1. 17

    Seems like the wrong takeaway to me. You had great intentions, someone came in and told you to throw them away and rush things. You decided to go ahead and do that, and suddenly rewrites and future-proofing things is “bad”?

    1. 7

      Not only that….

      The heart of the task matching code was this monstrosity of a cross join that took the other people on the team a few sheets of graph paper to break down and understand.

      That’s a huge red flag too…. it’s says… “You know our DB structure, our indices, the super cunning query optimizer in the DB engine and all that Good Stuff? “

      Eh. None of that applies to this problem.


      1. 7

        The “future-proofing” was almost entirely ways to increase scope.

        1. 7

          The “future-proofing” was almost entirely ways to increase scope.

          My interpretation here is that “future-proofing” was not about a set of well-described features that addressed the written scenarios, added to design documents, then estimated and then prioritized in cooperation with the product team and management. I guess that in this situation, as I have seen a lot, “future-proofing” is stated as an overall requirement that all code should follow.

          And that, I believe, makes future-proofing as a pitfall the most important takeaway from your article. I believe the problem with this kind of future-proofing is larger than just the risk of increasing scope. It’s is about the mentality that increasing scope silently is ok, without being judged by the expertise of the rest of the company.

          I think code should always be looked at alongside a design. If there is anything in code, be it features, infrastructure, an elaborate data model or even quality-driven version control practices, that is not needed by any requirement in the functional design, something is wrong and should be changed, either to the code or to the design.

          As soon as engineers start introducing ‘silent’ features or requirements, i.e. requirements that are only seen by engineers and not by the product team and management, things start to slide. For example, if a requirement such as “it works with short response times for more than 10.000 simultaneous users” is not in a design document, it should not be supported by the code. Obviously, if someone brings an engineer a design document that misses this requirement, it should be brought up and the consequences should be discussed. But then, at least there will be an official estimate of this feature and management can make a conscious decision and compare trade-offs, which often means de-prioritizing other requirements because development hours are not unlimited and the estimate of maintenance hours increases with every feature.

          I have come to the conclusion that every line of code in a commit that is not directly justified by a written and verified requirement, should in fact be flagged as a mistake. Even if there is an expectation that in the next version, this requirement will be added.

        2. 7

          You had great intentions, someone came in and told you to throw them away and rush things. You decided to go ahead and do that, and suddenly rewrites and future-proofing things is “bad”?

          The problem is that runaway scope can push the delivery time of the “non-rushed” system out to infinity. The people building the system are usually very reluctant to realize this – they tend to use the rationale you described to defend their working pace, when the real issue is the scope of the work involved.

          As the author described, “future-proofing” can be an extremely tempting way to inflate scope – many scenarios can happen in the future, programmers love to show how clever they are in thinking up new ones, and nothing is ever obviously wrong. Limiting scope to what is happening now (or what will happen in the very near future) is a conservative, but effective, way to limit this problem.

          1. 2

            Keeping within scope and future-proofing are two different things. If the problem was a runaway scope, then that should be the takeaway. If you don’t future-proof your code, it will not live very long. Future-proofing is about designing a system that lasts, and in some cases it’s about simplification (read: reducing scope, not increasing it). That takes time to do well.

            1. 2

              Why is building systems that last worth it? When the facts change, perhaps the software should change.

              1. 1

                Why is building systems that last worth it?

                No one is stopping you from building something that breaks shortly after encountering the real world if that’s what you want to do.

          2. 1

            I think the message was that what happened (scope creep, overengineering) is almost inevitable. Even if you know exactly that those are the risks, you cannot sufficiently divert the forces pushing them. Only if everyone is on board, in writing, and your leads and senior engineers can be relied on to scrupulously guard against overengineering and your management can be relied on to have your back against other parts of the company, then it may be evitable.

            1. 1

              I agree most of it doesn’t seem to be about future proofing. I’ve seen that work when it focused on data formats and interfaces. The 64-bit portability layer of System/38 getting it through AS/400 and IBM i phases is an example. Amusing and relevant: it key ideas came out of the abandoned “Future Systems” project.

              This is mostly about the risk of rewrites of legacy systems and a product team trying to use a legacy system for what it wasn’t designed for.

              1. 3

                I found that the real future proofing is usually about removing/abstaining from things rather than adding them. Before adding a feature in a certain way, one should stop and think what it may prevent them from doing in the future.

