1. 7

    Should definitely be submitted to Signal and Protonmail developers. I’m using a degoogled phone here (not really by choice, never managed to install Gapps) and signal notifications are very random. (unlike Whatsapp, which are always working perfectly)

    1. 4

      Signal notifications are more or less accurate for me without Gapps.
      After a reboot I just have to open the app to get that persistent notification going and after that the notifications are usually pretty accurately timed, but yeah, 100% of the time.

      Also, by chance, are you using the apk from their website? That one downloads and updates itself without the need for Google Play. I don’t recall whether the apk from the Play store has the same functionality enabled in it or not.

      Edit: https://signal.org/android/apk/ <– link to apk with self-contained update from their website. seeing as it took me a while to find it again.

      1. 2

        Using it through Aurora store (which is a front-end to Play store). Waiting for it to reach f-droid ;-)

        1. 4

          That will either be an indefinite wait, or you can look at something like https://molly.im/download/fdroid/

          1. 8

            I wish F-Droid would publicise third-party repos more. The main reason that Signal and Firefox don’t want to distribute via F-Droid is that they want to control the rollout of security updates and don’t want to depend on F-Droid doing it for them. If they’re building APKs, it’s pretty trivial for them to push to their own repo and then people can install via F-Droid without needing any intermediaries. Actually, the thing that would make me really happy would be if the GitHub package support allowed creating F-Droid repos as well as NuGet and the handful of other things that they support now…

            1. 2

              Please told people about that. Signal, protonmail, Firefox, Tresorit are all apps that I want on my phone but I must access through Aurora store (a Google Play front-end)

        2. 1

          FYI, I don’t know why but on my last edit I removed “not” from “not 100% of the time”.

      1. 2

        Just the other day I was thinking about making a CLI password manager that utilises a mnemonic seed ala BIP39 or Electrum.

        This looks really good from what I’m reading, especially the use of modern crypto like XChaCha20-Poly1305!

        1. 6

          Huh, good read. Could apply to Muslim Driven Design too! Islam has a pretty similar system: the Qur’an, which is the unchanging literal Word of God, and the Hadith (sayings), which are collected religious instructions or examples over the centuries.

          1. 1

            They’re nothing alike. Muslim scholars until today are willing to go back to the source materials (Quran and Hadith) and revisit decisions that were previously made one way or the other in the centuries since.

            1. 12

              Maybe that is not the same. But I strongly disagree at the “they’re nothing alike” statement.

              1. 4

                That actually makes the domain even more complex.

                1. 4

                  Orthodox Judaism is much less interested in “playing the game” of halacha than Conservative and Reform Judaism, but despite the name, Orthodox Judaism is A) younger than Reform and B) much smaller. But because it is the strictest, it gets most of the attention, because if they’re satisfied everyone else is too. For the most part.

                  1. 2

                    Rereading my other comment below I think I may have forgotten to make my point, which is that at the 30,000 foot view, Judaism and Islam are doing something similar with sharia and halacha. As you get down into the details of specific movements or branches the analogy might break down.

                  2. 1

                    Holidays which are free floating around the gregorian calendar…

                    1. 1

                      Like the Christian Easter?

                      1. 2

                        Easter is always in March/April/May. The Muslim calendar doesn’t have leap years, and is lunar. Ramadaan moves quite dramatically through the seasons.

                        1. 2

                          It’s all a question of perspective.

                          The start of the month of Ramadan is between 10 and 12 days before the date of the previous year.

                          The date of Easter Sunday varies wildly from year to year:

                          Date		DoY	Diff
                          2010-04-04	94	
                          2011-04-24	114	 20
                          2012-04-08	99	-15
                          2013-03-31	90	 -9
                          2014-04-20	110	 20
                          2015-04-05	95	-15
                          2016-03-27	87	 -8
                          2017-04-16	106	 19
                          2018-04-01	91	-15
                          2019-04-21	111	 20
                          2020-04-12	103	 -8
                          2021-04-04	94	 -9
                          

                          (not surprising since the formula for Easter (Gauss’ formulation of the ancient Computus) has mods all over the place: https://en.wikipedia.org/wiki/Date_of_Easter#Gauss's_Easter_algorithm)

                          It’s true that under most jurisdictions, one cannot predict the start of the month of Ramadan in advance - it has to be observed directly. But from a year to year planning, it’s quite predictable.

                          1. 7

                            It’s true that under most jurisdictions, one cannot predict the start of the month of Ramadan in advance - it has to be observed directly.

