1. 5

    If anyone would like to share, I’ll ask: how and when did you end up joining the site?

    I first found Lobsters in 2014, when someone mentioned it on HN as a more pleasant community. There were fewer comments then and the point totals were much lower, but I remember enjoying every post I read. I think a huge factor was how memorable the domain name was, I knew it without googling after seeing it once. I was a poor undergrad taking a leave of absence, and my phone and laptop were broken at the time, so I would read posts on workstations at my dad’s office while helping him with IT stuff. Honestly this site means a lot to me for that; at a real personal low, it reminded me that CS wasn’t just my experience with school.

    1. 2

      I’ve seen a mention on reddit and applied, somehow got in.

      1. 2

        2014 for me too. I had been thinking of leaving HN after the ridiculous pending comments scheme had been announced. Somewhere during the discussion of it back in those days, I saw Lobsters mentioned as an alternative. I took a look, liked what I saw, and asked in the queue for an invite.

        1. 2

          I’ve had the pleasure of knowing @pushcx for close to two decades at this point. He mentored me in programming fundamentals over that time and I found myself watching on of the Lobste.rs live programming streams for fun one evening. While discussing the stream he sent me an invite and I have thoroughly enjoyed having a sane source of news ever since.

          1. 2

            I was a lurker for a while before I actually got an invite.

            I came across @jcs’s blog after getting into OpenBSD (it was probably around 2019, so fairly recent). On there I found an old post complaining about the state of the orange site’s moderation. There’s a tiny link at the bottom of the post to a website…

            After finding Lobsters on that blog post I lurked here, reading stories, never bothering to get an invite until one day I came across someone (on Discord, funnily enough) who said they had an invite for someone who wanted it.

          1. 27

            Obligatory please don’t tell anyone how I live, here is my very messy desk:

            OS: Arch Linux

            CPU: Intel i5-6600 @ 3.30 GHz

            RAM: 16 GB DDR4

            WM: i3

            MB: Gigabyte Q170M-D3H

            KB: IBM Model M

            GPU: Nah

            Cat: Orange and White Maine Coon, “Salsa” aka “Salsa T. Cat Esq.”

            Cat treats: Chicken

            Water: Tap

            Coffee: Black

            Whisky: Neat

            1. 11

              I enjoyed this image very, very much. Thank you for your honesty! I particularly enjoyed the pump bottle of vaseline.

              1. 6

                Thanks! I was going to remove it and take another picture but then I thought, well why not just show a slice of everyday life? It’s cold and dry where I live in Canada and my skin needs some lotion so I don’t get the alligator complexion.

                I was thinking a lot of this excellent Calvin and Hobbes comic when I was taking the picture, should I clean up my desk before I take a picture so I appear to be neat and tidy or just present my life as-is unfiltered?

              2. 2

                This feels like home. I don’t know if you can actually compare two messes but our areas feel equal in messiness.

                1. 2

                  I see the base for the soldering iron. I’m scared to ask where in here the actual iron is.

                  1. 1

                    Haha, it’s off to the left, on the window sill.

                  2. 1

                    Fantastic! As well as Arch, I’m a huge Kubrick fan—where did you get your desktop background?

                    1. 1

                      Awesome, glad you liked it. I’ve had that one for a long time, I did a search on the filename and there is a copy here: https://www.colipera.com/you-deserve-nothing/vector-2001_00359644/

                    2. 1

                      I often struggle with how messy my desk becomes. My preferred style of note taking to work out a problem is a good pen and pads of paper, so things end up accumulating and I don’t feel like I want people to see my office. Thank you for sharing this picture! I’m right in the middle of reorganizing, or I’d show you how bad mine can get.

                      1. 1

                        is that a speaker strapped to the bottom of the left monitor? If yes, why?

                        1. 1

                          It is! It was an accessory that was available with that monitor and from what I recall, a lot of Dell business/professional monitors. Here’s what it looks like off the monitor.

                      1. 4

                        Maybe it doesn’t matter for web things, but it matters a lot if your software is a pain to build from source (especially for distribution packagers)

                        1. 6

                          I read the article as suggesting new programmers not worry about the development environment, not that it doesn’t matter at all. By the time someone is shipping source code for a major system, my assumption is they’ll be the chef who has figured out what knives are actually needed. But, having inherited some codebases that made a lot of assumptions about which IDE I would want to use, I would completely agree that at some point chefs need to seriously care about their knives.

                          1. 2

                            Another thing I’ve seen quite few devs worry about is which language to use; and my usual advice is “just pick one and go with it, it doesn’t matter that much”. Once you know one language, the second is a lot easier to learn.

                            1. 1

                              One of the main reasons I love programming is it is taking a big problem (I need to do X) and breaking it into the discrete smaller problems to get there (X requires Y, Y needs Z, so let’s start with Z).

                              I have encouraged a few younger programmers who were coming from non-technical fields to do exactly what you said. For them the big problem was “I want to learn programming, and that is scary.” We broke that down into “To program, you need a language. There are so many to choose from, have you ever heard of one you’d like to try? If not, consider Javascript because as long as you can ctrl-shift-i, you have everything you need.” Once the first Big Decision is out of the way, the actual learning can begin.

