breadboards, even if it worked identically to a computer with injection molded parts and PCBs, that is how I feel about using duck typed languages in production systems used by real users. Sure it works, but they are inherently less reliable and I think its poor engineering to ship a system like that (although, of course, there are situations where it is applicable, but not to the extent of the software world today).

                                                                                                                                                      I agree with this statement. I don’t think it implies a clear winner for all development though. While a strong type system guarantees a certain kind of error is not possible, in my practice those kinds of errors are rarely a significant factor, and in fact the “looseness” is a feature that can be leveraged at times. I don’t think that’s always the right trade off to make either, but sometimes creating imperfect organic shapes is ok.

                                                                                                                                                      I would also offer that there can be approaches that give us “both ways” - ruby now has the beginnings of an optional type system.

                                                                                                                                                      Fair enough, although my experience with errors in duck typed languages is certainly different! The jury is still out on the optional type systems, and I’m certainly curious how that effects things. I have a hard time believing they will make a significant difference, simply because the style of coding varies so drastically between the two. With strong types I design type-first, whereas with optional/incremental type systems its the other way (unless started from the get-go, but at that point what is the purpose of using a duck-typed language?).

                                                                                                                                                      I’m tapped out for this thread.

                                                                                                                                                      I completely agree here. This is an exhausting topic to talk about, probably because everyone has strong opinions on it and so many of the arguments are based on anecdotal data (of which I am definitely guilty sometimes!). In any case, I appreciate you taking the time to go back and forth with me here for a bit. I’ve certainly learned that in order to properly discuss this topic its important to be very careful with language and definitions, otherwise its just a mess. I guess the English language could use some strong typing, but then poetry would suck huh? :)

                                                                                                                                              2. 4

                                                                                                                                                Start caring about that when everything else about the company makes you happy. Your happiness is more important than being a “good engineer”.

                                                                                                                                                TS has evolved from a flavor to simply being a better version. The switch to TS is so easy there’s no reason not to. There’s a difference between a challenge and intentionally handicapping yourself.

                                                                                                                                                1. 6

                                                                                                                                                  I was under the impression that my job is to solve problems for customers, not to “be happy”. And of all the things that make me happy or unhappy at the workplace, something like this is pretty far down the list; using JavaScript is hardly some sort of insufferable burden.

                                                                                                                                                  TypeScript may very well be better; but the last time I used it I found it came with some downsides too, such as the code in your browser not being the same as what you’re writing so the REPL/debugger is a lot less useful, hard to inspect Typescript-specific attributes (such as types) since the browser has no knowledge of any of that, a vastly more complicated build pipeline, and I found working with it somewhat cumbersome with all the type casting you need to do for the DOM API (i.e. this kind of stuff). And while the wind has been blowing in the statically typed languages in the last few years, let’s not pretend like the good ol’ “dynamic vs. static languages” debate is a done and solved deal. I like typing, but dynamic languages do come with advantages too (and TypeScript’s typing may be optional, but if you’re not using it much then there’s little reason to use it at all).

                                                                                                                                                  Perhaps there are some solutions to these kind of issues now (or will be soon), but about a year and a half ago I found it all pretty convoluted and decided to just stick with JS for the time being.

                                                                                                                                                  In the end, I understand why it exists and why it’s popular, but like much of today’s frontend I find it hacky, cludgy, and a very suboptimal solution.

                                                                                                                                                  1. 5

                                                                                                                                                    You’re more than your job, you are a human being first. As engineers we have the huge privilege of being able to quit a job and find a new one easily. Happiness is a completely valid reason to do this.

                                                                                                                                                    JS vs TS is a minor point, too small compared to other unknowns in switching companies. But OP said “leave teams”. I actually did just that, we have multiple teams at my company and one started using TS, so I switched. A year later the JS team now solely does bug fixes and no-one is willing to write new JS code. At first management thought it was like when Coffeescript happened but dev response was so much bigger that even they understand it is different this time.