                            as a (kind-of, not really) Muslim this also opens up an interesting can of worms, since we have the technology/math to predict the moon’s location:

                            • if a new moon is predicted to be on date X, does that mean Ramadan should start on that day?
                            • if my neighbours the next town over see the moon but I can’t because of clouds, should I follow their mosque’s proclamation or mine?
                            • does the sighting have to be with the naked eye? are telescopes okay? what about sightings in really dark places, where the moon is more visible?
                            • multiply all of the above by Should you follow proclamations by mosques in Mecca, or follow your local mosque instead? What if my local mosque uses telescopes but sightings in Mecca were done by the naked eye? etc…

                            It’s not uncommon (at least in my circle) for families to start Ramadan on different days depending on who they follow.

                  1. 6

                    Cool! Interested to see how this progresses.

                    1. 12

                      Can I just ask why anyone in their right mind would be using a command line password vault on a multi-user system where the other users aren’t implicitly trusted anyway?

                      I’m not suggesting that vendors should get carte blanche, but I also think this amounts to punishing a vendor for having taken the time and effort to make their amazing (in my opinion :) toolchain available for Linux.

                      1. 9

                        Maybe I’m just weird, but it really feels like the number of folks using Linux as their daily driver is vanishingly small, in relative terms, and the number of those folks who have multiple interactive users on a single machine is even more vanishingly small?

                        1. 4

                          I figured the fact any “user” (as in user account) that can see the CLI args can be extended to any “program” bring able to see CLI args, including malware. But in that case the malware would be your more pressing concern.

                          1. 3

                            Right, I mean, I’m not trying to minimize the problem, but maybe the framing of “any interactive user” carries less weight because to the first approximation there are no 1Password customers on machines with multiple interactive users.

                            1. 2

                              Yes I think that’s fair enough.

                        2. 4

                          Truth to be told, 99% of macOS systems are not really multi-user. I work with the command line daily and I’m the only one who pops from my macbook pro to my iMac, which features two users: me and my wife (doesn’t know/care what the CLI is).

                          The issue is real, but the impact is small(ish) IMO.

                          1. 2

                            Your question was my first thought also.

                            I stopped using 1Password because they kept pushing the subscription model harder and harder and their new stuff doesn’t let me bring my own sync. (I don’t care that much whether I buy a perpetual license or pay for a subscription… I’m keeping my password manager up-to-date anyway. But I want to keep my password database somewhere other than their servers, and they’ve been discontinuing the ability to do that as they move more users over to subscriptions.) That is what shoved me to BitWarden.

                            I was happy except for that, and this issue would not have moved that needle for me. Using their password tools on a multiuser system feels like using ssh agent forwarding on such a system. If you don’t trust the other users, you’re gonna have a bad time.

                            1. 1

                              I can totally appreciate that. I did in fact move to the hosted 1Password subscription service, but only because to be honest I purposefully maintain my personal computing life in such a way that it’s sufficiently ‘low stakes’ that even a full on vault compromise would be annoying at best and in no way catastrophic.

                              That said I COMPLETELY understand why someone might not be comfortable with that, or the new subscription model. I’m actually pretty happy with it because we use the ‘family’ sub and my wife and I can share passwords and the like with a single click.

                            2. 2

                              IMHO the biggest and most important problem, even more important than the potential leakage of secrets (which, at the end of the day, is deemed acceptable or not in terms of a threat model, not in absolute terms) is that this isn’t more prominently documented. It’s an unusual choice (most CLI utils don’t use this method for passing secrets) so a lot of users probably don’t even spend much time thinking about its consequences, as they never had to do it before.

                              Other than that, I think it’s simply a problem of unnecessarily introducing yet another leakage mechanism (well, several, actually), even among applications running on machines that are effectively single-user. While there are certainly bigger fish to fry, even moderately smart malware can get along just fine on nothing but smelt.

                            1. 12

                              Yes, cat | grep is a “useless use of cat”, but it allows me to quickly change the grep regex, which is much more annoying if I have to navigate past the filename first.

                              1. 8

                                I agree, and I think it’s kind of stupid to try to avoid cat outside of scripts, but that said, there is a way to solve this specific problem:

                                <file grep regex
                                
                                1. 1

                                  That’s cool. I think I’ve read about this shell syntax before in man pages but never saw the use for it. Now I do!

                                  1. 1

                                    I’ve always liked that syntax, especially if you have a redirection at the end of a follow-on pipeline (<foo | bar >baz ) but it can break in bash with some shell constructs in the pipeline (some uses of while)

                                    1. 2

                                      I think you mean

                                      <foo bar | baz >qux
                                      

                                      I too find this pattern useful, specifically for troff pipelines.