                You can’t anticipate future requirements, but you can predict how your current decisions will interfere with them.

                1. 1

                  Supporting your point, there’s also the fact that small, well-documented things are easier to rewrite. The cost goes up with the complexity. Once it’s past a point, there’s not going to be either a rewrite or a successful rewrite.

            1. 5

              I’m surprised nobody has mentioned the second system effect yet, it seems to crop up everywhere.

              1. 2

                I always thought that was pretty clever.

                That was actually pretty stupid, on so many level I don’t even go to details.

                1. 22

                  This isn’t Hacker News, if there are reasons it’s stupid, we go into why it’s stupid :P

                  1. 0

                    I did that immediately in my second comment.

                    1. -1

                      This morning, I thought of saying the same thing about trivial dismissive comments in response to your comment here.

                      1. 3

                        I’m sorry, what? How is saying “I found a part of confusing” in any way similar to “this is stupid on so many level I don’t even go to details”?

                        1. -5

                          I was following it up until the linear logic part; I think the first principles of LL could be explained better here.

                          This isn’t Hacker News, if there are reasons the first principles can be explained better, we go into how it can be explained better :p

                    2. 4

                      Oh yes, I think the same. So much that can go wrong with physical devices. Imagine someone lightly touching the arm and getting it out of alignment.

                      Note that you can just attach a USB mouse to an iOS device and click buttons with that. USB mice are easy to emulate in software.

                      1. 1

                        Thats one thing. Second is that you could just run the whole app in emulator. Or decompile it and just cut the approving routine from it. Whole

                        There was no programmatic way around this.

                        is just a failure of imagination. Off-course, best solution would be to run this through management and force them to remove this bullshit altogether.

                        1. 10

                          Or decompile it and just cut the approving routine from it.

                          Yes just reverse engineer a banking application and hope you don’t mess anything up. It’s just money, nothing serious could happen if you introduce bugs.

                          Also, from the post:

                          we couldn’t just run it in a simulator

                          Maybe don’t make so many assumptions about the author or their problems. For all you know, they exhausted all the reasonable options before resorting to this tomfoolery. Or this technique was used as a stopgap while coming up with a more robust solution. Or they simply didn’t have the time to do better. A business runs on money, not perfectly elegant solutions.

                          1. 5

                            The approval was software-based, but in a closed system. The approval mechanism ran in a third-party iOS application, and we couldn’t just run it in a simulator.

                            I’m assuming there were considerably more constraints going on that make the “obvious” solutions in applicable.

                            1. 5

                              You’re imagining this was a technical constraint on their side. It might have been a legal or contractual constraint.

                              1. 3

                                Those are some pretty big “just”s!

                                Personally, since it’s presumably a capacitive touch screen, I’d attach a wire to the correct area of the screen, and hook it up via a relay to a wet sausage. It would require weekly maintenance, maybe more in warm weather.

                                1. 3

                                  This kind of armchair quarterbacking isn’t helpful. You could have rephrased all of your points as questions to find out the situation: “I wonder why they didn’t run this through management…” Not only does this make your comment less hostile, it opens you up to learn (as @saturn said, it might have been a legal requirement). Assuming you haven’t changed your mind after learning the full context, you might be able to persuade people that an assumption they held isn’t actually true – that’s how you provide technical advice on something you didn’t build without pissing off the creators.

                            1. 2

                              Doing some research on streams and stream processing, specifically looking for concepts that are true across a wide range of disciplines.

                              The lowest form of streaming I can think of might be people waiting in line for checkout at a local store. Then there’s the circular buffer many of us know and love. At the high end, we’ve probably got things like Netflix and their simian army.

                              So what topics exist across all of those scales? Well, we’ve probably got window size, processing units, control feedback. Maybe a few others like recursion (for the case of queuing up trees) In fact, I may limit scope to queuing up unknown-sized trees, assuming I can find examples of this in various places. That’s the more interesting case, since you can’t predict performance using simple things like Little’s Law. Much fun ahead.

                              1. 2

                                It sounds like what you’re looking into is queueing theory, although I’m not sure what you mean by ‘trees’ in this context. Depending on how you structure your models, you might find closed-form solutions for a lot of the questions you want to ask (for example, M/M/1 queues have several closed-form solutions to problems).

