Threads for unhammer

  1. 1

    What are the pro’s/con’s of this vs using the StrictData pragma?

    1. 3

      Not sure if posting this fits the rules, but I semi accidentally stumbled upon this a while ago, and it markedly improved my life, so I figured it might be useful to share :)

      1. 1

        how does it compare to Magit?

        1. 2

          I am not a very heavy magit user, but, for the features I use (staging in chunks, instant fixup, reword, etc) it feels surprisingly close. Before this, I had an mg shell command which fired up Emacs+magit when I wanted to do git stuff. Now I do all that from VS Code without a context switch.

          Interactive rebase is a bit more clunky than in Emacs though. On the positive side, g is mostly not needed any more, the state updates reactively.

          1. 2

            it’s like most vim emulators in other editors… it works mostly but there are a ton of annoyances that irritate

          1. 2

            I’ve updated the benchmarks to include “buffer-builder”. It’s not very different from “aeson”.

            jsonifier/1kB          mean 2.087 μs  ( +- 260.0 ns  )
            jsonifier/6kB          mean 12.33 μs  ( +- 222.2 ns  )
            jsonifier/60kB         mean 118.3 μs  ( +- 1.991 μs  )
            jsonifier/600kB        mean 1.270 ms  ( +- 38.92 μs  )
            jsonifier/6MB          mean 20.53 ms  ( +- 1.042 ms  )
            jsonifier/60MB         mean 194.9 ms  ( +- 15.04 ms  )
            aeson/1kB              mean 6.542 μs  ( +- 199.2 ns  )
            aeson/6kB              mean 31.25 μs  ( +- 494.5 ns  )
            aeson/60kB             mean 261.7 μs  ( +- 8.044 μs  )
            aeson/600kB            mean 3.395 ms  ( +- 114.6 μs  )
            aeson/6MB              mean 30.71 ms  ( +- 701.0 μs  )
            aeson/60MB             mean 277.1 ms  ( +- 4.776 ms  )
            lazy-aeson/1kB         mean 6.423 μs  ( +- 83.69 ns  )
            lazy-aeson/6kB         mean 30.74 μs  ( +- 607.0 ns  )
            lazy-aeson/60kB        mean 259.1 μs  ( +- 4.890 μs  )
            lazy-aeson/600kB       mean 2.511 ms  ( +- 18.71 μs  )
            lazy-aeson/6MB         mean 24.92 ms  ( +- 95.36 μs  )
            lazy-aeson/60MB        mean 248.6 ms  ( +- 736.6 μs  )
            buffer-builder/1kB     mean 5.512 μs  ( +- 77.39 ns  )
            buffer-builder/6kB     mean 30.29 μs  ( +- 459.9 ns  )
            buffer-builder/60kB    mean 307.0 μs  ( +- 3.640 μs  )
            buffer-builder/600kB   mean 3.001 ms  ( +- 75.72 μs  )
            buffer-builder/6MB     mean 33.05 ms  ( +- 336.3 μs  )
            buffer-builder/60MB    mean 308.5 ms  ( +- 3.489 ms  )
            
          1. 7

            Love ShellCheck! We use it in our CI to lint all our shell scripts at $dayjob. Adding ShellCheck to our build process and fixing all the initial issues was at times boring, but also immensely educational about sh/bash as a language (and why you should never use it for anything more than the simplest stuff…). I’m positive that running ShellCheck on any non-trivial collection of shell scripts will help you find and fix a lot of security issues as well as other bugs. I’m not sure whether that is praise for ShellCheck, or an indictment of shell as a programming language… ;-)

            1. 9
              Line 1:
              at $dayjob
                 ^-- SC2154: dayjob is referenced but not assigned.
                 ^-- SC2086: Double quote to prevent globbing and word splitting.
              
              Did you mean: (apply this, apply all SC2086)
              at "$dayjob"
              
              1. 4

                Simple, really: I use the things. Usually this works and everybody is happy. Sometimes it doesn’t and people complain, in which case I try to SSH into the server in question to see what’s amiss and fix it if I can (i.e. if it is a ‘soft’ problem). If fixed, goto start. If not, eventually I go home and find out where the magic smoke escaped.