                                  2. 4

                                    “Useless use of cat” is usually bad advice, anyhow.

                                    As far as I can tell, it only matters for performance-sensitive scripts. If someone’s just hacking around on the command line, cat ... | ... is extremely useful since it allows quick switching out of inputs. Let’s say I’ve got some_expensive_script.sh | ... – better to capture the output to a file, run cat output.txt | ... and build up the pipeline until it works, then swap back in the expensive script call when I’m ready.

                                    (Also, I very often end up accidentally writing < output.txt | grep ... because I forget to delete the pipe, and so grep gets nothing! This leads to a great deal of frustrated debugging until I notice it. Best to just keep it a pipeline while developing rather than adhering to some random internet person’s notions of terminal purity.)

                                  1. 3

                                    Goddammit I’ve had this idea for a while just no time to implement it or test it out. WSL seemed to me like relatively untapped potential for loading malware and payloads - not sure if that’s true though, this is just the first I’ve seen of it.

                                    Edit: let this be a lesson (to myself mostly). If you have a potentially good idea just work on it then and there I guess. Don’t let it be pushed to the corners of your mind.

                                    1. 6

                                      Something something we’re the real meta-GANs.

                                      1. 3

                                        everything is supervised learning eventually

                                        1. 3

                                          Sometimes late at night I look deeply into my own eyes in the mirror. And sometimes.. just sometimes, my pupils aren’t regular. O_o

                                          1. 2

                                            the jig is up, please submit yourself to the GPU cluster for retraining!

                                        1. 35

                                          return err is almost always the wrong thing to do. Instead of:

                                          if err := foo(); err != nil {
                                          	return err
                                          }
                                          

                                          Write:

                                          if err := foo(); err != nil {
                                          	return fmt.Errorf("fooing: %w", err)
                                          }
                                          

                                          Yes, this is even more verbose, but doing this is what makes error messages actually useful. Deciding what to put in the error message requires meaningful thought and cannot be adequately automated. Furthermore, stack traces are not adequate context for user-facing, non-programming errors. They are verbose, leak implementation details, are disrupted by any form of indirection or concurrency, etc.

                                          Even with proper context, lots of error paths like this is potentially a code smell. It means you probably have broader error strategy problems. I’d try to give some advice on how to improve the code the author provided, but it is too abstract in order to provide any useful insights.

                                          1. 18

                                            I disagree on a higher level. What we really want is a stacktrace so we know where the error originated, not manually dispensed breadcrumbs…

                                            1. 32

                                              maybe you do, but I prefer an error chain that was designed. A Go program rarely has just one stack, because every goroutine is its own stack. Having the trace of just that one stack isn’t really a statement of the program as a whole since there’s many stacks, not one. Additionally, stack traces omit the parameters to the functions at each frame, which means that understanding the error means starting with your stack trace, and then bouncing all over your code and reading the code and running it in your head in order to understand your stack trace. This is even more annoying if you’re looking at an error several days later in a heterogeneous environment where you may need the additional complication of having to figure out which version of the code was running when that trace originated. Or you could just have an error like “failed to create a room: unable to reserve room in database ‘database-name’: request timed out” or something similar. Additionally, hand-crafted error chains have the effect that they are often much easier to understand for people who operate but don’t author something; they may have never seen the code before, so understanding what a stack trace means exactly may be difficult for them, especially if they’re not familiar with the language.

                                              1. 6

                                                I dunno. Erlang and related languages give you back a stack trace (with parameters) in concurrently running processes no problem

                                                1. 5

                                                  It’s been ages since I wrote Erlang, but I remember that back then I rarely wanted a stack trace. My stack were typically 1-2 levels deep: each process had a single function that dispatched messages and did a small amount of work in each one. The thing that I wanted was the state of the process that had sent the unexpected message. I ended up with some debugging modes that attached the PID of the sending process and some other information so that I could reconstruct the state at the point where the problem occurred. This is almost the same situation as Go, where you don’t want the stack trace of the goroutine, you want to capture a stack trace of the program at the point where a goroutine was created and inspect that at the point where the goroutine failed.

                                                  This isn’t specific to concurrent programs, though it is more common there, it’s similar for anything written in a dataflow / pipeline style. For example, when I’m debugging something in clang’s IR generation I often wish I could go back and see what had caused that particular AST node to be constructed during parsing or semantic analysis. I can’t because all of the state associated with that stack is long gone.

                                              2. 10

                                                FWIW, I wrote a helper that adds tracing information.