                                                                                                                                                    1. 4

                                                                                                                                                      You’re more than your job, you are a human being first. As engineers we have the huge privilege of being able to quit a job and find a new one easily. Happiness is a completely valid reason to do this.

                                                                                                                                                      Sure, but if you’re made deeply unhappy because you have to write JavaScript instead of TypeScript then you are either in a position of extreme luxury if that’s a problem that even rates in your life, or there seem to be some rather curious priorities going on. I think all of this is classic programming self-indulgent navel-gazing.

                                                                                                                                                      Is TypeScript a better tool? Probably. Would it be a good idea to start a reasonable percentage of new projects in TypeScript? Also probably (depending on various factors). Should we drop all JavaScript projects ASAP just so that we rewrite everything to TypeScript? Ehh, probably not.

                                                                                                                                                      I don’t have any predictions for 2021, but I’ll have one for 2026: we’ll be having the same discussion about WhatNotScript replacing boring old TypeScript and we should all switch to that. And thus the cycle continues.

                                                                                                                                                      1. 2

                                                                                                                                                        “no-one is willing to write new JS code.”

                                                                                                                                                        until something goes very wrong. Not taking a side here, just “no-one is willing” struck me as an odd statement. Who has the unhappy chore of taking care of all that old boring JS?

                                                                                                                                                        1. 2

                                                                                                                                                          We still do bug fixes. But even then it’s often an opportunity to write TS. The nature of TS makes it so that you gradually port your application. Lots of JS is valid TS and if it isn’t then that’s usually easy to split up or refactor to become valid TS, and TS will help with that refactoring even. JS IDEs provide hints by pretending it’s TS anyways.

                                                                                                                                                      2. 4

                                                                                                                                                        We’re supposed to professionals for crying out loud, not children insisting on our favourite flavour of ice cream.

                                                                                                                                                        I was under the impression that my job is to solve problems for customers, not to “be happy”.

                                                                                                                                                        This is a red herring. You are an economic agent making decisions about your employment to maximize your own utility function, and trying to get what you can out of the market. Some try simply to maximize earnings. Some maximize some combo of earnings and hours worked/stress. Others care about finding meaning in their work. And others care about working with specific technologies, or at least not working with ones they hate.

                                                                                                                                                        All of these things are orthogonal to the concept of “being a professional.”

                                                                                                                                                    2. 2

                                                                                                                                                      I generally strongly agree with your sentiment, and am not a fan of the degree to which developers place their identity in one particular technology over another.

                                                                                                                                                      But in this specific case I imagine OP is associating untyped JS projects with tech debt and difficulty of maintenance that all too often can contribute to low morale. I’ve definitely been there before when it comes to large codebases with foundational technical debt and no type system to help one find their way around. There’s something uniquely frustrating about e.g. a poorly formatted stack trace coming back from a bug monitoring tool due to broken or buggily-implemented sourcemaps. We can definitely debate whether language choice vs other factors (bad processes, low technical budget) contribute more to system quality. My guess is that language is not one of the largest factors, but it’s probably nonetheless significant. Otherwise we wouldn’t hear about stories where people left their jobs due to being sick of the shop tooling.

                                                                                                                                                    3. 4

                                                                                                                                                      Agreed. Although TypeScript is a bit OO for my taste, JavaScript libraries have grown sufficiently complex as to warrant strong typing. The adoption rate is undeniable. Vue, Deno, Babylon… When your stack is written in TypeScript, the cost/benefit scale tips in favor of adopting it downstream.

                                                                                                                                                      Also, Cosmos is heating up, so you could make a case for Mongo’s revival by extension.

                                                                                                                                                      1. 6

                                                                                                                                                        At Notion we have some OO-as-state-encapsulation Typescript on the front end, but we have even more functional Typescript, and plenty of code somewhere in-between. We use the advanced Typescript types like as const inference, mapped types, and conditional types much more than we use inheritance or implements interface.