                              By the time they realize Javascript isn’t the end-all-be-all for what they need, they have enough knowledge to not feel daunted by the second language. Incidentally, I’ve also seen this as an issue with Linux, where the sheer number of distros has caused analysis paralysis on the person that wants to break in and try it. Keep some spare LiveUSBs on hand and get them over that hump.

                        1. 29

                          This could’ve been an excellent post about engineering in the large, given GitHub’s scale and age. What did it take to translate the legal requirements into a software project, to build a list of every cookie that every line of code has set in the last 12 years, to match them to business justifications, to migrate away from or combine all the unjustified ones, and to manage multipart deploys as they remove dependencies on specific cookies? Instead the entire post is patting themselves on the back for deleting one div.

                          1. 5

                            Concur. When I read “So, we have removed all non-essential cookies from GitHub” my immediate first thought is “What is essential?” followed shortly by “Why is that essential?” Is it because you made a design decision that required you to use that package with a tracking cookie? Is it because you wanted an easy answer and setting a cookie was that?

                            For example, Github right now sets a cookie “logged_in=yes” for my account. I can delete that cookie and the page loads just fine, resetting the cookie.

                            Github also sets a cookie “dotcom_user” that is my username. But it also keeps a device ID and two separate session IDs. Do you really need my username stored in that cookie?

                            This is them calling “Mission Accomplished” on the aircraft carrier of privacy to feel good, nothing more.

                            1. 9

                              logged_in=yes

                              Good god, the horror! Someone call the police! 😒

                              GitHub setting cookies that only they themselves can read isn’t a problem; they got that information anyway. The problem is cookies by third-party services, and those have, as I understand it, been removed.

                              1. 6

                                I hope it was clear from the rest of my comment that I am not trying to say this cookie is an abomination to mankind. I am trying to point to the issue of “essential” not being defined. To be more precise, Github is saying this falls within:

                                Strictly necessary cookies — These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user.

                                My question then, as @pushcx noted, is how Github’s engineers/developers/policy folks decided what was “essential”. That would have been a good read. But if I can delete an arbitrary cookie and the site will still work (and immediately reset it), is this actually essential? It seems like the answer was to remove 3rd party cookies and then everything left must be essential, instead of digging in to understand why each cookie was set and determine if it held value.

                                Do I care that Github sets cookies? Not in the least. Does Github setting a boolean flag and storing it for a year (logged_in=yes is a persistent year-long cookie, not a session cookie) affect my privacy directly? Not likely. Does Github setting a string value (dotcom_user=[my username]) affect my privacy? Well, it could, depending on which computer I log in to and if they actually destroy that cookie, since it also is a persistent cookie stored for a year and not a session cookie. Does Github setting a value called device_id and storing it as a persistent cookie for a year affect my privacy? I mean, it easily could, depending on what they do to aggregate that information and what computer I use to log in.

                                But ultimately, this comes down to the assertion they’ve removed everything but the essential cookie and the glaringly obvious question “How did you decide what is essential?” It wasn’t addressed and at least the logged_in example above would seem to identify a persistent cookie which is stored for a year which is not “essential for you to browse the website and use its features, such as accessing secure areas of the site” since they also track two other session cookies that would tie to my logged in session.

                                1. 3

                                  My previous comment was probably a bit more snarky than it should have been – apologies.

                                  The GDPR only applies to personally identifiable information, and a logged_in=yes cookie isn’t, so GDPR doesn’t really apply. You still have the ePrivacy directive (“cookie law”) which, if you follow it to the letter, you may need to ask consent before setting that logged_in=yes cookie as it may not be “strictly” necessary (depending on your definition of “strictly”). However, it’s not really in the spirit of that law, and I think worrying about it is rather … pointless.

                                  I think far too many people are somewhat overly occupied with the letter of the law on these issues, rather than the spirit of it.

                                  I agree the depth of the article could have been a lot better – it’s pretty shallow as-is.

                                  1. 1

                                    Thank you for the clarification, all is forgiven! I appreciate your position much better now. I would definitely agree that logged_in=yes (or no) is not personally identifiable and not within the spirit of the law. I went too far in my comparisons of the cookies and should have stuck to things like the username.

                                    Thank you for clarifying GDPR v ePrivacy directive for me.

                                  2. 3

                                    I just tried opening GitHub in a private window to see what cookies it sets. There are three:

                                    • _gh_sess, set to what looks like a random identifier. This is a session cookie.
                                    • tz, set to my time zone. This is a session cookie.
                                    • _octo, set to GH1.1.2014279703.1608313886. This is persistent and seems to be a unique identifier (the numbers change if I clear it and start again).
                                    • logged_in, set to no.

                                    The tz and logged_in cookies are probably not technically essential (the tz one contains a copy of the time zone my browser sent in the HTTP request), but they don’t contain any personally identifiable information.

