Kind offer thank you, but it’s okay. They will eventually come up with a solution no doubt. I’m sure if I feel the urge to replay this, it’ll work in a VM of appropriate vintage.
Bonjour is Apple’s implementation of mDNS to find other services in the local network. XEP-0174 uses it for chat, but that’s not part of Bonjour itself nor was it developed by Apple as far as I can tell.
Ok I typed that badly formulated.
The bonjour pidgin implementation (yes pidgin calls the messaging bonjour https://pidgin.im/help/protocols/bonjour/) is using the bonjour/zeroconf specification to offer a serverless XMPP implementation without need for accounts.
Rereading my original message I see how it is badly formulated (to put it mildly) so thank you for your correction. Was/am a bit sleep deprived
Arithmetic coding is mentioned so I suppose it’s using context modeling. I think the language model generates a sequence of bytes (a token converted to unicode), and that is interpreted as per-bit probability predictions. So based on the bits compressed so far (the “context”), the model outputs a prediction of the probability of the next bit being one. This prediction is used to help the arithmetic coder to compress the input better. If the prediction is wrong, the data will be still losslessly compressed, just with a worse compression ratio.
Context modeling compression (not sure what’s the right term) is a really cool method because you can just conjure up all kinds of weird predictors and if they work, you get better compression. Note that the decompressor must be able compute exactly the same predictions though.
It’s lossless, but some models have different trade off. rwkv_169M_q8 is slower but works on GPU and give consistent results. You can use other models, like llama based ones, and they accept cuda for a speed up, but then you can only decompress things using the same combination of model + GPU + software version.
Maybe I’m blind, but that page doesn’t really say anything about whether ts_zip (and by extension ts_sms) is lossless or not. The only bit that alludes to lossyness is “and hopefully decompress”, which I indeed interpret to mean that it is lossy.
No, determinism not enough. If two or more inputs compress to the exact same output, then the compression is lossy and not fully reversible. In other words, the compression function must be Injective to be lossless.
The normal way of turning a lossy compression scheme into a lossless one is to compress, decompress, and then encode the delta somehow. Generally, the delta is much smaller than the original input and so can be stored uncompressed, though there are better techniques that compress it (you can also nest this process, applying a lossy compression scheme to the deltas and then storing the deltas of deltas).
A lossy compression scheme is never infective, by definition: it discards information, so two similar (within whatever state space the encode uses) inputs will give the same output. This doesn’t matter, it just means that, if A and B map to the same compressed then decompressed C that you need to store A-C and B-C to be able to decompress A and B. And hopefully this is smaller than the size difference between A and C or B and C.
Interesting, that was very informative, as always.
One question comes to mind (with the caveat that I’m no expert in either encryption or LLMs): Given that LLMs predict the next token in part dependent on previously outputted tokens, it seems to me that there is a chance that one wrongly predicted token early in an output stream could lead to divergent results. Given that we have to store a delta, is it possible that the compressed data (with delta) could actually be larger than the uncompressed data?
For instance, I could have compressed the string “The quick black rabbit leaps above the sleeping cat”. Let’s say that the decompression results in a string that starts with “The quick”. The LLM determines that the most likely next word is “brown”, which might be fine if that was all that was different from the original string, but seeing “The quick brown”, it might determine that the most likely next word is “fox” instead of “rabbit”, etc. The result would be something that decompresses to “The quick brown fox jumps over the lazy dog” and contains deltas for all words except the first two, and which would likely take up more space than the original input.
I’m wondering whether it would be possible to construct such an adversarial input for ts_sms and ts_zip…
❯ ./ts_sms c "TIL about ts_sms, an LLM based compression system for short text messages (like tweets)."
夋鷦네樇䶙邁㟪䤣䎧随捋㜁駊
❯ ./ts_sms d 夋鷦네樇䶙邁㟪䤣䎧随捋㜁駊
TIL about ts_sms, an LLM based compression system for short text messages (like tweets).
And:
>>> len("TIL about ts_sms, an LLM based compression system for short text messages (like tweets).".encode('ascii'))
88
>>> len("夋鷦네樇䶙邁㟪䤣䎧随捋㜁駊".encode('utf8'))
39
According to ChatGPT:
The text appears to be a sequence of Chinese characters mixed with Hangul (Korean script). However, as written, it seems nonsensical or encoded and doesn’t form a coherent phrase in either language.
I wasn’t aware of hammett as an alternative to pytest. Nearly every code base I’ve ever worked on that uses pytest takes seconds just to perform initial test collection.
With all the exciting stuff going on in Python tooling right now with things like ruff, uv & pydantic being written in Rust I do wonder if anyone will take a swing a writing a fast test framework. (Though perhaps this kind of stuff os fundamentally limited by the speed of Python)
You can speed up test collection and planning by writing the test runner in a faster language.
But test execution cannot be sped up without making a faster Python implementation, and on top of that, you won’t make slow tests fast as it’s just not your code.
In my experience my posts tend to end up here anyways, so I submit them myself so I can actually get notifications on people’s replies.
Indeed, I found this entire site through digging through post backlinks.
Additionally, since this site is my main source for tech news/blogposts, I don’t generally have anything new to contribute besides my own work.
I could just post my work elsewhere then wait for someone else to post it here, but then I would have no way to receive notifications about people’s comments on my work, and interacting with this community would become much more difficult.
also, the relevant line:
As a rule of thumb, self-promo should be less than a quarter of one’s stories and comments.
says stories and comments. I’m definitely making a lot more than 3 comments per self-submitted post, so i’m not even sure what rule i would be violating?
I don’t think anyone in this community would have seen this post and considered it worth submitting here. Treating this site as your personal comment section for all your content is just rude.
yeah, my reaction also was “that post seems odd” -> “oh, its a self-submission” -> “oh, of course its someone who just submits all their blogposts and nothing else :/”
If you submit a lot of your own posts, your standard for what to submit should be high. And few people actually write that many great posts.