                                                                                                                                                        Honestly writing a large from-scratch codebase in Typescript focused on type correctness and make-invalid-states-unrepresentable has been very fun and productive. Our biggest issue with the language is error handling - dealing with all the errors from external libraries, the DOM, exceptions vs Result<S, F>, etc is the most annoying and error-prone aspect of our codebase. Shoehorning optionals into our style has left me paining for Rust’s try features… and I’ve never really written rust either…

                                                                                                                                                        1. 6

                                                                                                                                                          Some stuff we’ve done:

                                                                                                                                                          • write third-party types that basically force you to pass values through validators by saying “this actually returns an opaque InvalidatedResult style thing”
                                                                                                                                                          • remove functions we deem “bad” from the type signatures
                                                                                                                                                          • codegen definition files
                                                                                                                                                          • heavy usage of stuff like never

                                                                                                                                                          I think it’s actually pretty easy to wrap third-party libs for the most part, and it’s basically the “real way” to do most of this. Too many people hem at this idea but it resolves a lot of stuff come “oh no this lib is actually totally busted” o’clock.

                                                                                                                                                          1. 1

                                                                                                                                                            That sounds amazing! Have you or Notion written any articles describing this setup in more detail? Are there any by others you recommend?

                                                                                                                                                            1. 1

                                                                                                                                                              Unfortunately when I go looking for Typescript advice on the internet, I find mostly shallow blogspam tutorials. I have an idea to take notes whenever I use an advanced TS feature and write an article called “Applying Advanced Typescript Types” — but that’s remained just an idea for a couple of years.

                                                                                                                                                              1. 1

                                                                                                                                                                I’ll keep an eye out for your article in the lobste.rs feed 😉.

                                                                                                                                                          2. 2

                                                                                                                                                            Although TypeScript is a bit OO for my taste

                                                                                                                                                            My limited experience with TypeScript is that it’s only as OO as it would be if you were writing plain JavaScript. Not sure if that makes sense - another way of saying it would be: JS has adopted some OO trappings, like class, but if you aren’t using them in your JS then TypeScript isn’t going to push you in that direction - you can write functional TS to the extent that you could write functional JS; and OO TS to the extent that you could write OO JS.

                                                                                                                                                            Unless you’re refering more to the naming of new keywords, like interface? I see how those could be associated with popular OO languages, but really there’s nothing making you write actual OO code.

                                                                                                                                                            1. 3

                                                                                                                                                              My limited experience with TypeScript is that it’s only as OO as it would be if you were writing plain JavaScript.

                                                                                                                                                              Anecdotally, after working at a Java and C# shop that picked up TypeScript, everyone’s happy having things work more like those languages (well, mostly C# ;) than like JS. I just wish TypeScript would get typed exceptions already.

                                                                                                                                                              1. 2

                                                                                                                                                                Yes, it is possible to write non-OO TypeScript. And yes, I’m pointing out its emphasis on interfaces and other OO features like class property modifiers.

                                                                                                                                                                I realize that the choice to make TypeScript a superset of JavaScript means that its roots in Scheme are still present. I also realize that typing a Scheme-ish language makes it (if one squints hard enough) an ML-ish language. Nevertheless, we should not be surprised if most TypeScript in the wild looks a lot more like C# and a lot less like fp-ts.

                                                                                                                                                                1. 1

                                                                                                                                                                  Nevertheless, we should not be surprised if most TypeScript in the wild looks a lot more like C# and a lot less like fp-ts.

                                                                                                                                                                  Makes sense. Perhaps some of this is also due to TypeScript being palatable to people who are comfortable in languages like C# and Java; maybe they’d have stayed away from vanilla JS before (especially if they were exposed in the pre-ES6 days) but might be willing to write TypeScript today? That’s total speculation, though, and I’ve no idea how many people like that there are.

                                                                                                                                                          1. 12

                                                                                                                                                            I would say if Twitter isn’t good for you, just quit it. I deleted Twitter some time ago and I honestly don’t miss it. I really wonder why people keep complaining but don’t take real action a.k.a deleting their account.