                                    The _gh_sess cookie is a generic ID that’s probably tied to a database entry for maintaining persistent state across navigation. Whether that’s fine or not depends on what they store in the database.

                                    The _octo cookie is interesting because it’s a unique identifier that tracks me across return visits. That’s on the borderline of okay, depending on what it’s used for. I’d really like see a follow-on blog post that talks about these two cookies and what they’re used for.

                            1. 66

                              It would be terrible if this repo was replicated across the Internet.

                              Remember kids, don’t copy that floppy!

                              1. 12
                                1. 10

                                  Codeberg is hosted in Germany, I wouldn’t count on this repo staying up.

                                  1. 2

                                    I wouldn’t be so sure. In germany youtube-dl would probably be seen as a tool for making a personal copy, which is allowed in germany.

                                    1. 2

                                      Historically, why is Germany so anal about copyright compared to other countries?

                                      1. 10

                                        Easy money. Cease & Desist letter in Germany come with a fine attached if you follow them. You need to pay the the lawyers fees (~800+ EUR). This is pretty unique. So there’s “cease & desist” mills who trawl people, e.g. off bittorrent and all other networks. This means that some of these cases will end up at a court. As all things digital have no place of service or occurrence, the filing side can pick any court to go to. Which is usually Hamburg or Cologne, which tend to be the most eager to stretch the law to the rights holder side. But that’s actually not the process intended, what they want is people to be frightened and paying the lawyers fee on the first letter. They will even lower it if you even look at them like you might defend yourself.

                                        1. 2

                                          They, like the US, have a highly information based economy. If you can put a value amount on copyright, you can put a penalty amount. You can decide if a lawyer is worth it. You can make laws about it.

                                          1. 2

                                            Germany somehow seems even worse than the US though, despite producing less media so I don’t understand that discrepancy

                                            1. 2

                                              This is unsurprising. Most international media companies here are basically “importing” and rarely “exporting”, which means (distribution) licensing, so all their local orgs have a high focus on rights management and lobbying for better terms. And if you have staff lawyers around all the time… you might as well use them?

                                          2. 1

                                            I think that whole sentence can be substituted as “Historically, why is Germany so anal about everything compared to other countries?”…

                                            (Just kidding, sorry Germans!)

                                            1. 1

                                              Der Freud wegen.

                                        2. 7

                                          The original repo is on the WayBack machine 1400 times with the most recent being 5 days ago. If you’re forking just to a copy lives around and not to continue development, I would just snag it there to be sure of the source.

                                          Edited to make it clear I was linking to the original repo.

                                          1. 3

                                            https://github.com/plredmond/yt-download

                                            please do not click the fork button

                                            1. 1

                                              Do not save copies outside Github as well. Wait until Github takes down all the forks in one go (it’s not hard to do technically).

                                          1. 3

                                            Thank you for sharing this! As a lover of HTML for a long time, I would strongly agree with much of the sentiment!

                                            I fear, however, some of your argumentation is very similar to what I used when I was a touch younger (especially when it comes to arguing for Linux) and there may be slightly more shades of gray in your argument that you should acknowledge if you want meaningful discourse from the person you are trying to persuade. Consider me your target market, I use Jekyll to create a static site and you are arguing that is less sustainable than your solution. I would disagree.

                                            For example, two of the knocks against Jekyll seem to be made against Jekyll as you have (or have seen others) used it. The need for Jekyll to be installed on the web server is not a requirement, I author my content in Jekyll on my development box and, exactly as you do, copy a folder of HTML to the web server. I am also not concerned about breaking changes in future versions of Jekyll, because I can pin the version in my Gemfile, which is checked into my git repo, so every time I clone this, I will be using the same version of Ruby and Jekyll.

                                            Having helped more than one friend recover pure-HTML websites in the past, even as you’ve acknowledged, there is a LOT more work if the repetitive aspects aren’t handled by something dynamic. In your case, you are using PHP at the time of the page load. I prefer to not need anything beyond the web server, so in my case, that is Jekyll when the page is created. Both solve the problem, one does it once, the other every time the page loads.

                                            Because of that, I would suggest considering how much of your argument is based in preference (a hard lesson I had to learn as I would frequently argue long and loud about why no one should use Windows, but only Linux) and how much you would consider a well-reasoned standard many would accept. When you say something like “The more a web site resembles a folder of ungenerated, static HTML files, served over HTTP, the more sustainable it is” and then immediately say why you needed PHP, you don’t convince me to drop Jekyll and a static site and move to PHP and a dynamic one, especially since you just said static HTML is fool proof and now you are introducing other packages.

                                            To flip your second argument on its head, I would argue that I have the power to completely redesign the structure of my blog simply by editing the _config.yml file and changing the permalink structure from (currently)

                                            permalink: /:year/:month/:day/:title/

                                            to

                                            permalink: /:year-:month-:day/:title/.

                                            That would make the complex URL you laid out and do so for every file in 2.26 seconds (on my current build). To make that change in pure HTML would require moving everything around, yet your premise for this point revolves around power to create the structure of the site.