You could use webmention on your blog. Lobsters support that, and it’s not hard to support. I do, with a CGI script that just makes a few sanity checks on the resulting POST request, then emails me the results.
Each blog post I make has <link rel="webmention" href="URL-of-CGI"> which points to the script. The resulting POST request has two parameters, source, which is the URL of the page linking to your page and target, which is the URL of the page being linked to.
Two issues: 1) it’s tied to my blogging engine, which is in C, and 2) the script itself is in C. If you still are interested, I can email you the source.
if an actual moderator wants to tell me that i’m misinterpreting the rules, and that interacting with almost every single comment on all my submitted stories isn’t enough, then i guess i’ll have to adjust my behavior, by all means, but until then..
It is fairly common here for the community to point out that we have a roughly 1/3 rule* regarding engagement between authored submissions and others. That is before pushcx starts banning your domain (Ctrl + F “self-promo” and “take a break”).
I have no horse in this race but 4 links to your own site in 14 days feels definitely like something others got banned for. And I feel like it would be unjust to accept it here just because others might submit your stories anyway. Because that is actually what is usually recommended: Let others submit your blog on their own, which makes sure it is not just blatant self promotion. Though we might have a conflict of interest here looking at the invite tree?
The part about notifications sounds like we might instead want an additional feature to subscribe to all comments on a submission - or simply all new entries for a specific domain.
Again - my gut feeling is simply that it would be unfair to allow it here but punish for this otherwise.
* It’s blurry because the exact moment people feel like you’re just engaging to self-promo / drive your agenda is blurry too.
The part about notifications sounds like we might instead want an additional feature to subscribe to all comments on a submission - or simply all new entries for a specific domain.
I would love this. I see a lot of submissions that are interesting, and I’m curious what people think about them, but they don’t have any comments yet. I tend to keep these stories open in a tab and refresh them periodically, but it would be great if there were a “watch” feature that would just notify me of any new comments on the submission.
Please clarify your rules. I cannot follow what I do not understand.
My interpretation was that as long as I was actually meaningful engaging with the community on self-submissions, it is fine. (specifically the phrasing of “write only” gave me that impression, if I’m reading everyone’s replies, how can I be treating it as “write only”?)
However, the interpretation I’ve seen in this thread is that replies on self promo stories are themselves self promotion. This would mean that engaging with people’s comments on my work would actually make things worse. This seems like a weird policy to have if you want to incentivize interaction, so therefore I would assume it is not correct.
One possible interpretation is that these replies are neutral, which would make more sense, however there is nothing in the wording to suggest that is the case.
I’ve made plenty of comments on other stories, perhaps even enough to satisfy the 2/3 rule under the most pessimistic interpretation.
or perhaps it’s not about the ratio, but just the raw frequency?
I could just stop submitting my own work, but that would make it very difficult to actually engage with the community w.r.t. my own work!
maybe this should just be implemented in code, anyways? I’d much rather I’d just gotten a “you are submitting too much of your own work as a new user, please slow down” pop-up instead of reading the same 3 sentences over and over trying to figure out what precisely they mean.
Yes, I would also expect to see less than a quarter of your comments on your own self-promo. Lots of people read /active and comments contribute to story score, so comments on one’s own stories are also seen as part of self-promo. The point of this one-quarter guideline is that it is very easy to reach if someone sees Lobsters as a forum they are part of rather than a traffic source with some occasional commenting chores.
The previous attempt at a simple code solution had a too-high false positive rate and I’m currently working on new features. So I appreciate your questions and I’m taking them into account as I continue this work. In ~45m I’ll be streaming office hours that’ll include that work, but to set expectations, it’ll be an overview, discussion with any chatters, and incremental progress rather than completely implementing a next approach in a couple hours.
So the current code feature I have to deal with topical, well-received self-promo from people who aren’t otherwise engaging with the community is to ban their domain for a year to give them a chance to acculturate and demonstrate that they’re here to join a community rather than harvest clicks. That feels like it would be too much for this situation.
EDIT: To be real explicit: you’ve submitted six links and 5 were to your own stuff. To get on the right side of the guideline, take a break from submitting your own work until you’ve submitted 19 more links. This isn’t a code limitation, it’s going to be the Lobsters community reading them and folding them into our discussions, so if you pull the first 19 links off r/programming’s newest page, we’re not going to see that as meaningful participation.
I do wish this conversation had happened less publicly, as while you have been very helpful, the sheer number of comments telling me slightly different things with varying levels of politeness has been frankly overwhelming.
There are a lot of posts, starting from a very simple nudge, because you have responded to every one with an excuse. That you have no other way to get notifications, that you’re ignoring the rules until a mod reiterates, that the rules are unclear and you have to engage, that an explanation again wasn’t specific enough, and now that there’s been an overwhelming number of public corrections. You’re getting many public responses because you’ve publicly tried to duck responsibility in so many different ways. The sum of your excuses is that you believe the rules don’t apply to you unless a mod explains to you in private and in detail but not too much length, to your preferred level of politeness, that rules do in fact apply to you because you are required to be here. And just typing that out… sure, you’ve convinced me to reach for code. I’m banning your blog until I think you aren’t here to exploit the community. If you try to find reasons to break the other guidelines, too, I’m going to ban you.
Listen to the feedback you’re getting. No-one likes a rules lawyer.
“This seems like a weird policy to have if you want to incentivize interaction” - this is a huge unfounded assumption on your part. This isn’t Reddit.
Let the community decide which content you make to submit to lobste.rs
Don’t worry about reading replies etc. immediately, stuff moves slower here than on bigger sites
Continue to engage in discussions on other submissions, or submit other interesting stuff
Work on your interpersonal communication. You come across as rude and abrasive. This is a small site, people will notice your behavior and not cut you as much slack going forward.