                                For more complicated scenarios Monte Carlo simulation can yield results, but you have to worry about how interconnected and “nonlocal” the process can be (think of the scenario where being too late for a bus causes you to miss a flight; the tiny bit of lateness at the bus causes a huge effect somewhere else). https://arxiv.org/pdf/1001.3355.pdf might be helpful if you want to attempt this, it’s a really nice paper describing how to approach the challenges involved.

                                1. 1

                                  This is very close. Thanks. Makes for a good starting point.

                                  1. 1

                                    Actually, after reading up some more, I think I’m going to punt for a while. The most interesting case is a stream of trees, unbalanced, of arbitrary and unknown depth. The paper is a good start, but it may be too tied to modern web services. I was looking for something more generic that would be applicable in many places aside from CS.

                                    It might make for some monte carlo fun, though. Don’t know.

                                1. 1

                                  I’m unable to function without __git_ps1. I have a simple hostname:curdir>, with hostname in red and the basename of the current directory (and git info if applicable) in cyan:

                                  \[\e[0;31m\]\h\[\e[0m\]:\[\e[0;36m\]\W$(__git_ps1 "(%s)")\[\e[0m\]>

                                  Without colors that’s

                                  \h:\W$(__git_ps1 "(%s)")>

                                  At work I added a little bash function to tell me how long the last command took if it took more than a second, but it’s not as useful as I expected.

                                  1. 3

                                    Company: Fastmail

                                    Company site: https://www.fastmail.com/

                                    Position(s): Email Client Application Developer

                                    Location: Philadelphia, PA

                                    Description: https://www.fastmail.com/about/jobs/2019-04-clientdev/

                                    We’re looking for an Email Client Application developer to join the FastMail team in our Center City Philadelphia office.

                                    Together with the rest of our team, you’ll work on our email services FastMail, Pobox, and Topicbox. When the vast majority of people get email for free, the reason people choose a paid service is because they value both privacy and a great user experience.

                                    You’ll be working on our best-in-breed mail clients, providing super-fast, powerful access to webmail, calendars, contacts and more. You’ll work with our collaborative team of front- and back-end developers, designers and researchers. Improving our customers’ interactive experience, keeping it secure and a delight to use is what we do, every day.

                                    Our interfaces are built upon our own Overture framework and the new email standard JMAP. It gives us full control from top to bottom to build the right solutions to difficult problems. If you’ve worked with other MVC application frameworks, like Apple’s Cocoa, you should find Overture easy to pick up.

                                    You’ll have the opportunity to work at many levels:

                                    • building features from scratch with our design and product teams
                                    • optimizing and improving existing code
                                    • tracking down and fixing elusive bugs reported by customers

                                    Contact: Email us at jobs@fastmail.com to introduce yourself and tell us why you would be a good fit for the job! This job requires clear communication, so that message is part of your application, but please also include a PDF of your resume.

                                    1. 2

                                      I’ve been interested in looking at gmail alternatives and I’ve heard good things about Fastmail. Good to know there’s an engineer on here, makes me trust it a bit more.

                                    1. 2

                                      If you want to experiment with some quantized color schemes with simulated data, I recommend checking out http://colorbrewer2.org.

                                      1. 1

                                        just claim you quit for the reasons you were planning on quitting

                                        1. 5

                                          Strong disagree – please don’t lie on your resume or during your interview.

                                        1. 3

                                          Dependabot is a GitHub-acquired tool that scans for pinned dependencies in your repositories and automatically creates PRs to update them. I’ve been using it at work and on personal projects for a few weeks now and it’s been nice.

                                          1. 1

                                            I’ve just set it up! It’ll be fun to forget all about this and receive a PR a while later, I hope.

                                          1. 1

                                            I’ve boycotted Scott Adams because he’s gone so far on the wrong side of history it isn’t even funny.

                                            1. 10

                                              How is this comment relevant to the content of the linked story? I looks like pure virtue signaling.

                                              1. 5

                                                Because Scott Adams is an internet provocateur, and it’s hard to separate any factual content he writes from the weird manipulative writing style he’s adopted (and is proud of).

                                                Additionally, if the post is about writing style, it probably would make sense to evaluate the post in context with other posts written by the author, would it not?

                                                1. 1

                                                  It’s hosted on Scott Adam’s blog and he would derive a minuscule amount of revenue from a visit.

                                                  1. 3

                                                    …I mean, would he? He doesn’t even host it, a business called typepad does.