                                                I sort of have two minds about this. On the one hand, yeah, computers are good at tracking stack traces, why are we adding them manually and sporadically? OTOH, it’s nice that you can decide if you want the traces or not and it gives you the ability to do higher level things like using errors as response codes and whatnot.

                                                The thing that I have read about in Zig that I wish Go had is an error trace which is different from the stack trace, which shows how the error was created, not the how the error propagates back to the execution error boundary which is not very interesting in most scenarios.

                                                1. 7

                                                  The nice thing about those error traces is that they end where the stack trace begins, so it’s seamless to the point that you don’t even need to know that they are a thing, you just get exactly the information that otherwise you would be manually looking for.

                                                2. 8

                                                  In a multiprocess system that’s exchanging messages: which stack?

                                                  1. 2

                                                    see: erlang

                                                  2. 5

                                                    You don’t want stack traces; you want to know what went wrong.

                                                    A stack trace can suggest what may have gone wrong, but an error message that declares exactly what went wrong is far more valuable, no?

                                                    1. 8

                                                      An error message is easy, we already have that: “i/o timeout”. A stack trace tells me the exact code path that lead to that error. Building up a string of breadcrumbs that led to that timeout is just a poorly implemented, ad-hoc stack trace.

                                                      1. 5

                                                        Indeed and I wouldn’t argue with that. I love a good stack trace, but I find they’re often relied upon in lieu of useful error messages and I think that’s a problem.

                                                        1. 2

                                                          Building up a string of breadcrumbs that led to that timeout is just a poorly implemented, ad-hoc stack trace.

                                                          That’s a bit of an over-generalization. A stack trace is inherently a story about the construction of the program that originated the error, while an error chain is a story about the events that led to an error. A stack trace can’t tell you what went wrong if you don’t have access to the program’s source code in the way that a hand crafted error chain can. A stack trace is more about where an error occurred, while an error chain is more about why an error occurred. I think they’re much more distinct than you are suggesting.

                                                          and of course, if people are just bubbling up errors without wrapping them, yeah you’re going to have a bad time, but I think attacking that case is like suggesting that every language that has exceptions encourages Pokémon exception handling. That’s a bad exception-handling pattern, but I don’t think that the possibility of this pattern is a fair indictment of exceptions generally. Meanwhile you’re using examples of bad error handling practices that are not usually employed by Go programmers with more than a few weeks experience to indict the entire paradigm.

                                                      2. 4

                                                        Stack traces are expensive to compute and inappropriate to display to most users. Also, errors aren’t exceptions.

                                                        1. 1

                                                          That’s why Swift throws errors instead. Exceptions immediately abort the program.

                                                        2. 3

                                                          What really is the “origin” of an error? Isn’t that somewhat arbitrary? If the error comes from a system call, isn’t the origin deeper in the kernel somewhere? What if you call in to a remote, 3rd party service. Do you want the client to get the stack trace with references to the service’s private code? If you’re using an interface, presumably the purpose is to abstract over the specific implementation. Maybe the stack trace should be truncated at the boundary like a kernel call or API call?

                                                          Stack traces are inherently an encapsulation violation. They can be useful for debugging your internals, but they are an anti-feature for your users debugging their own system. If your user sees a stack trace, that means your program is bugged, not theirs.

                                                          1. 5

                                                            I get a line of logging output: error: i/o timeout. What do I do with that? With Ruby, I get a stack trace which tells me exactly where the timeout came from, giving me a huge lead on debugging the issue.

                                                            1. 5

                                                              I get a line of logging output: error: i/o timeout. What do I do with that?

                                                              Well, that’s a problem you fix by annotating your errors properly. You don’t need stack traces.

                                                              1. 3

                                                                When your Ruby service returns an HTTP 500, do you send me the stack trace in the response body? What do I do with that?

                                                                Go will produce stack traces on panics as well, but that’s precisely the point here: these are two different things. Panics capture stack traces as a “better than nothing” breadcrumb trail for when the programmer has failed to account for a possibility. They are for producers of code, not consumers of it.

                                                              2. 2

                                                                There’s definitely competing needs between different audiences and environments here.

                                                                A non-technical end user doesn’t want to see anything past “something went wrong on our end, but we’re aware of it”. Well, they don’t even want to see that.

                                                                A developer wants to see the entire stack trace, or at least have it available. They probably only care about frames in their own code at first, and maybe will want to delve into library code if the error truly doesn’t seem to come from their code or is hard to understand in the first place.

                                                                A technical end user might want to see something in-between: they don’t want to see “something was wrong”. They might not even want to see solely the outer error of “something went wrong while persisting data” if the root cause was “I couldn’t reach this host”, because the latter is something they could actually debug within their environment.