I’ll be honest, most of this just comes across as “stop being neurodivergent”.
I cannot simply flip a switch and suddenly understand subtle social cues. If something about my post was rude, you need to point out what exactly it is.
I’ll be honest, most of this just comes across as “stop being neurodivergent”.
I realize that being neurodivergent comes with its own unique challenges.
But I also think that there’s a higher proportion of neurodivergent individuals here than in the general population, and in the large we rub along quite well.
Saying “I’m neurodivergent” as an excuse to being abrasive or unkind is perilously close to using it as an excuse for trolling. Or rather, it’s a thing a troll would say.
I’ll disengage now, I realise there’s a been a lot dumped on you in the last few days. I hope you take the time to reflect, read other’s comments on this site, and figure out how it works here. If it helps, some people also wandered in here like a bull in a china shop but eventually settled down to be valued members of this community.
Oh, by the way “HTH, HAND” is a Usenet idiom. It stands for “Hope this helps. Have a nice day”.
However, the interpretation I’ve seen in this thread is that replies on self promo stories are themselves self promotion. This would mean that engaging with people’s comments on my work would actually make things worse.
Only if you interact very little outside your own self-submissions and are thus close to breaking the rule.
To keep this website alive, they have to enforce strong moderation rules and when you don’t have a lot of time and resources, it’s more efficient to ban in doubt to avoid letting things getting out of hand. Sure you’ll be getting a few false positives, but it sets the tone, and keep the front page clean.
That’s why lobster is not collapsing under its own weight despite a small team like many alternatives did and stays relevant.
I got banned for one year of posting things to my own site, and I’m generally a good web citizen who appreciates and understands moderation rules.
Don’t wait for pushcx to come in, it will likely be too late.
Relax my guy, it’s because of too much self-promo, lurk a bit and you’ll see this sort of thing actually happens a lot. You are far from the first person to self-promo too much, it’s actually something the community keeps a keen eye on.
That’s really cool, did you just make it for this thread or is this coming from somewhere else? I vaguely remember reading about creative use of codec.
I’m fully expecting astral to go full Python packaging for their next tooling. Installing package in a better way than uv pip, then creating the package, then actually creating user shipable installers, and so on, one step at a time.
Eventually, my guess is they’ll move to a service to make that easier cross-platform and that’s how they’ll make their money.
Given the quality of their standalone tooling, they will have, indeed, my money.
There is a thriving and diverse ecosystem already supporting it
If you don’t follow it, the PSF and PPA won’t move on your variant so no official lock in
Many alternatives have been provided and none have created any kind of lock in
Astral has been a stellar FOSS citizen with an excellent track record and a very trusthworthy team (e.g: burntushi, from ripgrep, is a contributor)
For once, we have good reasons to be very optimistic about the outcome.
Using a Sass will create some lock in, but honestly, there are not that many people capable of building a cross platform installer for a Python projects with c extensions, so I don’t think many will have any desire to implement that by hand.
using python.org installer for python.org. Not anything else. No, not homebrew. No, not the windows store.
stick to official repo with linux or deadsnake/epel if ubuntu/red hat.
Now, they chose to go pyenv, but they also demonstrate how capable they are of dealing with the consequences of this decision. Remember that pyenv often compiles Python, which is something you can, and will, mess up in a number of ways.
And worse, you often won’t know that you did. You will have some random PATH/import/packaging error, and have no way to trace it back to the decision you took months ago.
So unless you really, really know what you are doing, stick to the happy path.
I value the directness of the approach of downloading binaries from python.org. I’d be OK with that if pyenv did that instead of compiling it. I’ve never seen pyenv not compile on my systems.
The only problem I’ve encountered somewhat predictably with using pyenv + Homebrew is when the OpenSSL library that a Python managed with pyenv depends upon is cleaned up in a brew cleanup goes away and suddenly Python cannot load the ssl module. “Turning it off and on again” by deleting that build with pyenv uninstall 3.9.18 and running make deps again fixes it reliably, at the minor cost of recompliation. It’s an annoyance but deemed an acceptable risk of our chosen pattern since we’re constantly bumping the Python version. In practice, someone only needs this somewhat percussive maintenance when they’ve failed to run make deps regularly, which should be done after every git pull in our workflow.
Yes, pyenv and homebrew come with numerous modes of failure people don’t expect. And you clearly have the ability to deal with them (even if you might not want to, or don’t have the time to spare for that), but many Python users don’t have the skill to figure them out.
python.org installers are not a bullet proof solution, but it’s the one that will fail the least often.
GraphQL makes sense at facebook because at their scale, dealing with the consequence of allowing all possible queries was less work that having to create dedicated enpoints for all the possible client queries.
People completely missed the point of GraphQL, which is you TRADE flexibility for the client for added cost on the server.
Indeed, with GraphQLs you delegate a lot of the query building to the client, hoping that it will not suddenly change your performance profile by being creative and that you will have not missed an obviously expensive use case coming.
That’s a huge bet, especially given that GraphQL is expensive in the first place, and given that the more you grow the API in size, the less you can actually map the cartesian product of all request params.
Which in a app and team as huge as facebooks’ made sense, especially since they have the so-called facebook apps that could do… anything.
Most people adopted GraphQL out of hype, not because they needed it. Like they adopted microservices, SPA, or the cloud.
You can make good use of all those things, but your use case must match it. Otherwise they are going to be costly.
GraphQL makes sense at facebook because at their scale, dealing with the consequence of allowing all possible queries was less work that having to create dedicated enpoints for all the possible client queries.
No! That’s not what’s going on at all.
GraphQL solves this with persisted queries, which let you lock down what queries you allow to a set of queries crafted by your developers. There’s no reason you need to allow arbitrary queries from unknown clients just because you chose to use GraphQL.
It’s so frustrating how often people paint these simple, solved problems as huge, gaping, unfixable holes intrinsic to the GraphQL ecosystem.