                I have some off-site remote monitoring in place, i.e. my parents and my brother. They are quick enough to tell me their mail doesn’t work or the web thing doesn’t web or the media server doesn’t mediate.

                1. 2

                  This works for e.g. my weechat bouncer. But I don’t actually “use” my personal home page – I’ve in the past been notified by other people telling me it’s down, but I suppose some might get a bad first impression from pages being down :-) Now I have a cron job on a different server that emails me when it’s down …

                1. 4

                  How does it look when I download a phishy file? (Is there a warning I can skip, or will it just fail or what?) Some usage examples would be nice :-)

                  1. 1

                    for Part1, what do you gain with that extra dependency over just

                    import Data.Char
                    
                    thing1 a []     = [a]
                    thing1 a (b:bs) = if toLower a == toLower b && (a /= b) then bs else a : b : bs
                    
                    thing2 = length . foldr thing1 ""
                    

                    ?

                    (We don’t know that the ordering doesn’t matter because it’s a group – we know that it’s a group because the ordering doesn’t matter.)

                    1. 1

                      We don’t know that the ordering doesn’t matter because it’s a group – we know that it’s a group because the ordering doesn’t matter.

                      This is true, but from the perspective of this post, recognizing that this is a classic example of a group reminds us that it is a group, so ordering doesn’t matter by definition. If we don’t recognize this group as a classic example of a group, we would have to look at the operations, think about whether or not the action is associative, think about whether there is an identity, think about if each operation has an inverse.

                      The point is that we can recognize it from Group Theory, and apply things that were already done by group theorists to help us. That’s the crux of the benefit, I believe. Not that this wasn’t a group before we came along, but that because we can recognize it as a commonly studied group, we can draw from the large corpus of established properties that have already been studied by it.

                    1. 8

                      Filled out the survey. I spent a few months trying to get haskell to work for me but I found it a frustrating experience. I got the hang of functional programming fairly quickly but found the haskell libraries very hard to work with. They very rarely give examples on how to do the basic stuff and require you to read 10,000 words before you can understand how to use the thing. I wanted to do some ultra basic XML parsing which I do in Ruby with nokogiri all the time but with the haskell libraries I looked at it was just impossible to quickly work out how to do anything. And whenever I ask a question to other haskell devs they just tell me its easy and to look at the types.

                      1. 3

                        There’s often way too few examples, yeah :( And type sigs are definitely not the best way to learn. That said, once you get it up and running, parsing XML in Haskell is quite nice (we use xml-conduit for this at work).

                        Someone actually took it upon themselves to write better doc’s for containers at https://haskell-containers.readthedocs.io/en/latest/ and shared their template for ReadTheDocs: https://github.com/m-renaud/haskell-rtd-template in case anyone else feels inspired :)

                        1. 3

                          I agree. The language is beautiful, but we need to put more work into making libraries easier to understand and use. What makes it even worse for newbies is that as an experienced developer, I can understand when a library is using a familiar pattern for configuration or state management, but you have to figure out that pattern itself at the same time.

                          You shouldn’t have to piece together the types or, worse, read the code, to understand how a library works. I dislike the “I learned it this way, so you should too” attitude I often see. We can do better.

                          1. 5

                            I agree too. Hackage suffers from the same disease as npm: it’s a garbage heap that contains some buried gems. The packages with descriptive names are rarely the good ones. Abandoned academic experiments rub elbows with well engineered, production-ready modules. Contrast with Python’s standard library and major projects like Numpy: a little curation could go a long way.

                          2. 3

                            I think the challenge is unless the documentation includes an example or even documentation at all it can be hard to know where to interact many libraries. While reading the types is often the way you figure it out, I wish more libraries pointed me towards the main functions I should be working with.

                            1. 2

                              It’s a skill to look at the types, but it is how I do Haskell development. I’d love to teach better ways to exercise this skill.

                              1. 6

                                I started to get the hang of it but it really felt like the language was used entirely for academic purposes rather than actually getting things done and every time I wanted to do something new people would point me to a huge PDF to do something simple that took me 3 minutes to work out in ruby.

                                1. 2

                                  I use Haskell everywhere for getting things done. Haskell allows a massive amount of code reuse and people write up massive documents (e.g. Monad tutorials) about the concepts behind that reuse.