                                                                                                                                                            1. 6

                                                                                                                                                              Author here - I’m glad you did. I use Twitter to stay in touch with some friends and professional contacts (I’ve deleted FB, IG, LI etc). Twitter is a toxic cesspool for many people but I’ve curated it for my needs to a point where my use of it is very intentional (I have 3k+ blocked accounts for example).

                                                                                                                                                              Some might think that I’m in a bubble (and you might be right to some extent), but I do not consume news through Twitter. I still read “real” news and get a print newspaper.

                                                                                                                                                              1. -1

                                                                                                                                                                Just delete it and email you friends and professional contacts. A curated cesspool is still a cesspool.

                                                                                                                                                                1. 2

                                                                                                                                                                  Email? Who emails their friends or even reads personal email. Email is 99% junk, way worse signal to noise ratio than even something like Twitter.

                                                                                                                                                                  1. 4

                                                                                                                                                                    If you do even a modicum of curation/filtering, email is 80% signal. Letting everyone with your address deliver to your inbox is a recipe for a mess on any platform.

                                                                                                                                                                    1. 2

                                                                                                                                                                      I do, a lot.

                                                                                                                                                                      1. 1

                                                                                                                                                                        I dunno. Try fastmail and watch who you hand your email out to?

                                                                                                                                                                      2. 1

                                                                                                                                                                        Why do you care what I do with my life?

                                                                                                                                                                    2. 11

                                                                                                                                                                      Same reason people say they should start exercising but don’t or quitting smoking etc.

                                                                                                                                                                      talking is easier than doing

                                                                                                                                                                      1. 3

                                                                                                                                                                        That’s true. Isn’t there a phrase “Scrolling is the new smoking”?

                                                                                                                                                                        1. 1

                                                                                                                                                                          Author here - your comment seems to assume a lot about me.

                                                                                                                                                                          What in my post proposes that others should delete their twitter?

                                                                                                                                                                          1. 2

                                                                                                                                                                            My comment is about the general behaviour of people as reported by jlelse in the parent comment i.e. a lot of people seem to talk about twitter being bad but not quitting it.

                                                                                                                                                                        2. 1

                                                                                                                                                                          If you’re a content creator it’s useful to have a feed for your releases. In the old world it was RSS but now we live in this fucked up iOS-app-store-dominated world so Twitter is the only option. Post your ad and gtfo.

                                                                                                                                                                        1. 5

                                                                                                                                                                          There’s actually an alternative method called std::get_if, IMO much more readable than std::visit. Second thing is that lots of C++’s constructs is for library use only, not really usable from the point of view of a standard application developer.

                                                                                                                                                                          1. 4

                                                                                                                                                                            Second thing is that lots of C++’s constructs is for library use only, not really usable from the point of view of a standard application developer.

                                                                                                                                                                            Yes but generally when a library is added to some application, we like to have some idea of how that library works because an application developer will need to support the application and all code linked in. Large libraries like Qt have community and paid support but smaller libraries will have less reason to be adopted if they are using lots of C++ “magic” that the team might not understand.

                                                                                                                                                                            For myself, I learned and can understand C very well (it’s not a difficult language) before learning C++. I am not a C++ expert by any means. If I’m adding a library and it’s using a lot of new C++ that I can’t easily grok I might fall back on some C based library instead.

                                                                                                                                                                            1. 1

                                                                                                                                                                              Not sure I agree. This should be the role of the documentation to explain how the library works, and how to use it. The library itself should be written with maintainability and extensibility in mind. Writing high level code (so using templates or metaprogramming) is done generally to enable easy extension without much increase of maintenance cost. The fact that such code is not understood by most of the people shouldn’t be really that important, the ease of use of the interface is more important than the implementation itself.

                                                                                                                                                                              1. 2

                                                                                                                                                                                That puts you at the mercy of the library. Not all libs are perfect, or perfectly documented. Sometimes behavior can be surprising or different from the documentation, and then what? You accept defeat? Nah, it’s good to be able to read into library implementations to better understand them. Not ALL the time, but it’s a skill I’ve found that divides programmers - some will get absolutely stuck on libraries as black boxes, and others will dive in and look to build a better understanding. I have an opinion about which is better.