It’s so frustrating how often people paint these simple, solved problems as huge, gaping, unfixable holes intrinsic to the GraphQL ecosystem.
I like it. I skim for those points and when I see them I know that I don’t need to read the article because the author is clueless and I won’t learn anything new.
I have been working on getting rid of a GraphQL BFF at my work, so I have been thinking about this.
It isn’t just because of their scale. It’s the mobile apps. Think about how you’d create those. The central feature is an infinite scroll of heterogeneous cards. Text, photo, video, link, ad (probably dozens of ad types in reality, including carousels) all have different data requirements to display properly. Because mobile connections have relatively high latency, you want fewer round trips, so you want to specify exactly what you need in the query. Thus, you wind up needing a query language that has sum types and fragments. If you just had the sum types, you’d have to craft this giant query up front, so that’s where the fragments come into play. You just declare what fragments you need, and then the individual components supply the specifics.
I disagree. The advantage of graphql is in data intensive apis with changing clients. It provides a lot of the benefits promised by really actually HATEOAS rest.
As ever, by making the data intensive API less coupled to changes in the clients, you move some complexity around. The server now needs to do things like impose limits on query complexity, and coders need to use tools that don’t generate n+1 queries everywhere.
Old tutorials are still around and popular. Still see plenty of sudo, homebrew, apt or docs calling pip directly.
The inertia is huge, most devs still don’t know about “-m”, the py launcher, etc.
Naming is terrible. venv is different than virtualenv. That really doesn’t help.
It’s still to complicated. You have to know a bunch of recipes (https://www.bitecode.dev/p/relieving-your-python-packaging-pain), and if you go out of this smooth path by mistake or because you must, you are on your own. Plus, the venv workflow less convenient than it needs to be.
And days have finite hours. You have problem to solve, and you just want to code the solution, not reading several blog posts to make sure you don’t get in trouble when installing packages.
-m means you can ignore path problems but say hello to path problems because . is on the module path. If there’s a pip.py in the current directory, python3 -m pip will just run that. I’m kind of excited for someone to use this in an attack, tbh.
For CI and other less-trusted environments, python -Im is a useful approach – that -I flag is “isolated mode”, which removes the current working directory from the import path, ignores any user-specific package dir, and ignores PYTHONPATH and other env vars which modify behavior (if you actually want modified behavior, pass the appropriate command-line flags. You can also turn on subsets of this behavior with other flags, as explained in the linked documentation.
Funnily, a similar reason is invoked when discussing the introduction of __pypackages__ as an equivalent to node_modules for Python: it’s an attack vector because the content is automatically auto imported.
I hadn’t read your “Relieving your pain” article and I kinda liked it (although my head subsitutes “Reliving your pain” automatically every time the topic came up) and I also skimmed the other one but I’m still not sure you’re even answering the question of packaging a piece of software/artifact (not python itself or libs).
My stance is: It’s been a few years since this was my day job and if you either ignore native extensions (or are lucky enough to be able to build and deploy on exactly the same arch/OS version) then I’ve still not seen anything that would beat PEX. One file, copy it over, it works. No weird installation on the target system, just one file.
Indeed, I don’t. In the second article, I explain why: the vast majority of users never package software, for them “packaging” is “installing dependencies”.
Since my resources are limited, and people can’t read infinite content, I wanted to help the maximum of people with the most optimum amount of effort. So this article covered the Pareto case, knowing that the people that actually packaged libs were of a better technical level and would need my help less.
But for what it’s worth, there is no easy way to distribute software in Python. I go shiv (a pex alternative) or nuitka depending of the context if I have to. But most of the time, I try to avoid it and just build on every target.
There is a whole startup to build on turning Python software into executable and installers.
Interesting to see how it works, but that’s maybe a few requests per second tops. A 2GB VPS is plenty for that with memory caching even if there are 10x peaks.
1.2 million requests/month, divided by around 43200 minutes in a 30 day month, results in slightly less than 1 request every 2 seconds.
The article calls it “not that crazy”, but I think trivial is a more accurate definition.
Not that throwing modern frameworks and cloud at this would improve it, of course, but yeah, that’s kind of outside even the order of magnitude of problems developers solve professionally.
1.2 million requests/month, divided by around 43200 minutes in a 30 day month, results in slightly less than 1 request every 2 seconds.
Perhaps it is trivial and I am way out of my depth here but just thinking out loud, we can’t smooth things out to one request every two seconds.
There are still peaks where you would get thousands of requests per second,
and hours where you get no requests at all.
Again, not saying thousands of requests per second is anything but trivial
but just want to point out we need more information than just that one line
of 1.2 million requests per month.
The article calls it “not that crazy”, but I think trivial is a more accurate definition.
It’s an interesting indication of scale. A lot of personal blogs get thousands of requests a month. It’s pretty obvious that you can host that on a tiny machine with even some fairly inefficient code. Right up until you’re on the front page of some popular aggregator. I’m not sure what kind of traffic those spikes get. Back in the day, Slashdot could generate a few hundred requests per second sustained over a day. From what I’ve seen of Hacker News comments, no one there reads the article, but maybe there are a lot of lurkers who do.
Given that the overwhelming majority of their responses look as if they’ll be served from their in-memory cache, and they’re using FastCGI so really just have a few IPC messages overhead on top of running the PHP interpreter, I wouldn’t be surprised if they can handle most requests in single-digit milliseconds with a single core. Given that their responses are almost entirely independent, they could easily use PHP FPM to load balance across a few processes and scale almost linearly with the number of cores, so their headroom is at least thousands, if not tens of thousands of requests per second.
That shouldn’t be surprising. I think WhatsApp managed over a hundred thousand (active) users on a single machine (not a hundred thousand messages per second), and that was around 15 years ago.