                                  I use the types and ignore most other publications.

                              2. 1

                                Ruby and Haskell are on opposite sides of documentation spectrum.

                                Ruby libs usually have great guide but very poor API docs, so if you want to do something outside of examples in guide, you have to look at source. Methods are usually undocumented too and it’s hard to figure out what’s available and where to look due to heavy use of include.

                                Haskell libs have descriptions of each function and type, and due to types you can be sure what function takes and what it returns. Haddock renders source docs to nice looking pages. However, usually there are no guides, getting started and high-level overviews (or guides are in the form of academic papers).

                                I wish to have best of both worlds in both languages.

                                When I started to learn Haskell, the first thing that I wanted to do for my project is to parse XML too. I used hxt and that was really hard: it’s not a standard DOM library and probably has great stream processing capabilities, and it’s based on arrows which is not easiest concept when you are writing your first Haskell code. At least hxt has decent design, I remember that XML libs from python standard library are not much easier to use. Nokigiri is probably the best XML lib ever if you don’t use gigabyte-sized XML files.

                              1. 22

                                In Norway, there is a law about Reklamasjonsrett where the place that sells you something has to offer a repair (typically through some deal with the producer) within two or five years (depending on how long the thing is expected to last, in general a court may decide this). If they don’t manage to repair it within a few tries, you have the right to get a new one.

                                The five year group includes stuff like dish washers, but court cases have also decided that e.g. cell phones may be “reklamert” for up to five years, same goes for VCR’s (an IR sensor failing after 3.5 years led to a case on that). I suspect high-end headphones would fall under the same category. However, buying it from “an ebay vendor” would put one in a worse position. There are Norwegian shops selling Jaybird headphones though …

                                Warranty time offered by seller/producer does not affect the interpretation of reklamasjonsrett (they are completely independent), and it’s enough that the product is only partially failing.

                                1. 6

                                  The UK has something like this as well, though as you might imagine all the relevant details differ. Goods must last a time ‘reasonable’ to the type of good, which unfortunately isn’t clearly defined for almost anything, leaving it up to courts to decide. The exception is that if a product breaks within the first six months after purchase, the burden of proof is on the seller to show that it wasn’t their fault, excepting some items obviously not intended to be durable. So most reputable UK-based sellers will repair/refund/replace in the first six months unless you obviously damaged the product yourself. In theory, claims can be made up to six years, but past the first six months, the burden of proof is on the customer to argue that the product was faulty and failed to last a reasonable time, and they have to take the seller to court to enforce the claim if the seller rejects it, which is pretty rare.

                                  1. 4

                                    For those interested, reklamasjonsrett translates to “reclamation right” in English. “Reclaiming” a product, unless I’m mistaken, means returning it and getting a new one.

                                    1. 4

                                      Yeah, I was a bit scared of translating a legal term … the Wikipedia page’s English link goes to https://en.wikipedia.org/wiki/Consumer_complaint which wasn’t too helpful

                                      1. 2

                                        Yes, reklamasjon seems to have a special meaning in (some of the?) the Nordic countries, but I thought it would still be interesting to know what the word means literally.

                                        1. 2

                                          From Swedish Wikipedia:

                                          Ordet reklamation härstammar från latinets reclamo och betyder “att ropa mot” eller “att protestera mot”.

                                          Rough translation:

                                          The word is from the Latin reclamo and means to “to call against”, or to “protest against”.

                                    2. 2

                                      This is true in most countries I believe. New Zealand has a similar law: the Consumer Guarantees Act. As far as I know there’s not much in the way of well-established timeframes like 2-5 years, it’s whatever is considered a reasonable timeframe by a hypothetical reasonable person, typical kind of common law stuff.

                                      And similarly, nothing at all to do with the ‘warranties’ offered by people selling stuff. Retailer warranties aren’t worth the paper they’re written on.

                                      In New Zealand if the product is faulty (partially or wholly, doesn’t matter) then you can take it back and if it’s reasonable to do so they can replace it or repair it or give you a refund, their choice. But if they repair or replace it and it is faulty again you can choose to get a refund.