                                            “How limited am I in my creation and maintenance of a) the structure of the entire site, and b) any given page on the site?”

                                            I say all this because I agree with a lot of what you are saying, but believe you can present a more solid argument. Having tried (both successfully and unsuccessfully) to migrate people to straight HTML, I think you may want to not attack how those HTML files get created as much as the fact that they are (i.e. if a user has a SSG they like, that’s awesome. If you like a WYSIWYG and I prefer CLI-based tools that work anywhere, it doesn’t matter).

                                            Two arguments I often find persuasive are that of security and cost. To the average person (not average on Lobste.rs, literally your average businessman who runs a random website that he needs work on), much of the above is esoteric and unintelligible. But when you start talking about Wordpress having a security flaw that gives anyone access, or that the cost of hosting the site as HTML being cheaper than the corresponding “full” hosting, normal people start to listen. Show them the difference in page load time between garbage dynamic hosting and a static site, they’ll realize what their customers will see quicker. They go with Wordpress or Wix simply for ease of use, but when other topics they deal with on a daily basis come up (security/risk, money, customer experience), now you have an audience willing to hear your pitch.

                                            Also, +1 on the flip phone. #ColdDeadHands.

                                            1. 2

                                              Thanks for your kind comments! I have a couple of answers:

                                              1. Yes, my arguments are rather subjective. It’s my own opinions and preferences, based on my own experience, which might align with other people’s experience, but might not. I don’t really want to persuade people who aren’t in the same situation as me and have other areas of expertise. I think that if you don’t care about the two criteria that I describe – especially sustainability – then you won’t be persuaded by my argument.

                                                As for my presentation being a bit black and white, I recognize this, but I found it hard to condense it without leaving out some of the nuances and alternative approaches.

                                              2. Maybe I should clarify that I wasn’t talking about the problem of needing Jekyll installed on the server, but rather on the computer you use to edit your web site. If you need a special piece of software on your computer to edit your web site, then you can’t easily edit it on computers that you don’t own, or ones that use another operating system, etc.

                                              3. I mentioned the /YYYY-MM-DD/post-title URL as an example of a non-complex URL. A more complex one would be /category/post-title. Even this is rather simple, but very difficult to implement cleanly with Jekyll (at least last I tried).

                                              1. 2

                                                I mentioned the /YYYY-MM-DD/post-title URL as an example of a non-complex URL. A more complex one would be /category/post-title. Even this is rather simple, but very difficult to implement cleanly with Jekyll (at least last I tried).

                                                This shouldn’t be too hard:

                                                permalink: /:categories/:title/
                                                

                                                Not sure what problems you ran in to with this? Also see the documentation.

                                                Because posts can have multiple categories, this can result in links like jekyll/update/welcome-to-jekyll (categories “jekyll” and “update”); but it’s not too hard to add a plugin which adds :first_category so you have just jekyll/welcome-to-jekyll:

                                                class Jekyll::Drops::UrlDrop
                                                  def first_category
                                                    @obj.data["categories"].first || ''
                                                  end
                                                end
                                                
                                                1. 1

                                                  Sorry, I didn’t remember entirely. What I was trying to do is to have my posts arranged in a directory structure and mirror that directory structure in the generated site. This is what turned out to be extremely difficult.

                                                  For example, I’d have some posts stored in english/technology/prolog/ or whatever and would want that mirrored in the URL of the generated site (/english/technology/prolog/).

                                                  So, to clarify, I meant /category/post-title, assuming that the post is stored in the directory category, which can be an arbitrary path.

                                                  1. 1

                                                    You should be able to place the files in english/technology/prolog/post.html (or .markdown), with some optional frontmatter if you want to apply a template or some such. Like I mentioned in the other post: you don’t need to use the _posts directory (although you can probably do something similar from there too, but I’d have to check).

                                                    Lots of the documentation on the website is focused on writing a blog from _posts so it’s probably a bit confusing, but you can do a lot more with it.

                                                    At any rate, not trying to convince you to use Jekyll or anything; if your current solution works for you then 👍 But feel free to let me know if you decide to try it again and run in to problems.

                                                2. 1

                                                  My pleasure! Those are fair answers and I hope you do persuade others to join the HTML side of things! Thanks again for sharing this article.

                                              1. 5

                                                I think this is a good marketing idea. At least now some people head about you. :) If it was intentional, my applause 👏 If not, meh 😒

                                                1. 5

                                                  If it is marketing it should be elsewhere.

                                                  1. 3

                                                    I feel it is more of a marketing post, since there’s nothing of importance that it talks about. There’s no mention of how it happened, and instead just has a piece of code thrown into the post that shows tables are being dropped. Even the “What have we learned? Why won’t this happen again?” part does not really state why it wouldn’t happen again. The entire post feels poorly written, stating the obvious points like have backups, do not hardcode, do not use same passwords everywhere; which, even if, is very common and should be known, does not provide any significant context in this case.