It’s a good reminder that very few uses actually need to scale. It’s also why I kept pushing Azure to think a lot more about the opposite end of the scaling direction. There are a few huge customers that really need insane throughput, but most of them are big enough that it’s worth building their own infrastructure (is Azure going to provide a video streaming service that makes Netflix want to use it? Absolutely not). At the opposite extreme, there are hundreds of millions of potential customers for tiny services, and a few tens of thousands of them are likely to grow to be moderately large customers. If you can provide a service that lets me run something like a Mastodon instance for a handful of users for $1/year, then I’ll absolutely buy it and a lot of people will build things on top of it.
If you can provide a service that lets me run something like a Mastodon instance for a handful of users for $1/year, then I’ll absolutely buy it and a lot of people will build things on top of it.
Did you have any luck convincing Azure to look at this end of the market? I would love something like this: it would be perfect for various hobby projects, most of which will probably never grow to anything more but one or two might. There must be a lot of people in a similar situation: surely there’s a market to be profitably served here?
Did you have any luck convincing Azure to look at this end of the market?
Nope. They’re really focused on big customers doing on-prem to cloud migrations and oblivious to the fact that this is not a growing market and that an increasing number of customers are looking in the opposite direction. Their biggest growth area is people moving Windows servers into the cloud (because who wants to admin a Windows server) and, when they look at that growth, they don’t see a migration from Windows servers to Windows VMs to Linux VMs to Linux containers, to FaaS workloads running on competitors’ systems (I do, but I think in terms of decades and they think in terms of quarters).
Companies like fly.io are doing some interesting things in this space. If I had a spare couple of hundred million dollars, I’d build server SoCs for this market - there are some huge wins if you’re aiming to run cloud-native workloads, rather than virtualising things that pretend to be fast PDP-11s running minicomputer operating systems.
Companies like fly.io are doing some interesting things in this space.
Yeah, I like them. I use them for a couple of hobby projects already. But I still think there’s a gap in the market in between the free tier and the “real company” tiers though. Fly.io is certainly my favourite offering at the moment but it’s not quite what you described (“a service that lets me run something like a Mastodon instance for a handful of users for $1/year”).
I’d build server SoCs for this market - there are some huge wins if you’re aiming to run cloud-native workloads, rather than virtualising things that pretend to be fast PDP-11s running minicomputer operating systems.
Do you have any examples of what you have in mind? Everything I see today seems to be either a minicomputer OS, albeit virtualised, or something like a rump kernel, e.g. MirageOS.
I’m not sure what kind of traffic those spikes get. […] From what I’ve seen of Hacker News comments, no one there reads the article, but maybe there are a lot of lurkers who do.
Having seen it firsthand (top link for about a day), certainly not hundreds per second. Can’t recall the exact amount as it was 2 years ago or so, but it amounted to maybe 30k unique visitors total over a day 1, heavily tapering afterwards.
So a lot for a raspberry pi, but largely inconsequential in most cases, even more when half the internet is cached by Cloudflare.
Also there are realistically no real availability requirements here. If your request fails, you can just refresh the page without any noticeable issue anywhere in the system.
They’re using PHP with FastCGI (so no process-creation overheads most of the time) and an in-memory cache that persists across requests (so no system calls to look up hot data). You should be able to hit a few thousand requests per second on a vaguely modern machine with 2 GiB of RAM, without any serious tuning. If a lot of what they’re doing is serving books, then using the sendfile extensions (I think Apache supports these?) and KTLS (I’m pretty sure that’s in Linux now) will mean that most of the time they’re just telling the kernel which thing to encrypt and send from the buffer cache (and the encryption is mostly AES-NI, so close to memcpy speeds and is the only copy needed in the system), which should get them a big speedup (which they don’t need, by the sounds of it).
Fans of esoteric units might like the microfortnight, which is 1.2 seconds. It’s handy to know about when someone is bragging about how many requests per month they handle. Microfortnights were used in an obscure corner of VMS that became a famous historical easter egg, which is how I remember them.
Another fun unit is the microcentury, which at 52.5 minutes is the ideal length of a lecture, allowing time for students to get from room to room in between.
nothing about people is permanent. I’ve changed my primary email address at least four times in my adult life, and I’m only in my late twenties. just make up a random uuid or something. that will always be the most permanent, because it’s uninteresting entirely to the user.
I’ve changed my primary email address at least four times in my adult life, and I’m only in my late twenties
That seems crazy to me… my current email is older than you, and I have about the same number of total changes, but that dates back to the early 90s. I’m not sure your pace of change is common, and suspect the average probably lies somewhere in between.
just make up a random uuid or something
But the problem is that all the issues we’re talking about don’t really go away by just adding some internal identifier… you still need to use some common identity for logins, cross-system links, etc..
Many businesses, especially ones that didn’t initially use the Internet, assign users (maybe sequentially) account numbers that are much shorter than UUIDs, which seems user-friendlier to me.
Random IDs in any format seem fine. I would not advise assigning them sequentially; it risks low ones becoming status symbols, which could be a driver of account theft or sale. Of course this is a problem that only comes up if you get hugely successful.
As long as users log in using e-mail addresses as usernames, it is relevant.
You should use a random userID, sure, but all the problems identified in the article (e-mail address reuse, losing access to them, OIDC, etc) are problems causes by the fact that e-mail addresses are usernames, not because they might be userIDs.
Google locked me out of my oldest Gmail account a while ago. I eventually managed to recover it (by just normally logging in from a new phone, probably because their security theater is more lax in these situations to avoid ruining the user experience while a user is setting up new shiny toy) but I’ve seen this happen to other people and they never recovered it.
The author only mentions Wikipedia once, as likely training data. Amusingly, though, most of their complaints about LLMs were complaints about Wikipedia when I was in high school and university: Wikipedia can be incorrect, Wikipedia blunts research skills, Wikipedia ruins comprehension, Wikipedia is no substitute for mountains of homework, etc.