                                    1. 1

                                      Sounds like a good time to finally set up my bouncer. If only there were one that had good Emacs compatibility.

                                      1. 4

                                        I just run weechat on a server and connect to the weechat relay with weechat.el. There’s a few bugs in weechat.el (e.g. nicks go out of sync) and some things missing (e.g. nick list), but that’s a small price to pay for replacing another standalone app with emacs :)

                                        1. 1

                                          I did this at the beginning but quickly switched over to ZNC because of bugs like that, the inability to have per-client history rollback, and other little details… I still use Weechat half the time on the client side though :) (I also use Textual on macOS, and Palaver on iOS).

                                        2. 1

                                          Znc is what I use with erc

                                          1. 1

                                            I’ve been trying to set this configuration up for half a year now, but I never get anything I’m satisfied with. The ZNC documentation is quite bad and confused, imo. And when I manage to set it up, even using ZNC.el it won’t work with IRCnet. Switching between multiple servers is another annoyance.

                                            But maybe I’ve just messed up somewhere.

                                          2. 1

                                            I used to use znc, seemed to work just fine with ERC.

                                            Now I use weechat (a bit more features, nice Android app), again with ERC. There is weechat.el, but I prefer ERC (connecting to what weechat calls an “irc relay”, instead of using the weechat protocol). I use https://gist.github.com/unhammer/dc7d31a51dc1782fd1f5f93da12484fb as helpers to connect to multiple servers.

                                            1. 1

                                              Ive used znc with Circe, works great

                                              1. 1

                                                What did you find in Circe that made it better than ERC or Rcirc?

                                                1. 2

                                                  In case it’s useful - I used to use ERC, and I switched to Circe long enough ago that I can’t exactly remember, but I think the issue was that I wanted to connect to both freenode and an internal IRC server at the same time, and ERC made that awkward or impossible to do. It may well have improved in the last 5 years though.

                                                  1. 2

                                                    It was easy for me to setup and use so I stick with it. Never tried those other two

                                              1. 3

                                                update-motd seems like it could be useful if it only ever showed important messages (“Please update the xeyes package immediately to avoid the EYEFORK vulnerability, see http://forkbleed.panic for more information”). Showing clickbait will quickly make people immune to reading motd, missing the real messages.

                                                1. 1

                                                  As a long-time Emacs and Magit user, I don’t use Magit to navigate the commit history, I just use git log on the command line (or git log --stat or git log -p or git flog, where 'flog' is aliased to 'log --all --decorate=short --pretty=oneline --graph'). For a single file, I tend to just git log [-p] -- src/thefile.c. I’ve tried the magit log, but I’m just more used to the shell for that.

                                                  1. 3
                                                    • Graphical Linear Algebra, by Pawel Sobocinski. With online textbooks, I normally get distracted and then forget about them, but I love the writing style here – this one has me hooked.
                                                    • Sin egen herre, by Tore Rem – a biography of author Jens Bjørneboe. Didn’t really know the author before, don’t really feel like reading more of his stuff after getting to know about his life, but it is fascinating how many weird beliefs it is possible to acquire while still being seemingly quite smart.
                                                    • Worm, by Wildbow. Addictive fun.
                                                    1. 4

                                                      These vary pretty heavily in quality. Many seem to be missing proper quoting. Use with caution.

                                                      1. 4

                                                        Use bash with caution.

                                                        1. 1

                                                          Yeah, but its the same as any script you find online, don’t run it if you don’t understand it. The benefit here is that some of the better one are explained or corrected by other users.

                                                        1. 2
                                                          • Syncthing
                                                          • nginx httpd (just static home page)
                                                          • Subsonic
                                                          • weechat!
                                                          • backups of all the other machines (home-grown script using btrfs+LUKS with snapshots; one big usb disk at home and one at my parents house rotating; has so far saved us from deleting family photos many times)

                                                          I used to have Owncloud, but got sick of having to (re-)configure the same stuff every update, and Syncthing covered my file syncing needs, while I mostly use git+emacs org-mode for my calendar (and bbdb with Syncthing for contacts).

                                                          1. 5

                                                            For websites: Firefox Sync :-) Everything that isn’t a website or is important enough to have more than 3 copies (laptop, workstation, phone) lives in a keepass file, hosted on a nextcloud instance.