                                                    1. 5

                                                      I would agree, after reading the article, I felt reading the subject line gave about as much information. Of particular note is the lack of root cause understanding, which makes many of those mitigations questionable. He says they don’t share passwords, for example, and yet somehow they worked. I think a far more informative post for many of us will be the real answer as to why this happened. “Don’t share passwords, also if you use package Y, be aware that it replicates the password to all environments” or some such.

                                                    2. 2

                                                      I dunno. Having heard of them is one thing, but hearing that they appear to be at least somewhat incompetent, and possibly alcoholics is not really a positive thing for me.

                                                      Not all publicity is good.

                                                    1. 27

                                                      We’ve learned that having a function that deletes your database is too dangerous to have lying around. The problem is, you can never really test the safety mechanisms properly, because testing it would mean pointing a gun at the production database.

                                                      I’d argue that you should have this function “laying around”, for development use – and it should be the only way you drop and create tables. Otherwise, you’ll fall back to dropping tables by hand, where it is impossible to add more safety. At least with this function you can add checks like “don’t do it if any table has 1000 records” or something. This is called poka yoke.

                                                      1. 2

                                                        Thank you for sharing the link to poka yoke! I had never heard this expressed in such formal terms, but it makes a lot of sense after it is.

                                                        1. 1

                                                          This is interesting. I’m always surprised at how frequently software development leans on learnings from manufacturing. I guess it’s just another form of manufacturing.

                                                        1. 1

                                                          I clearly need to get more into home automation/IoT stuff because I read this title as being about a ring (topology) used for alarms and thought that could be quite interesting (trying to find a path in case your normal dash board goes down? what could they mean?). Turns out it is about the doorbell system, but just as fascinating a teardown of the hardware and firmware and somewhat relevant to a side project I’m looking at.

                                                          5/5, would make this mistake again!

                                                          1. 4

                                                            Excellent article, thanks for sharing!

                                                            1. 2

                                                              Thank you, I appreciate that! I felt I could have made this more clear and struggled for a while trying to do so. Eventually I realized I needed to just get it published and deal with questions as they come up instead of trying to preempt all of them.

                                                            1. 8

                                                              The introduction has a lovely bit of Norwegian:

                                                              Freed, we dance
                                                              For an eyeblink, we play
                                                              We thousand small leafships
                                                              we anticipate, on that clear morning light
                                                              

                                                              That’s a wonderful introduction to the story of the seedling!

                                                              1. 18

                                                                Oh thank goodness it worked. My Norwegian is marginal at best, and I really worried I messed up my article agreement or use of på/i in that poem.

                                                                1. 3

                                                                  I’m fluent in Swedish rather than Norwegian, but to me “på” fits better since that preposition translates as “on top of” rather than “i” which would be “inside of” or “encompassed by”; and they are leafships.

                                                                  I did a quick check, looks like Swedish and Norwegian prepositions work the same way.

                                                                  Nice poetry, thanks for this nifty post!

                                                                  1. 7

                                                                    Thank you! And… that’s what I was hoping for as well. På/i has been such a challenge for me–I once told a friend I was i kjøkkenet (in the kitchen) and he stared at me as if I’d uttered something completely unparseable: one can only be i certain rooms of the house. One is på hytta (upon the cabin) but i huset (in the house). One is i Oslo, but på Røros, because… inland or mountainous towns are something one is on, rather than a coastal city, which one is within, except for places like Skjåk? One is på shops, libraries, and restaurants (I think because there’s a sense that these aren’t just places, but sort of… activities that one has embarked upon? ANYWAY languages are cool and hard and I like them, CARRY ON

                                                                2. 1

                                                                  This was a fantastic read. I was a bit hesitant based on some of the other recent interview links that ended up turning into long discourse NOT about the article, but your quote of the Norwegian hooked my interest. Thank you for pulling that out.

                                                                  Highly recommend this for anyone that wants to discuss the “correct” answer to FizzBuzz.

                                                                1. 2

                                                                  Fantastic amount of documentation in here, especially for a shell script! The repo credits its predecessor and builds meaningfully on top of it, thanks for sharing this!

                                                                  1. 2

                                                                    Looking through the Android 11 features and they seem like a decent improvement. The thing that stuck out to me was how at the end they have a link to “pixel exclusive features” after reading the list it didn’t seem like a single thing on the list was linked to specific hardware requirements. Is google really moving features out of android AOSP to make their phones look better?

                                                                    1. 1

                                                                      I couldn’t find that link in the page (Ctrl-F, ‘pixel’), would you mind sharing that URL? I’m curious to see what’s on it.

                                                                      1. 1

                                                                        I think the URL changed from a more consumer/PR-focused blog post to the current developer-focused URL.

                                                                        1. 1

                                                                          would you mind sharing that URL?

                                                                          This is the list of “Pixel first” features. https://www.blog.google/products/pixel/android11-exclusive-pixel-features and they specifically say “And this time, with new Pixel-first features on Android 11, your Pixel has even more smarts to make it better and more helpful…” The Pixel support thread (https://support.google.com/pixelphone/thread/69861931?hl=en) similarly sells these new features from an (as I would term it) advertising perspective.