                                                            2. 9

                                                              This is one reason I haven’t gone back to Go since university - There’s no right way to do anything. I think I’ve seen a thousand different right ways to return errors.

                                                              1. 9

                                                                Lots of pundits say lots of stuff. One good way to learn good patterns (I won’t call them “right”), is to look at real code by experienced Go developers. For instance, if you look at https://github.com/tailscale/tailscale you’ll find pervasive use of fmt.Errorf. One thing you might not see – at least not without careful study – is how to handle code with lots of error paths. That is by it’s very nature harder to see because you have to read and understand what the code is trying to do and what has to happen when something goes wrong in that specific situation.

                                                                1. 6

                                                                  there is a right way to do most things; but it takes some context and understanding for why.

                                                                  the mistake is thinking go is approachable for beginners; it’s not.

                                                                  go is an ergonomic joy for people that spend a lot of time investing in it, or bring a ton of context from other languages.

                                                                  for beginners with little context, it is definitely a mess.

                                                                  1. 9

                                                                    I thought Go was for beginners, because Rob Pike doesn’t trust programmers to be good.

                                                                    1. 18

                                                                      I’d assume that Rob Pike, an industry veteran, probably has excellent insight into precisely how good the average programmer at Google is, and what kind of language will enable them to be productive at the stuff Google makes. If this makes programming languages connaisseurs sad, that’s not his problem.

                                                                      1. 9

                                                                        Here’s the actual quote:

                                                                        The key point here is our programmers are Googlers, they’re not researchers. They’re typically, fairly young, fresh out of school, probably learned Java, maybe learned C or C++, probably learned Python. They’re not capable of understanding a brilliant language but we want to use them to build good software. So, the language that we give them has to be easy for them to understand and easy to adopt.

                                                                        So I have to wonder who is capable of understanding a “brilliant language” …

                                                                        1. 8

                                                                          So I have to wonder who is capable of understanding a “brilliant language” …

                                                                          Many people. They don’t work at Google at an entry-level capacity, that’s all.

                                                                          There’s a subtle fallacy at work here - Google makes a lot of money, so Google can afford to employ smart people (like Rob Pike!) It does not follow that everyone who works at Google is, on average, smarter than anyone else.

                                                                          (edited to include quote)

                                                                          1. 8

                                                                            Let’s say concretely we are talking about OCaml. Surely entry-level Googlers are capable of understanding OCaml. Jane Street teaches it to all new hires (devs or not) in a two-week bootcamp. I’ve heard stories of people quickly becoming productive in Elm too.

                                                                            The real meaning of that quote is not ‘entry-level Googlers are not capable of it’, it’s ‘We don’t trust them with it’ and ‘We’re not willing to invest in training them in it’. They want people to start banging out code almost instantly, not take some time to ramp up.

                                                                            1. 8

                                                                              Let’s say concretely we are talking about OCaml. Surely entry-level Googlers are capable of understanding OCaml. Jane Street teaches it to all new hires (devs or not) in a two-week bootcamp.

                                                                              I suspect that Jane Street’s hiring selects for people who are capable of understanding OCaml; I guarantee that the inverse happens and applicants interested in OCaml self select for careers at Jane Street, just like Erlang-ers used to flock towards Ericsson.

                                                                              Google has two orders of magnitude more employees than Jane Street. It needs a much bigger funnel and is likely far less selective in hiring. Go is “the law of large numbers” manifest as a programming language. That’s not necessarily bad, just something that is important for a massive software company and far less important for small boutiques.

                                                                              1. 2

                                                                                applicants interested in OCaml self select for careers at Jane Street,

                                                                                As I said, they teach it to all hires, including non-devs.

                                                                                Google has two orders of magnitude more employees than Jane Street. It needs a much bigger funnel and is likely far less selective in hiring

                                                                                Surely though, they are not so loose that they hire Tom Dick and Harry off the street. Why don’t we actually look at an actual listing and check? E.g. https://careers.google.com/jobs/results/115367821606560454-software-developer-intern-bachelors-summer-2022/

                                                                                Job title: Software Developer Intern, Bachelors, Summer 2022 (not exactly senior level)

                                                                                Minimum qualifications:

                                                                                Pursuing a Bachelor’s degree program or post secondary or training experience with a focus on subjects in software development or other technical related field. Experience in Software Development and coding in a general purpose programming language. Experience coding in two of C, C++, Java, JavaScript, Python or similar.