                                                  2. 1

                                                    I personally think that this site is for technical articles which this is not and I would prefer to keep such articles out of here. - tt

                                                    Because I don’t want to see Scott’s work on this site? Just like you want to keep lobste.rs a tech only site ;-)

                                                    Also, people are motivated either by results or by virtue ethics. There is nothing wrong with showing your virtues on your sleeve. I think maybe too many people are afraid to do so and we need more people being honest.

                                                1. 2

                                                  I wrote a small tool along similar lines to remember steps to do before submitting a change for code review: https://github.com/wickedchicken/checklist. I have a few ideas on how to expand it, but I’d be happy to hear people’s thoughts!

                                                  1. 2

                                                    I can’t seem to find an http link to download a file served from this. Does anyone know of one? I want to test its latency.

                                                    1. 6

                                                      “through powers granted via the “EAR” (Export Administration Regulation 15 CFR, subchapter C, parts 730-774), along with a sometimes surprisingly broad definition of what qualifies as export-controlled US technology.”

                                                      Boom! I told people they might do that back in the crypto discussions. Custom crypto and high-assurance security are still munitions with only a few things re-classified like mass-market, one-size-fits-all software and use of ciphers in browser. This is what they might do to the rest with the leverage if it was ever truly threatening. They’re already doing it to companies over Huawei.

                                                      I also speculated they might have done this to get backdoors in products. A combo of offering payment and threats together. We know they do the payments. I don’t know if they do export threats, though.

                                                      “some independent security research would have already found and published a paper on this. Given the level of fame and notoriety such a researcher would gain for finding the “smoking gun””

                                                      Bunny is being really naive here or maybe doesn’t understand computer espionage. Most subversion must be done in a way that doesn’t look like subversion. The system just has to be remotely exploitable. The best route to that is to intentionally leave in memory safety bugs or a configuration that enables privilege escalation. Hackers find those all the time in all kinds of devices. They say, “Hey, they just made a common mistake.” Maybe it was there on purpose. We won’t know.

                                                      “It’s no secret that the US has outsourced most of its electronics supply chain overseas. From the fabrication of silicon chips, to the injection molding of plastic cases, to the assembly of smartphones, it happens overseas, with several essential links going through or influenced by China.”

                                                      And this is why what the U.S. government is doing is incredibly stupid. You could substitute other industries in here. It’s a smarter move to minimize one’s dependency on a country before pissing that country off in a way that can prevent them getting what they depend on.

                                                      1. 3

                                                        The best route to that is to intentionally leave in memory safety bugs or a configuration that enables privilege escalation.

                                                        There are many routes and often it does not makes sense to focus only on one.

                                                        Yet, as long as organization are not held in any way responsible for making very vulnerable software, exploits will remain a very good “deniable backdoor”.

                                                        1. 2

                                                          “often it does not makes sense to focus only on one”

                                                          I mentioned several classes of problems that cause almost all hacks in the field for these kinds of devices. Each class, such as memory unsafety or poor configurations/services, can lead to a multitude of specific exploits.

                                                          “as long as organization are not held in any way responsible for making very vulnerable software, exploits will remain a very good “deniable backdoor”.”

                                                          You nailed it there. It’s an externality to them.

                                                          1. 2

                                                            If corporations are liable for bugs, then no software will ever be made except from super corps that can afford extremely thorough processes.

                                                            Imagine writing a script to search youtube for cat videos, putting it online and somebody used it and somehow through some chain of events, he ended up dying and you got sued for millions?

                                                            1. 5

                                                              Liability law in Germany kind of works this way, and as a result nearly everyone has personal liability insurance that costs a few Euro a month and covers up to tens of millions of Euro of damage. Two examples I’ve been given: if you accidentally spill coffee on someone’s laptop at a coffee shop you’re liable to pay for the laptop, and if you jaywalk (therefore breaking the law) causing a car to swerve into a building you’re liable for basically all the damage caused. In both cases (and, I believe, the example you cite), you would be covered by Privathaftpflichtversicherung. The insurers are solvent at such a low cost because the heavy-hitting events are relatively rare.

                                                              1. 1

                                                                That gives me an idea along the lines of patent trolls. You sue the companies making insecure crap to fund high-quality, open alternatives. Each time, do write-ups on how little it cost to increase security with fairly-high velocity of features developed. They’ll constantly be reminded they can lose a huge pile of money or spend a fraction of it doing secure process. Some might even do it.