                                                                          Is google really moving features out of android AOSP to make their phones look better?

                                                                          Not to sound jaded, but why would this be a surprise? Or to rephrase that, if Google has teams dedicated to Pixel support, why would they force those teams to put everything developed into AOSP? As a company, they have to find some way/reason to market their products and I wouldn’t expect them to leave the Pixel stock.

                                                                      1. 7

                                                                        Actual paper is here: https://arxiv.org/pdf/2009.01694.pdf. As someone without a ton of background in Linux kernel development, I found it more informative than the article itself.

                                                                        1. 10

                                                                          My usual thought when I see “XXX in only YY LoC” is to ask what packages are imported and just how large are those? But after reading this I didn’t care there’s another 180 lines of magic imported from hmac because of how great the documentation is.

                                                                          This is seriously worth a read, whether or not you are writing in python (I generally don’t) or care to play code golf (occasional pasttime). The README.md is 700 lines to explain everything about the 20 LoC in the implementation, and the tests are a further 80 LoC. That means you’ll learn a lot from this about TOTP in general and, if you’re a Python user, all the ways you can make use of this for your own code.

                                                                          Thanks for sharing!

                                                                          1. 2

                                                                            Thanks for posting this reply, because I was going to potentially skip it for the same reason - I’m glad I didn’t!

                                                                            1. 1

                                                                              Thank you for the kind words and appreciating the documentation.

                                                                            1. 23

                                                                              I hesitate to post a Twitter thread in response to a submission of a Twitter thread (I wish foone would do this on a blog), but this is worth pointing out since the teardown makes it seem like the electronics version is a joke.

                                                                              https://twitter.com/V_Saggiomo/status/1301809747042217984

                                                                              That said, this device is incredibly wasteful and irresponsible, and that the marketing around it is highly questionable.

                                                                              1. 5

                                                                                Thanks for sharing the rebuttal, that is a good perspective. I hesitated for a few days before posting that thread as I wasn’t sure how kosher Twitter was here. I always find these sorts of teardowns fascinating because it makes me realize how much “magic” we assume in things we see around us.

                                                                                And, yes, I wish this was posted on a blog and not just a Twitter roll-up.

                                                                                1. 10

                                                                                  In general, submissions of Twitter threads are discouraged, with the occasional exception, mainly because Twitter posts tend to be low content, high impact/drama info tidbits (read: news headlines). In this case I consider it an exception since foone tends to post long threads with lots of information. Still, I wouldn’t make a habit of it.

                                                                                  1. 3

                                                                                    Thank you, I appreciate the explanation and will certainly be sparing.

                                                                                2. 2

                                                                                  The problem I see here is that the original read to me as purely technical “Oh wow, it seems unguessably complicated and in the end it’s an LED and a photo sensor” - (I myself would’ve expected measuring a change of current or resistance in the test material, but I would’ve been very wrong)

                                                                                  But this “rebuttal” is more condescending like “look at this idiot dissecting this thing where it COMMON KNOWLEDGE how it works” etc.pp.

                                                                                  The post by Naomi Wu is insightful, but I don’t get how people can be mad at foone, because I didn’t see any “omg the people who buy this are so stupid”. And that it’s wasteful to be thrown away after one use is a simple fact, the debate whether it’s worth it something completely different.

                                                                                  1. 2

                                                                                    What is it about this device you think is irresponsible?

                                                                                    1. 2

                                                                                      That it is single use and mass produced.

                                                                                      1. 0

                                                                                        So is the manual test strip inside of it?

                                                                                        1. 5

                                                                                          Single-use electronics is much worse than a test strip, I think. Beyond being overkill, it’s polluting to produce, generates long lasting garbage, and consumes rare materials.

                                                                                          1. 1

                                                                                            If it was such a waste of “rare” materials, it would be more expensive.

                                                                                            1. 4

                                                                                              Of course, markets are efficient and always account for externalities 🙄

                                                                                              1. 3

                                                                                                Ah yes, the market is perfect, of course.

                                                                                    1. 1

                                                                                      Realistically? Coming up with more excuses not to start that new Rails project I’ve been contemplating for a few months. Probably lobste.rs PRs and cleaning up some other code of my own.

                                                                                      1. 52

                                                                                        I’m not convinced everybody hates it. I think a certain group of programmers dislike it a lot and are quite vocal about it, while the vast majority use it every day and don’t think about it too much. Even the name is somewhat misleading to me, in practice its really class based programming. I don’t think most programmers are sitting there being like “the problem with this project is the fundamental nature of this language”.

                                                                                        Technology loves these grand, sweeping statements of “this is terrible and this is excellent”. The truth is always more nuanced than that. I suspect many people hate OOP because they work in large OOP codebases every day that are hard to work in, because despite the fact that OOP doesn’t force you to write bad code. It turns out that’s not how humans interact with tools. For me especially the “drift” of the object I’m interacting with over time (customer becomes a different thing as the product evolves) can be frustrating. I bet if we all worked with large functional programming codebases everyday there would be a lot of conversations about how much we all hate that.