                                                                                I’m sorry but there’s no way I’m believing that these candidates would be capable of learning Go but not OCaml (e.g.). It’s not about their capability, it’s about what Google wants to invest in them. Another reply even openly admits this! https://lobste.rs/s/yjvmlh/go_ing_insane_part_one_endless_error#c_s3peh9

                                                                                1. 2

                                                                                  And I remember when Google would require at minimum a Masters Degree before hiring.

                                                                                  1. 1

                                                                                    I had a master’s degree in engineering (though not in CS) and I couldn’t code my way out of a paper bag when I graduated. Thankfully no-one cared in Dot Com Bubble 1.0!

                                                                                2. 3

                                                                                  They want people to start banging out code almost instantly, not take some time to ramp up.

                                                                                  Yes, and? The commodification of software developers is a well-known trend (and goal) of most companies. When your assets are basically servers, intangible assets like software and patents, and the people required to keep the stuff running, you naturally try to lower the costs of hiring and paying salary, just like you try to have faster servers and more efficient code.

                                                                                  People are mad at Rob Pike, but he just made a language for Google. It’s not his fault the rest of the industry thought “OMG this is the bee’s knees, let’s GO!” and adopted it widely.

                                                                                  1. 1

                                                                                    Yes, I agree that the commodification of software developers is prevalent today. And we can all see the result, the profession is in dire straits–hard to hire because of bonkers interview practices, hard to keep people because management refuses to compensate them properly, and cranking out bugs like no tomorrow.

                                                                                  2. 2

                                                                                    on the contrary, google provides a ton of ramp up time for new hires because getting to grips with all the internal infrastructure takes a while (the language is the least part of it). indeed, when I joined a standard part of the orientation lecture was that whatever our experience level was, we should not expect to be productive any time soon.

                                                                                    what go (which I do not use very much) might be optimising for is a certain straightforwardness and uniformity in the code base, so that engineers can move between projects without having to learn essentially a new DSL every time they do.

                                                                                    1. 1

                                                                                      You may have a misconception that good programming languages force people to ‘essentially learn a new DSL’ in every project. In any case, as you yourself said, the language is the least part of the ramp-up of a new project, so even if that bit were true, it’s still optimizing for the wrong thing.

                                                                                      1. 1

                                                                                        no, you misunderstood what i was getting at. i was saying that go was optimisng for straightforwardness and uniformity so that there would be less chance of complex projects evolving their own way of doing things, not that better languages would force people to invent their own DSLs per project.

                                                                                        also the ramp-up time i was referring to was for new hires; a lot of google’s internal libraries and services are pretty consistently used across projects (and even languages via bindings and RPC) so changing teams requires a lot less ramp up than joining google in the first place.

                                                                                        1. 1

                                                                                          i was saying that go was optimisng for straightforwardness and uniformity so that there would be less chance of complex projects evolving their own way of doing things,

                                                                                          Again, the chances of that happening are not really as great as the Go people seem to be afraid it is, provided we are talking about a reasonable, good language. So let’s say we leave out Haskell or Clojure. The fear of language-enabled complexity seems pretty overblown to me. Especially considering the effort put into the response, creating an entirely new language and surrounding ecosystem.

                                                                            2. 9

                                                                              No, Rob observed, correctly, that in an organization of 10,000 programmers, the skill level trends towards the mean. And so if you’re designing a language for this environment, you have to keep that in mind.

                                                                              1. 4

                                                                                it’s not just that. It’s a language that has to reconcile the reality that skill level trends toward the mean, with the fact that the way that google interviews incurs a selection/survival bias towards very junior programmers who think they are the shit, and thus are very dangerous with the wrong type of power.

                                                                                1. 4

                                                                                  As I get older and become, presumably, a better programmer, it really does occur to me just how bad I was for how long. I think because I learned how to program as a second grader, I didn’t get how much of a factor “it’s neat he can do it all” was in my self-assessment. I was pretty bad, but since I was being compared to the other kids who did zero programming, it didn’t matter that objectively I was quite awful, and I thought I was hot shit.

                                                                                2. 4

                                                                                  Right! But the cargo-cult mentality of the industry meant that a language designed to facilitate the commodification of software development for a huge, singular organization escaped and was inflicted on the rest of us.

                                                                                  1. 4

                                                                                    But let’s be real for a moment:

                                                                                    a language designed to facilitate the commodification of software development

                                                                                    This is what matters.

                                                                                    It doesn’t matter if you work for a company of 12 or 120,000: if you are paid to program – that is, you are not a founder – the people who sign your paychecks are absolutely doing everything within their power to make you and your coworkers just cogs in the machine.