                                                                Dont know German laws, though. Can’t assess practicality.

                                                                1. 3

                                                                  Alternately, insurance companies could base premiums off of audits or other evaluations of risk: https://www.dhs.gov/cisa/cybersecurity-insurance.

                                                              2. 1

                                                                That’s too broad a statement. It would be too broad a legal standard, too. What I advocated in similar discussions is that they be required to achieve a few goals or do a few things that cover the majority of problems. These things would be cost-effective. Examples include memory-safe languages, using secure approach to remote access (not Telnet), property-based testing on what logic they can encode, fuzzing, secure OS, and, if having the money, independent assessment by hackers. How much they’re expected to do goes up with what resources they’re earning off the product.

                                                                So, a small player building software to be resistant to at least code injection might use Rust with overflow checking on deployed on OpenBSD with OpenSSH for remote access. Nobody is blowing any budgets making this choice. They’re highly unlikely to be sued for hacks since it’s safer and more secure by default. That’s the kind of thing I’m thinking about. As a side effect, the market would shift piles of resources into creating ecosystems using all that stuff.

                                                        1. 1

                                                          On desktop, I browse using Chrome with third-party cookies disabled, and the web works fine. I just found out that Chrome on iOS doesn’t have that setting :(. Pretty sure it used to…

                                                          1. 45

                                                            I hope there’s an uproar about the name.

                                                            Really shitty move for a giant company to create a competing library with such a similar name to an existing project. Bound to cause confusion and potentially steal libcurl users because so many people associate Google with networking and the internet.

                                                            1. 22

                                                              I wonder how long it takes for google autosuggest to correct libcurl to libcrurl.

                                                              1. 11

                                                                Looks like crurl was just an internal working name for the library[0]. They’ve changed it already in their bug tracker to libcurl_on_cronet[1].

                                                                [0] https://news.ycombinator.com/item?id=20228237

                                                                [1] https://chromium-review.googlesource.com/c/chromium/src/+/1652540

                                                                1. 7

                                                                  Holy shit! It’s with a Ru in the middle instead of a Ur! I actually missed that until I read your comment and reread the whole thing letter-by-letter. Google knows full well that this will cause confusion since they added a feature to chrome for this exact problem. Egregious and horrible.

                                                                  1. 14

                                                                    Google knows full well that this will cause confusion

                                                                    I’m not part of the team anymore and have no connection to this project, but my guess is that some engineers thought it was a funny pun/play on words and weren’t trying to “trick” people into downloading their library. I’m not saying you shouldn’t be careful about perceptions when your company has such an outsized influence, but I highly doubt this was an intentional, malicious act.

                                                                    1. 6

                                                                      I’d bet this is exactly what happened. I’ve given projects dumb working names before release, and had them snowball out of my control before.

                                                                  2. 2

                                                                    Honestly, I had to double check that I wasn’t reading libcrule.

                                                                    1. 2

                                                                      Honestly, their lack of empathy here, and the need to extend rather than collaborate indicates in my opinion a concerning move away from OSS. I hope to be corrected though.

                                                                    1. 2

                                                                      USB - A shitty problems-introducing half-baked solution, designed in the terms of the shittiest version of everything, to a problem that could have been perhaps left unsolved for a little longer.

                                                                      Now we’re going to go with this for who knows how long, with all the mess it lugs behind. 6-simultaneous-key-press-limit on keyboards and everything.

                                                                      Plus, with constant idiotic updates, the USB cables are becoming the issue they were attempting to solve. Great job!

                                                                      1. 10

                                                                        The 6-key limit is a myth. Competently designed USB keyboards can support NKRO fine. The problem seems more that a lot of keyboard makers don’t actually understand the the HID standard, or don’t care.

                                                                        There’s plenty about USB that’s crap though.

                                                                        1. 1

                                                                          Did look on and found ergodox drivers firmware that have NKRO. Will look on it when I’m more pissed about the limit than what I’m now. Thank you.

                                                                        2. 3

                                                                          You really think leaving the problem unsolved for longer would have resulted in a better solution?

                                                                          1. 0

                                                                            It’s more about whether anybody was needed to solve it in the first place. I’m sure they already thought of universal connection for peripherals in 1960s but they couldn’t make it yet back then. Also the existing serial ports would have been getting smaller and faster in any case. Possibly we could have handled without USB perfectly well.