                                                                                                                                                                                1. 2

                                                                                                                                                                                  Well, that’s true, it’s better to be able to read the source code as well than to read only documentation. But I don’t think it has anything to do with using advanced C++, rather it’s a matter of good code vs bad code. You can write low level C++ that will be completely unreadable. Also you can write high level generic C++ code that could be read easily.

                                                                                                                                                                                  Second thing is that I don’t think that a person is on the mercy of the library if the library uses advanced C++, and that the person is forced to treat it like a black box. The person can always choose to learn more advanced C++. I think that most of the problems with templates and meta-programming come from people who already found their sweet spot in C++98 and refuse to go forward. I’m not saying this is a bad approach to take, but if someone does take it, then it’s good to realize that other people have their sweet spots in other places of the language, so if one is using this approach in life, it’s good to let others use theirs ;).

                                                                                                                                                                                  I personally would like to have more functional features in C++, but at the same time I have friends who get a fever when they see a constexpr function. I respect their choice, but i refuse to submit to it – going with this logic we would still use Fortran (because it’s possible to write anything in Fortran, so there’s no need for new things).

                                                                                                                                                                                  But well, having written that, I generally try to avoid C++, but becuase it’s too far behind other languages, and switching to C++ sometimes feels like taking a step back.

                                                                                                                                                                                  1. 1

                                                                                                                                                                                    I have no problem with functional programming. I like Scheme, Standard ML and Rust. The problem with these new features in C++ is that they are always implemented poorly. I consider sum types an absolute must for any new language I’m going to use, yet I’m not touching std::variant with a ten-foot pole. Similarly, I love parametrized types in Rust, but template code in C++ is a horror story.

                                                                                                                                                                                    It’s not about “going forward” or “advanced”, it’s about how poor of a job the C++ committee is doing, when it comes to creating an intelligible and nice-to-use language. Those horrific error messages are never going away, not because the compilers are bad, but because the language won’t let them be any better.

                                                                                                                                                                                    1. 1

                                                                                                                                                                                      I’m not sure if I’m able to influence your pretty fatalistic view of C++ and the committee, but the ‘concepts’ feature promise better error messages, so improving the ease of use of the language. Also what about C++11 loops, C++11 initializers for member variables, C++17 if-with-statement, C++20 designated initializers? Those were changes made purely for ease of use.

                                                                                                                                                                                      A good example of the “poor job” that the committee does is to try to think about reducing the complexity of the language by trying to fix the mess in references after introduction of std::move (rvalues, lvalues, etc).

                                                                                                                                                                          1. 3

                                                                                                                                                                            I live for this kind of obscure trivia/implementation detail. Thanks!

                                                                                                                                                                            1. 4

                                                                                                                                                                              One great thing about Ruby is there’s no shortage of it. That’s not sarcasm, either. I truly enjoy Ruby’s seemingly infinite levels of expressiveness. Just like having multiple ways of saying the same thing in a spoken or written language, Ruby typically has just the right method names or combination of syntax that make code read like sentences in English. I’ve never experienced another language, before or since, that gives one quite the same ability to express themselves.

                                                                                                                                                                            1. 33

                                                                                                                                                                              This reads like a double barreled advertisement. For Fathom and for AWS Shield Advanced.

                                                                                                                                                                              John then identified a pattern in all the IP addresses. I’m sure I could share more details here but I’m reluctant to, so I’ll leave it to your imagination.

                                                                                                                                                                              This is typical of the whole article. What MIGHT be interesting information is omitted. The most detail given is a modest AWS bill.

                                                                                                                                                                              The only useful information was Fola’s highlighted sentence: “Attackers don’t have unlimited resources.” - that is a good thing to remember when things seem dire.

                                                                                                                                                                              I’m real meh oh this post.