I don’t think we know what ChatGPT was trained on.
Perhaps the arguments are the same, but I see the two as fundamentally different. Wikipedia doesn’t write your paper, even if it could be copied from. And when you plagiarize from Wikipedia, it’s easy to tell. LLMs on the other hand will give you somewhat unique output that can be targeted specifically to the input you’ve given. It’s hard if not impossible to detect plagiarism, even if it’s just as (or more) likely to be incorrect.
The structure of Wikipedia also allows humans to more easily detect inaccuracies and correct them. An LLM might give absolute baloney for a given prompt and there’s no way for an expert to know or correct it.
I routinely have ChatGPT tell me that things I want to do and have done with software can’t be done. If Wikipedia has this problem, it’s rare enough I’ve never encountered it (and I read a fair amount of Wikipedia).
Worse, it often gives me a detailed solution that looks plausible but is complete fiction. Like, it will invent an AWS API that is perfect for my use case but doesn’t actually exist. Imagine that same behavior in the context of medicine or philosophy or sociology.
For my blog post last week, I wanted to know when iframes were introduced. I was pretty sure it was IE4, but I didn’t confirm it with a quick Google, so I tried Claude. It said IE3, which seemed too early. I asked for citations and it gave me a bad link and some unrelated junk. So I dug back into Wikipedia and found that for all that my memory was correct and it was IE4 in 1997. I think most people who didn’t already have a good sense of the answer could have been fooled by Claude’s false confidence.
It’s just people focusing on what they lost instead of what we gained.
ChatGPT open education possibilities like never before.
Instead of seeing only the problems with school, which reveals how obsolete our learning systems are, we can chose to focus on how awesome this thing is to learn on your own.
But as usual, the old guard will not cooperate and be brought to the future screaming.
In their present state, the idea of learning from LLMs seems fraught with disaster. As someone with decades of experience in my subject, I know how to check whether an LLM is generating bullshit or not, and it frequently is. As a beginner, how am I supposed to do that?
(To be clear, the same is true of learning from random internet posts, which is—surprise—what LLMs are trained on…)
LLMs are not a research tool, but as a generative system they are a powerful learning tool enabling playing with language at levels few were able to before.
How does that work? I have asked it to generate python code before and the results had mistakes which it subsequently admitted when I pointed it out. The only way I could challenge it was because I already knew what needed to be done. For this reason, I think it’s not necessarily a good idea to use it as a learning tool as it stands.
I’m not sure I understand this, ChatGPT can’t “admit” anything and it has no concept or wrong or right. If it gives you code that doesn’t work, it has no idea until you point it out. If you point out something that does work as if it doesn’t, it will happily play along, admit it doesn’t work, and try again.
It’s a linguistic trap that’s hard not to fall for - you do yourself in that final sentence. It doesn’t admit the code doesn’t work, it just plays along (probabilistically).
If it did your work for you that would be useful, but not great for learning. Probably playing with computer languages you can use it for learning as well, but I mostly meant playing with human language. Though it can do both so I expect there’s something to be learned there in both cases. Most learning does not come from being fed answers, but from being given the opportunity to explore.
I remember I had a (HTML !) multi-answer test where one of the questions came with no correct answer , and I it took me 30 minutes of the entire test to allow the staff to let me get my phone, call the teacher, and get him to admit he fucked up.
Once I saw one teacher spend an entire 3 hours teaching us assembly only to fail running the program at the end of the course. He never managed to get in running for the whole semester.
I’ve had one teacher teaching us DB solely on paper, but when asked, couldn’t help me chose a proper schema for my tables once I got to her with a real life problem.
I’ve vivid memory of the entire jury, while presenting my memoir that I made on a logging library I wrote as an intern, stumped by the code and use case. They asked what it was for. The title on the first deck was “PHP 4 logging library: a case study”, ffs.
I remember I eventually had to ask permission to setup my own class to teach my class mates PHP so they could pass the exam because they couldn’t understand what the heck the teacher was uttering. They got the best grade average of the year.
So yeah, I’ve got more BS from teachers in my IT universities than by ChatGPT.
Saying ChatGPT can produce mistakes is like saying you can cut yourself with knife. Sure. But cooking is still easier with a knife.
I’m sorry you had bad teachers, but giving a bunch of examples of human bad teachers doesn’t explain why ChatGPT is a good one. Knives just do what you tell them, they don’t actively mislead you.
Also, you knew at the time that your teachers were wrong, which means you’re not really the kind of student I’m concerned about!
I’ve been a student in 11 different teaching institutions, including in England, France and in the Caribbean. From private ones to public ones, some posh, some violent… I’ve also discussed extensively with students, parents, and teacher friends. I’ve been giving courses and training myself, in various countries of Europe, Africa and India.
My experience is: bad teachers are the norm, good teachers are the exception.
But good ChatGPT answers is the norm, bad ChatGPT answers is the exception. And ChatGPT is infinity patient, has a huge breadth of knowledge, for some things, surprising depth too. And it can explain in a 1000 different tones, detail everything or summarize, translate to different languages or levels of sophistication…
Besides, I’m pretty sure for anything that is bellow 9th Grade, ChatGPT has on average a better track record that any human teachers, except maybe for math, for which wolfram alpha is already doing better anyway. And after that, students are mature enough to looks things up, provided they are taught how to use the knife correctly so they don’t cut themselves. As we should teach them instead of getting crystalized because of imaginary blockers.
Being sometimes mislead is part of life. We can cope with it if it’s occasional. After all, school books are riddled with such things, especially in history.
The value added with ChatGPT far surpasses any problems it comes with.
If however, a student proves unable to use it correctly after being taught, said student would not have performed better with the current system anyway.
As for me, I’ve made my choice. Not only I actively recommend students to use ChatGPT, advice to use it on many articles in my tutorials, but I use it myself to boosts any learning. It’s a x3 in productivity, easy. I’ve seen to many good things for me and others to pass it by.