                                                                            The answer to your question is yes though. You can use Internet protocol suite for communication between small devices as well. By now it could be extended to all peripherals. Instead of USB we could have had yet another entry on the link-layer.

                                                                            1. 7

                                                                              I think it’s important to view USB in the context of where it came from, rather than comparing it to current technology and evaluating it only in hindsight.

                                                                              It’s more about whether anybody was needed to solve it in the first place.

                                                                              The experience of using USB today completely outclasses the ISA, PCI, Parallel Port, and PS/2 connections of the day. I used to have to set physical jumpers on a sound card to make sure that the IRQ and DMA settings matched what my motherboard/OS supported and didn’t conflict with other installed cards. 20 minutes on my knees with a manual and screwdriver in hand, every time, only knowing if you got it right after booting up the OS each time and testing it with some software. Yes, I think someone needed to solve this.

                                                                              Possibly we could have handled without USB perfectly well.

                                                                              I honestly feel that we had to go through a painful phase (non-flippable connectors, manual jumpers, plethora of cable types, screwed-in vs non-screwed in connectors, manually setting non-conflicting IRQs, power distribution) before we could get to a decent one, and I’d rather that painful phase be in the past than the future. Same as with Bluetooth – there was a bad time, and now things “generally” work unless you’re doing something at the fringes. Waiting for the next thing would have just delayed any lessons the industry could have learned.

                                                                              Did you know the USB spec required the ‘trident’ logo to be on the top side of the connector, meaning you always knew which way to plug it in? This seems like a great solution, until you witness millions of people messing it up every time (without even knowing this was part of the standard), compounded by dubious manufacturers flooding the market and ignoring the spec (sometimes making cables without any trident, let alone on the wrong side). You only witness these things by having a product in the wild or having seen another products/specs suffer these problems in the wild. In either case, there is a painful phase that eventually stabilizes into something useful.

                                                                          2. 2

                                                                            Plus, with constant idiotic updates, the USB cables are becoming the issue they were attempting to solve.

                                                                            This, exactly! The U stands for Universal, the idea that any device could connect to another. If I recall correctly, even before USB 1.0 was released there were two incompatible plug types in widespread use: A and B. Supposedly this was to separate the host and client, but as devices quickly appeared that could be either host or client (think of plugging a camera directly into a printer) the mess because apparent. It’s only gotten worse from there, with USB C, mini- then micro-USB, and the micro versions of USB B and 3 (I still daily drive a Note 3 with the Micro USB 3 I think it is).

                                                                            1. 1

                                                                              What are you doing that requires more than six keys being pushed down at one time?

                                                                              1. 3

                                                                                In my case, hotseat multiplayer games like Liero (think realtime Worms). Playing with two kids on one keyboard is super fun!

                                                                                1. 2

                                                                                  Nothing, but it’s still a thing that limits the use of a keyboard and is stupidly low number for a key buffer. It should be at least 24 keys, preferable 4000 keys. Pointless to have so small buffer.

                                                                                  1. 1

                                                                                    I don’t know about you, but I only have ten fingers, and I only really use eight of them for typing.

                                                                                    Probably should’ve made the limit 8 instead of 6. You could fit the full set of keycodes (assuming I’m reading this correctly and all USB scan codes are one byte) evenly into four 16bit registers, or, nowadays, one 64bit register.

                                                                                    1. 3

                                                                                      FWIW it’s not actually 6 keys total; modifier keys don’t count towards the limit.

                                                                              1. 1

                                                                                I like Alpine and appreciate its extremely small image size compared to something like Debian. My main annoyance with it is there is no specified update policy with respect to packages (specifically, whether each release keeps packages to a major and minor version and only updates point releases or patchsets). hadolint really wants you to pin packages and Alpine removes old versions of packages from the mirrors upon publishing new ones, so you have to use apk‘s ~= syntax for this to make any sense. Without clear guidance from the Alpine maintainers it’s hard to decide how specific to make the ~=. To be honest, I’m not sure why hadolint enforces this rule for apk at all…

                                                                                1. 9

                                                                                  First off, congrats! You’ll do great! I made a list of things I’ve discovered over time, but I don’t want to stress you out thinking that you have to memorize all this stuff. You don’t have to any or all of it, I’ve just found that these have made my own speaking clearer and better-received.