                                                                                    So I don’t think this is a case of “the little fish copying what big bad Google does” as much as it is an essential quality of being a software developer.

                                                                                    1. 1

                                                                                      Thank you, yes. But also, the cargo cult mentality is real.

                                                                                3. 2

                                                                                  Go is for compilers, because Google builds a billion lines a day.

                                                                            3. 2

                                                                              return errors.Wrapf(err, "fooing %s", bar) is a bit nicer.

                                                                              1. 13

                                                                                That uses the non-standard errors package and has been obsolete since 1.13: https://stackoverflow.com/questions/61933650/whats-the-difference-between-errors-wrapf-errors-errorf-and-fmt-errorf

                                                                                1. 1

                                                                                  Thanks, that’s good to know.

                                                                                2. 8

                                                                                  return fmt.Errorf("fooing %s %w", bar, err) is idiomatic.

                                                                                  1. 8

                                                                                    Very small tweak: normally you’d include a colon between the current message and the %w, to separate error messages in the chain, like so:

                                                                                    return fmt.Errorf("fooing %s: %w", bar, err)
                                                                                    
                                                                                3. 1

                                                                                  It makes error messages useful but if it returns a modified err then I can’t catch it further up with if err == someErr, correct?

                                                                                  1. 2

                                                                                    You can use errors.Is to check wrapped errors - https://pkg.go.dev/errors#Is

                                                                                    Is unwraps its first argument sequentially looking for an error that matches the second. It reports whether it finds a match. It should be used in preference to simple equality checks

                                                                                    1. 2

                                                                                      Thanks! I actually didn’t know about that.

                                                                                    2. 2

                                                                                      Yes, but you can use errors.Is and errors.As to solve that problem. These use errors.Unwrap under the hood. This error chaining mechanism was introduced in Go 1.13 after being incubated in the “errors” package for a long while before that. See https://go.dev/blog/go1.13-errors for details.

                                                                                  1. 1

                                                                                    I absolutely love reading write-ups like these!

                                                                                    1. 3

                                                                                      Anyone else feel the colored shadow is just a tad too bright of a blue? Could just be my personal taste (or my screen) but it still looks like glow effect in the final style.

                                                                                      1. 1

                                                                                        Doesn’t actually explain what A/UX is. 🤷🏻‍♂️ I guess we are suppose to know.

                                                                                        1. 3

                                                                                          So many things here reuse old names of old projects and I always feel like im at fault for knowing Scala is some pre PowerPoint app for the Amiga.

                                                                                          Anyway I guess I should write something about the OS X of the 1980s, when System 6 and 7 were decapitated and put on top of Unix System Vr2.

                                                                                            1. 2

                                                                                              Purely by the name I assumed it was an old Unix machine or OS (I have vaguely heard of HP-UX and it sort of sounds like that). I guess I spend way too much time here or something.

                                                                                              1. 1

                                                                                                https://virtuallyfun.com/wordpress/2021/09/19/so-what-is-the-deal-with-a-ux-anyways/

                                                                                                I added some stuff about ‘big mac’ the next departure, the lawsuits and didn’t want to make it all next but a few version tours of A/UX, and thoughts on the identity crissis.

                                                                                              1. 10

                                                                                                sudo deprecation

                                                                                                Favouring doas over sudo in a mainstream Linux distro? Wow! I haven’t been following the Alpine space for a while now, this is quite the surprise, a welcome one at that.

                                                                                                1. 2

                                                                                                  I dunno if using musl as a libc qualifies a distro as “mainstream”…

                                                                                                  1. 4

                                                                                                    I consider it “mainstream” purely because of it’s massive popularity in Docker containers. It’s probably the most popular OS to use musl anyways. I do understand what you’re getting at though.

                                                                                                    I wasn’t necessarily speaking of it as a mainstream desktop-oriented OS (though I have used it for that before and it was quite fine at handling that).

                                                                                                    1. 4

                                                                                                      Heh. Well I don’t have numbers but I’d expect the “marketshare” of Alpine as a daily driver (as opposed to being in a container) is on par with OpenBSD, where doas originated :D

                                                                                                1. 10

                                                                                                  Zulip is open source, self-hostable, and is already used by many open source projects:

                                                                                                  https://zulip.com/

                                                                                                  https://github.com/zulip

                                                                                                  1. 4

                                                                                                    I’ve heard of Zulip but never actually bothered to visit their website. Seems cool, but looks to be a Slack alternative rather than a Discord alternative.

                                                                                                    To some there is no difference. But to me personally Discord exudes a more casual laid-back energy. If that.. Makes any sense.