I’m completely on board with teaching people how to use ChatGPT in a productive and realistic way. I use it myself, with extreme caution. And good students can certainly make good use of it. And maybe it works OK for universal stuff like sixth grade math (oops, actually it’s pretty bad at math, never mind).
The fear is that for more advanced subjects, especially those that require learning to think, if you add ChatGPT to the mix of a bad teacher plus an unmotivated student (which I agree is all too common), you may not get an improvement in learning. Instead, you’ll get a performance of what looks like learning but has no guardrails that keep it based in reality.
I think it’s pretty well established that the best way to learn is with a 1:1 tutor. Basically the student needs to know the best thing to try next, and then needs accurate feedback on what they did. If we could get a GPT to do that reliably, it would indeed revolutionize learning. Using GPT to appease human teachers who are just looking for performative acts of learning isn’t going to do it.
So we probably have basically the same hope, I’m just cynical about it. :)
One of the main issues I’ve had with pip is that I often end up doing pip freeze > requirements.txt, spitting every installed package in the virtual environment into one file. It’s convenient but makes it difficult to separate primary from transitive dependencies, as well as separating prodution, dev, and test dependencies. But there seems to be good ways around it, for example using pip-tools or (not from the article) just pinning primary dependencies manually in different requirement files (e.g., “requirements_test.txt” for test depedencies). Will definitely give it a try at some point.
I still have the Loki games Linux version of this on CD. It has 1999 on the sleeve. That’s nearly 10 years ago now! Time flies.
Edit: Oh well: “At the moment VCMI does not supports HD Edition from Steam or old Linux Heroes 3 release by Loki”
https://github.com/vcmi/vcmi/issues/3716#issuecomment-2039186302
Given you already own the game, I can send you my gog copy if you want so you can use VCMI.
Kind offer thank you, but it’s okay. They will eventually come up with a solution no doubt. I’m sure if I feel the urge to replay this, it’ll work in a VM of appropriate vintage.
It’s quite stable now.
Using it on Ubuntu to play with my brother who is on a Mac in another country and it already works quite well. We hit only one bug so far.
Congrats on reviving an old classic.
A local chat that detect similar local chat around (through zeroconf, geo, bt and wifi) and offer to start chat and send file of unlimited size.
Too many time I had to share things and needed some kind of account, an internet connection or a long term contact addition with someone.
Sharing pictures during holidays, sending a huge video file to a coworker, sharing files and code during a training session…
It’s all a pain in 2025. It should not be.
Basically, a better dukto r5 would be perfect.
OK edited for clarity
Bonjour is a pidgin plugin that offers serverless xmpp named after the zeroconf technology of the same name developed by Apple
Orig: Bonjour is serverless xmpp developed by Apple supported by pidgin
Bonjour is Apple’s implementation of mDNS to find other services in the local network. XEP-0174 uses it for chat, but that’s not part of Bonjour itself nor was it developed by Apple as far as I can tell.
Ok I typed that badly formulated. The bonjour pidgin implementation (yes pidgin calls the messaging bonjour https://pidgin.im/help/protocols/bonjour/) is using the bonjour/zeroconf specification to offer a serverless XMPP implementation without need for accounts.
Rereading my original message I see how it is badly formulated (to put it mildly) so thank you for your correction. Was/am a bit sleep deprived
I’m guessing the compression is lossy? Even though the process is deterministic, is it guaranteed that no information is lost?
Arithmetic coding is mentioned so I suppose it’s using context modeling. I think the language model generates a sequence of bytes (a token converted to unicode), and that is interpreted as per-bit probability predictions. So based on the bits compressed so far (the “context”), the model outputs a prediction of the probability of the next bit being one. This prediction is used to help the arithmetic coder to compress the input better. If the prediction is wrong, the data will be still losslessly compressed, just with a worse compression ratio.
Context modeling compression (not sure what’s the right term) is a really cool method because you can just conjure up all kinds of weird predictors and if they work, you get better compression. Note that the decompressor must be able compute exactly the same predictions though.
Edit: A quote from the ts_zip page:
It’s lossless, but some models have different trade off. rwkv_169M_q8 is slower but works on GPU and give consistent results. You can use other models, like llama based ones, and they accept cuda for a speed up, but then you can only decompress things using the same combination of model + GPU + software version.
It’s lossless. Click through to the ts_zip page to learn how it works.
Maybe I’m blind, but that page doesn’t really say anything about whether ts_zip (and by extension ts_sms) is lossless or not. The only bit that alludes to lossyness is “and hopefully decompress”, which I indeed interpret to mean that it is lossy.
The LLM needs to be deterministic for decompression to work.
Is that enough? An algorithm that maps all inputs to the string “FOO” would also be deterministic (and compress well), but it would be lossy.
No, determinism not enough. If two or more inputs compress to the exact same output, then the compression is lossy and not fully reversible. In other words, the compression function must be Injective to be lossless.
The normal way of turning a lossy compression scheme into a lossless one is to compress, decompress, and then encode the delta somehow. Generally, the delta is much smaller than the original input and so can be stored uncompressed, though there are better techniques that compress it (you can also nest this process, applying a lossy compression scheme to the deltas and then storing the deltas of deltas).
A lossy compression scheme is never infective, by definition: it discards information, so two similar (within whatever state space the encode uses) inputs will give the same output. This doesn’t matter, it just means that, if A and B map to the same compressed then decompressed C that you need to store A-C and B-C to be able to decompress A and B. And hopefully this is smaller than the size difference between A and C or B and C.
Interesting, that was very informative, as always.
One question comes to mind (with the caveat that I’m no expert in either encryption or LLMs): Given that LLMs predict the next token in part dependent on previously outputted tokens, it seems to me that there is a chance that one wrongly predicted token early in an output stream could lead to divergent results. Given that we have to store a delta, is it possible that the compressed data (with delta) could actually be larger than the uncompressed data?