                                                                                  • Practice speaking at 80% speed. You want to train your brain to get used to a feeling of speaking almost uncomfortably slowly. When you’re in front of an audience you will likely tend to rush; forcing yourself to slow down will counteract that tendency and make you talk at a normal speed. This is also a natural counter to “ums” and “ahs”, which are usually the result of speaking faster than your brain can think.
                                                                                  • Practice finding opportunities to stretch out words where possible, usually along vowels. When you need to give your brain time to think, instead of saying “um” or “ah” you can just stretch out the vowels in the words you are already speaking. Seriously, just walk around speaking to yourself in your head, except trail and hold the last vowel of the word you’re saying. Suddenlyyyyyyy you’ll souuuuuuuund like thiiiis, and if you practice stretching out your words you’ll be able to do it when you actually need it.
                                                                                  • “Make eye contact.” I put this in quotes because each member of the audience isn’t expecting you to make personal eye contact with them – they just want to see your eyes flash up to look in the vague direction of the audience. All you have to do is flick your eyes up every now and then and scan the room a little bit. You can imagine trying to look at people’s foreheads instead of their eyes to make it less intimidating.
                                                                                  • Put in more pictures than you think you need. Every time I finish a talk, I always look back and regret not adding more explanatory pictures, diagrams or charts. Even if they don’t add any new informational content, pictures give some visual variety to your presentation and give time for the audience’s eyes to rest. It may seem stupid, but even just putting the logos of the products/languages/tools you’re talking about can help.
                                                                                  • Try not to read off your slides. This may be hard since you’re relying on your slides to guide what you’re saying, but I try to speak about the important parts of the topic and let the slide text be the more extended, complete version of the idea.
                                                                                  • Make your font size way bigger than you think it should be.
                                                                                  • If you have to show code, be minimal about it – with a large block of code, your eye isn’t drawn to any point and the audience will struggle to find where the code you’re speaking about is. Maybe only show a function and its call signature, or a single line to show off a cool operator in a language. If you really, really, really need to show a block of code, you might want to ghost it out and highlight each line of interest as a separate “slide.” This gives the audience a visual anchor to look at as you’re going through each line.
                                                                                  • The audience wants you to do well! They are on your side, and are actively looking to forgive any mistakes you might make. If you do make a mistake, give yourself some time and space to recover and keep going! People will remember your talk, not the 5 second pause you took to remember where you were in your slides.
                                                                                  • If you’re giving a longer talk (maybe 15 minutes or more), it can help to show a table of contents slide at the beginning and refer to it throughout your talk. Not only does this remind the audience how all the pieces fit together, but it can help you write the talk since you have an outline to work from.

                                                                                  Good luck!

                                                                                  1. 4

                                                                                    Try not to read off your slides.

                                                                                    This is super important! Reading your slides is one of the most common and most annoying presenter mistakes. I’ve taken to creating slides that don’t even have sentences on them in order to avoid this. A word or two at most; but mostly just images.

                                                                                  1. 3
                                                                                    • It would cache data off-machine into fault-tolerant storage.
                                                                                    • If the machine broke I would like to go to any other machine and resume work within a few seconds without losing any data.
                                                                                    • If my machine was stolen I would like it to be totally unusable after a short time - so nobody would bother to steal it.

                                                                                    Back when I worked at Google, these problems were effectively solved with Chromebooks. I did my main development by SSHing from a desktop Chromebox into a relatively powerful workstation. When I traveled to different offices, they had loaner Chromebooks available. I would simply check out a loaner Chromebook, sign in, and after a few seconds Chrome Sync would provide me with a mobile version of my home setup. You had to accept a few compromises in your workflow, but once you did that the benefits were great.

                                                                                    1. 2

                                                                                      My issue with chromebooks is the Google data concerns. If I could get something like a Chromebook but with my own server in the back, that’d be wonderful. Oh, and decent access to the computer itself would be nice (there’s only so much a browser can do). Butkfer other people, I recommend Chromebooks as the easiest consumed computer.

                                                                                      I wish that Plan 9 from Bell Labs had caught on more. A few people have pined after that in their interviews. What particularly stood out to me was Rob Pike’s comment:

                                                                                      it used to be that phones worked without you having to carry them around, but computers only worked if you did carry one around with you. The solution to this inconsistency was to break the way phones worked rather than fix the way computers work.

                                                                                      It would have been nice if the Plan 9 vision had come to fruition.