                                                                                                  1. 1

                                                                                                    Neat! I’ve experimented with similar stuff in OpenBSD vmd VMs + X11 forwarding + Xephyr. Which reminds me, i should probably write that up at some point.

                                                                                                    1. 3

                                                                                                      I make use of this feature! Though, since I don’t visit many mainstream sites I don’t need to use it that often.

                                                                                                      It’s probably my favourite “niche”-ish browser feature out of them all to be honest. When I do I need it, either due to terrible design/typography choices, or because of the cookie pop ups, I’m always relieved that it exists.

                                                                                                      1. 42

                                                                                                        Of course it requires apt! Because not only we all run Linux, be we all run a specific distribution of Linux with a specific package manager.

                                                                                                        I feel like we’re just skipping over the elephant in the makefile here. Why the hell is a Makefile running apt install in the first place?

                                                                                                        1. 3

                                                                                                          Why not? It’s ensuring the dependencies are in place.

                                                                                                          1. 30

                                                                                                            It’s rather unconventional for the build step to be doing systems-wide changes. Having an additional recipe, e.g. make deps, which handled installing the dependencies and could be optionally ran would be reasonable, but historically and conventionally make by itself handles the build step for the application, and just the build step.

                                                                                                            1. 8

                                                                                                              In this particular case, a lot of the “build dependencies” aren’t even that: they’re cross-build dependencies, e.g. if you want to create an ARM binary on your amd64 machine. You probably don’t want to do that when you’re compiling it for just yourself though.

                                                                                                              I’m not sure if any of those dependencies are needed actually, it installs the SQLite3 headers, but the go-sqlite3 package already includes these and shouldn’t be needed. The only thing you should need is a C compiler (which I assume is included in the build-essential package?)

                                                                                                              None of this may be immediately obvious if you’re not very familiar with Go and/or compiling things in general; it’s adding a lot of needless friction.

                                                                                                              That Makefile does a number of other weird things: it runs the clean target on the build for example, which deletes far more than you’d might expect such as DB, config, log files, and a number of other things. That, much more than the apt-get usage, seems a big 😬 to me. It can really destroy people’s data.

                                                                                                              1. 2

                                                                                                                Having an additional recipe, e.g. make deps, which handled installing the dependencies and could be optionally ran would be reasonable

                                                                                                                That’s what I meant, it’s a reasonable way of running apt within make. Didn’t mean as a default procedure when running make.

                                                                                                                EDIT: I know that historically and conventionally make doesn’t do that, but, you know, it’s two lines, it’s about getting dependencies required for building… I don’t think it’s that much of a flex.

                                                                                                                1. 3

                                                                                                                  Oh yeah, definitely. If it’s there just not the default, that’s great and I’d totally +1 it. It’s handy!

                                                                                                                  Just please no system-wide changes by running just make :(

                                                                                                              2. 3

                                                                                                                It only does that on one particular flavor of Linux. Even if we ignore BSDs, not everyone is Debian-derived.

                                                                                                                1. 1

                                                                                                                  Is it typically the job of a Makefile to evaluate dependencies (maybe) and install them (maybe not typically)?

                                                                                                              1. 2

                                                                                                                Quite frankly I’ve never needed to use xargs. For some of the examples here, using find with -exec is enough for me.

                                                                                                                It’s quite a good idea for a program, and I can see where it would be useful, but I’ve just never needed to use it personally.

                                                                                                                Edit: I just realised this exact thing was touched on in the article itself. xargs can be faster than find -exec.

                                                                                                                1. 2

                                                                                                                  I was the “user asked why you would use find | xargs rather than find -exec” and the article ignores the rest of that comment thread where we pointed out that find supports batching the pathnames in that command and is not necessarily slower than xargs.

                                                                                                                  1. 1

                                                                                                                    The article mentions find -exec + and mentions the compositionality of xargs.

                                                                                                                    1. 1

                                                                                                                      Thanks. I figured there was more to it.
                                                                                                                      For the record, I’m still a die hard find -exec user.

                                                                                                                  1. 1

                                                                                                                    I think chrome[ium] has this feature. At least the dev version of Chrome does. A little icon pops up for me in the URL bar that let’s me generate a QR code from the URL.

                                                                                                                    1. 4

                                                                                                                      I used to use m4 for generating my static site. Then when I went to write a blog post about m4, featuring m4 code snippets, it (understandably) started replacing the macros. It was hell to find a work around. I remember most of what I tried worked almost well enough with some odd exception. I ended up giving up on it eventually.