                                                                                        Programming is hard and I think it is great that we, as a community, are constantly trying to rework software to make it more reliable and usable. In my experience OOP in the hands of experts is easy to maintain and flexible. When less experienced people get involved in the codebase, it gets harder to work with. Right now what I see is smaller teams writing functional programming applications and being like “this is the right way to do things”. Let’s talk when they’ve been interacted with for 5-10 years by a few dozen people of varying levels of experience.

                                                                                        1. 13

                                                                                          “the problem with this project is the fundamental nature of this language”.

                                                                                          I think that when I have to work with JavaScript. :p

                                                                                          1. 5

                                                                                            In my experience OOP in the hands of experts is easy to maintain and flexible. When less experienced people get involved in the codebase, it gets harder to work with.

                                                                                            This 100%, but more general. Any paradigm, in the hands of people who understand how to use the paradigm, will be maintainable and flexible. That’s why it’s so incumbent on people who are experienced to be good and empathetic mentors to people who aren’t experienced with the paradigm.

                                                                                            I’ve worked, as I’m sure many here have, with just about every programming mentality around, and none of them are any good – they’re just tools, and any tool has jobs it is suited for and jobs it is suited against. Some things naturally lend themselves to Object-based thinking, some to procedural, some to functional. I’d never want to write a OOP Theorem Prover any more than I’d want to write a procedural CMS or a functional video game. This not to say it’s not possible to do those things, but rather, I – personally – don’t find it easy to think about those things in those paradigms.

                                                                                            Computing oughta be a big tent, and there’s plenty of room for people to figure out what set of tools make sense for them.

                                                                                            PS, this goes for strong vs weak vs no typing too.

                                                                                            1. 3

                                                                                              I’m not convinced everybody hates it.

                                                                                              I took the title to be a fairly sarcastic comment, given the contents of the post. However, I would agree that the premise is a non-starter if meant seriously.

                                                                                              I think one of the biggest advantages to OOP which isn’t mentioned in the article outside of the quote he uses comes from the mental model you can use when teaching someone who has no knowledge of programming. As humans we all quite obviously interact with objects every day, whereas far fewer of us interact intentionally with mathematical functions every day.

                                                                                              I don’t know how many people I’ve encouraged towards programming, simply by verbally walking through something they are holding or looking at and helping them describe it as an object. You can see the lightbulbs go on as they realize this isn’t some magic, it is something they can understand. Often times, I’ll do this with a browser’s web console and offer some Javascript, not because it is the “best” language in the world, but because it is incredibly accessible as long as you have any modern web browser. What happens later down the road for them, whether they pick up a different type of language or move to something besides Javascript, doesn’t really matter in that moment, only that they were able to start the journey.

                                                                                              1. 1

                                                                                                Let’s talk when they’ve been interacted with for 5-10 years by a few dozen people of varying levels of experience.

                                                                                                I might be a little qualified to participate in that talk, because right now I’m working full time on a 7 year old 70k LOC Haskell codebase that has seen multiple generations of programmers where the codebase has changed hands across people who have never met each other. Some of those generations even only had juniors only. When I started, there were no Haskellers around, nor any kind of documentation. So I only had the code to stare at with the occasional comment that says -- yeah, I know this sucks. Mind you, this codebase had been serving customers and suffering “agile” changes in requirements with deadlines almost throughout its lifetime.

                                                                                                I’ve pushed my first fix the second day to a long standing problem, and started implementing new features the first week. Iteratively refactored the codebase bit by bit, never having to rewrite anything. Now after more than a year of combined refactoring, internal tooling development and new features without any pauses, I think the codebase is in a fairly decent state.

                                                                                                This experience made me appreciate how much beating Haskell can take and remain productive.

                                                                                                1. 1

                                                                                                  I’m working on a rails app that’s in the same boat (well, 12 years and 85k lines).

                                                                                                  Probably took me two weeks to be productive instead, and the pain of people using define_method with template strings is very real, but I’m astonished how far you can get on “this is a rails app, so you know where to look for everything”.

                                                                                              1. 2

                                                                                                Thanks for posting (I am the author) happy to answer any questions.

                                                                                                I work in the WebRTC/telephony space for ~6 years now and feel like I answer a lot of the same questions. I am on paternity leave, and decided to write this down so I can share! Outside of this book I also work on https://github.com/pion/webrtc where I learned a lot of the deeper details.

                                                                                                1. 1

                                                                                                  Thanks for sharing! This is a topic that interested me, but it seemed most of the questions I had are not yet included (I jumped straight to “Data communications” and “Applied WebRTC” after reading that each chapter stood on its own).

                                                                                                  Was there a pressing need to have the partial document available as it gets compiled by the authors? I’ll submit this as an issue as well, but I definitely think you should be clear from the outset that this is a work-in-progress seeking input. That would alleviate disappointment from reading the homepage which seems like a finished thing and then not being bale to use the relevant sections, while they are being written.