                                                            1. 2

                                                              Do note that Firefox Sync has a pretty nasty security flaw: your passwords are ultimately protected by your Firefox Account password — so you need to make sure that it’s a high entropy one (like 52ICsHuwrslpDl6fbjdvtv, not like correct horse battery staple). You also need to make sure that you never log into your Firefox Account online: Mozilla serve the login UI with JavaScript, which means that they can serve you malicious JavaScript which steals your password (this is worse than a malicious browser, because someone might actually notice a malicious browser executable, but the odds of detecting a single malicious serve of a JavaScript resource are pretty much nil).

                                                              I use pass, with git-remote-gcrypt to encrypt the pass repo itself (unfortunately, pass has a security flaw in that it doesn’t encrypt filenames).

                                                              1. 2

                                                                I’m pretty sure the password isn’t used directly but derived into a crypto key using PBKDF2 on the client.

                                                                1. 3

                                                                  This does not protect you from physical access (if you ever let your computer unlocked). It took me 10 seconds to discover that firefox lets anyone see the plain password of every account.

                                                                  https://i.imgur.com/lbxmMow.png

                                                                  1. 3

                                                                    If you use a master password, you have to enter that to see the plain password in that dialog.

                                                                    1. 1

                                                                      That makes more sense.

                                                                    2. 2

                                                                      True! imho physical access should be countered with something else. Lockscreens, hard disk encryption etc.

                                                                      1. 1

                                                                        Yes, of course if there is a physical access there is no much hope left: even with ssh, if ssh-agent is running or a terminal with a recent sudo and much damage can be done.

                                                                        What did surprise me is how fast and easy it is to go straight to the password.

                                                                    3. 1

                                                                      Yes, but that doesn’t add any entropy: if your password is ‘love123,’ it’s still low-entropy, even if it’s stretched.

                                                                      Remember, too, that the client-side stretching is performed by JavaScript Mozilla delivers when you attempt to log in — as I noted, they could deliver malicious JavaScript at a whim (or under duress …).

                                                                1. 4

                                                                  An easier way to do this, for Emacs users, is to run “M-x grep” (or my preference “M-x rgrep”) and when it prompts for the query string use “C-x 8 Enter” to bring up the insert-char character prompt, where you can type (and tab complete) the Unicode name or hex code. Hit enter when you’re done and it will insert the character into the grep query string and you can continue typing the rest of the query string.

                                                                  EDIT: I misunderstood, I thought the goal was to do something like “grep λ myfiles”.

                                                                  One way to use Emacs to achieve a similar thing to what OP is actually doing is to use “M-x insert-char” (or “C-x 8 Enter”) and then use tab completion to show a list of matching Unicode names and symbols. It supports wildcard matching using *, so you can do something like “*Lambda” - Tab to bring up a list of character names with “lambda” in them. Then, when the character is inserted, use M-x describe-char to view a lot of information about it (character class, category, bidi, code point, its code in the current encoding, etc.)

                                                                  1. 1

                                                                    Or M-x counsel-unicode-char for some nice completion if you use https://github.com/abo-abo/swiper , looks like https://lists.gnu.org/archive/html/emacs-devel/2016-01/pngmRVpb5gbKs.png

                                                                  1. 4

                                                                    Pretty neat. The other nearly-universal technique is to attach gdb to the process, and repeatedly stop ask for a backtrace. Works with many interpreted languages like Python or Perl, SQL, C, etc. If you collect 5-10 samples, that’s enough to start with.

                                                                    And strace is a quick way to see if it’s blocked on a system call or e.g. repeatedly opening the same file.

                                                                    1. 9

                                                                      If you have access to DTrace, something like this will save you time:

                                                                      dtrace -n ‘profile-5 /pid==475/ { ustack(8) }’

                                                                      Prints the bottom eight calls of the stack of PID 475 every 5Hz. Adjust to taste.

                                                                      1. 6

                                                                        The gdb technique even has a website: http://poormansprofiler.org/ =D

                                                                        ( https://gist.github.com/unhammer/4e91821075c2485999eb has some handy tweaks on that for OCaml programs)