                                                                                                  Again, thanks for sharing and look forward to reading it once complete :)

                                                                                                  1. 1

                                                                                                    eed to have the partial document available as it gets compiled by the authors? I’ll submit this as an issue as well,

                                                                                                    My paternity leave ends this week. I wanted to post before I got sucked back into work :(

                                                                                                    I wanted to do all development in the open to encourage others to get involved. If I throw things over the wall it is harder for people to get involved.

                                                                                                    ‘Data Communications’ and ‘Applied WebRTC’ are going to be written by other people. I don’t know when they will availability though. I am hoping to finish the Media chapter this weekend. If you are interested would be happy to send you a PM when these get published!

                                                                                                    1. 1

                                                                                                      My paternity leave ends this week.

                                                                                                      Makes sense! Thanks for the offer, I’ll follow on GitHub and spare you the need to track it and send a PM.

                                                                                                  2. 1

                                                                                                    This is excellent, I wish there were more conceptual deep dives like this of web technologies (and really anything else). I’m impressed how well it turns what seems like acronym soup into digestible bits, and how not long it is.

                                                                                                    Critique: the navigation is unintuitive to me. There’s no “next” button at the bottom of the introduction, the hamburger menu on the upper right of my phone didn’t do anything, and the one on the left opened what looked like a table of contents, but didn’t include the introduction, (and still doesn’t when I go to other sections). The content seems well unordered (that’s a good thing, I clicked a random chapter and didn’t feel lost), but it’s weird that I can’t just turn the page until I’m at the end.

                                                                                                    Extremely pedantic critique: it’s JavaScript. The middle S is capitalized.

                                                                                                  1. 1
                                                                                                    $SHELL
                                                                                                    ~ % echo $SHELL
                                                                                                    /usr/local/bin/zsh
                                                                                                    

                                                                                                    Eh, I don’t know. That tells me that it’s configured as my shell but does not necessarily tell me the location of the shell I’m currently typing in.

                                                                                                    I can hardly notice the difference. Since you have quit the terminal and started a new session, isn’t the shell you are using guaranteed to be the one configured?

                                                                                                    1. 9

                                                                                                      I can hardly notice the difference. Since you have quit the terminal and started a new session, isn’t the shell you are using guaranteed to be the one configured?

                                                                                                      I think this is the entire point of the article, “is it guaranteed?” The author is presenting a way to be sure your assumption about what is running is what is actually running, outside of the normal checks someone such as myself might run, such as echo’ing the $SHELL variable.

                                                                                                      If we abstract this a bit, let’s examine the value of a variable halfway through the execution of a program. We believe the value should not have changed, but without looking at the source code, that is a big assumption and the reason we’d be writing tests. The author just let us prove which actual executable was running.

                                                                                                      For a more concrete example, this screenshot is not edited at all. I clicked the ‘Terminal’ icon on my (admittedly Linux) desktop and immediately echo’d the $SHELL variable. It returns /bin/zsh. But when I use the author’s fuser suggestion, it shows there are no copies of that running, only /bin/bash! You can see all I had to do to fool echo $SHELL was set SHELL to be a new value in my .bashrc file.

                                                                                                      So to answer the question, no it is not guaranteed and the author just let you prove it.

                                                                                                      1. 1

                                                                                                        I can see your point, but “The argument to chsh will be the shell for your subsequent logins as well as the content of $SHELL” is a promise made by the Unix-like environment. If you don’t trust the environment (which makes sense: maybe there is a rootkit), then you shouldn’t trust the output of fuser either, since it’s also part of the environment.

                                                                                                        Your example of examining source code reminds me of this story. What if the tool you use to view the source also has a backdoor to hide a statement that changes the variable? :)

                                                                                                        1. 3

                                                                                                          I take your comment in the “:)” light it is intended and would like to meet you in the middle. I half considered going down the crazy extremes, but my example was more to point to the article giving us a way to start down the road of proving our assumptions, the same as we would prove the assumption that $x shouldn’t ever be negative in such-and-such a function.

                                                                                                          I think the happy middle ground which allows that one might want to do more than echo $SHELL and less than cover my house in foil is the fact that I am often a fool and make silly decisions, often after saying “This shouldn’t hurt anything…” Occasionally I have found it very useful to validate my assumptions, only to realize that something I decided to do X months ago actually invalidated them. With how often that has proven true, I think the article’s offering of a way to prove the promise made by the Unix-like environment true, or false, is a very worthwhile thing, even if often it will not be needed.

                                                                                                        2. 1

                                                                                                          Thanks for this. I was afraid that what I was trying to convey wouldn’t quite come across. It’s a little meta in that I was curious if I could figure out the current path of the current process of the shell I was typing in.

                                                                                                        3. 5

                                                                                                          I just opened a terminal with my default shell being /bin/bash. I typed zsh, and at the zsh prompt typed, echo $SHELL. The response was, /bin/bash because that’s my login shell, and the one that spawned zsh.