For instance, I could have compressed the string “The quick black rabbit leaps above the sleeping cat”. Let’s say that the decompression results in a string that starts with “The quick”. The LLM determines that the most likely next word is “brown”, which might be fine if that was all that was different from the original string, but seeing “The quick brown”, it might determine that the most likely next word is “fox” instead of “rabbit”, etc. The result would be something that decompresses to “The quick brown fox jumps over the lazy dog” and contains deltas for all words except the first two, and which would likely take up more space than the original input.
I’m wondering whether it would be possible to construct such an adversarial input for ts_sms and ts_zip…
My own tests:
And:
According to ChatGPT:
I wasn’t aware of
hammettas an alternative topytest. Nearly every code base I’ve ever worked on that usespytesttakes seconds just to perform initial test collection.With all the exciting stuff going on in Python tooling right now with things like ruff, uv & pydantic being written in Rust I do wonder if anyone will take a swing a writing a fast test framework. (Though perhaps this kind of stuff os fundamentally limited by the speed of Python)
You can speed up test collection and planning by writing the test runner in a faster language.
But test execution cannot be sped up without making a faster Python implementation, and on top of that, you won’t make slow tests fast as it’s just not your code.
Does it mean I’ll have to take down my server and turn it back on?
So I can have my Matrix… reloaded?
@binarycat, please observe the guidelines on self-promotion.
In my experience my posts tend to end up here anyways, so I submit them myself so I can actually get notifications on people’s replies.
Indeed, I found this entire site through digging through post backlinks.
Additionally, since this site is my main source for tech news/blogposts, I don’t generally have anything new to contribute besides my own work.
I could just post my work elsewhere then wait for someone else to post it here, but then I would have no way to receive notifications about people’s comments on my work, and interacting with this community would become much more difficult.
also, the relevant line:
says stories and comments. I’m definitely making a lot more than 3 comments per self-submitted post, so i’m not even sure what rule i would be violating?
I don’t think anyone in this community would have seen this post and considered it worth submitting here. Treating this site as your personal comment section for all your content is just rude.
yeah, my reaction also was “that post seems odd” -> “oh, its a self-submission” -> “oh, of course its someone who just submits all their blogposts and nothing else :/”
If you submit a lot of your own posts, your standard for what to submit should be high. And few people actually write that many great posts.
That’s my secret: I don’t finish blog posts (and when I do they aren’t good).
I seem to have submitted one of my own every 3 years, you should try it, some good comments sometimes ;)
You could use webmention on your blog. Lobsters support that, and it’s not hard to support. I do, with a CGI script that just makes a few sanity checks on the resulting POST request, then emails me the results.
Each blog post I make has
<link rel="webmention" href="URL-of-CGI">which points to the script. The resulting POST request has two parameters,source, which is the URL of the page linking to your page andtarget, which is the URL of the page being linked to.oh could I have that script? I’ve been interested in implementing webmentions for a while but never got around to it.
Two issues: 1) it’s tied to my blogging engine, which is in C, and 2) the script itself is in C. If you still are interested, I can email you the source.
This usually also means “comments that are on your own authored submission count to the self-submitted part”.
hold on, you’re not even a moderator?
if an actual moderator wants to tell me that i’m misinterpreting the rules, and that interacting with almost every single comment on all my submitted stories isn’t enough, then i guess i’ll have to adjust my behavior, by all means, but until then..
It is fairly common here for the community to point out that we have a roughly 1/3 rule* regarding engagement between authored submissions and others. That is before pushcx starts banning your domain (Ctrl + F “self-promo” and “take a break”).
I have no horse in this race but 4 links to your own site in 14 days feels definitely like something others got banned for. And I feel like it would be unjust to accept it here just because others might submit your stories anyway. Because that is actually what is usually recommended: Let others submit your blog on their own, which makes sure it is not just blatant self promotion. Though we might have a conflict of interest here looking at the invite tree?
The part about notifications sounds like we might instead want an additional feature to subscribe to all comments on a submission - or simply all new entries for a specific domain.
Again - my gut feeling is simply that it would be unfair to allow it here but punish for this otherwise.
* It’s blurry because the exact moment people feel like you’re just engaging to self-promo / drive your agenda is blurry too.
I would love this. I see a lot of submissions that are interesting, and I’m curious what people think about them, but they don’t have any comments yet. I tend to keep these stories open in a tab and refresh them periodically, but it would be great if there were a “watch” feature that would just notify me of any new comments on the submission.
Same here!
@adamshaylor is correct, and so is @proctrap in their reply to this comment.
If the only thing you’re doing on the site is promoting your work, it’s not OK. Lobsters is a community, not your marketing channel.
Please clarify your rules. I cannot follow what I do not understand.
My interpretation was that as long as I was actually meaningful engaging with the community on self-submissions, it is fine. (specifically the phrasing of “write only” gave me that impression, if I’m reading everyone’s replies, how can I be treating it as “write only”?)
However, the interpretation I’ve seen in this thread is that replies on self promo stories are themselves self promotion. This would mean that engaging with people’s comments on my work would actually make things worse. This seems like a weird policy to have if you want to incentivize interaction, so therefore I would assume it is not correct.
One possible interpretation is that these replies are neutral, which would make more sense, however there is nothing in the wording to suggest that is the case.
I’ve made plenty of comments on other stories, perhaps even enough to satisfy the 2/3 rule under the most pessimistic interpretation.
or perhaps it’s not about the ratio, but just the raw frequency?
I could just stop submitting my own work, but that would make it very difficult to actually engage with the community w.r.t. my own work!
maybe this should just be implemented in code, anyways? I’d much rather I’d just gotten a “you are submitting too much of your own work as a new user, please slow down” pop-up instead of reading the same 3 sentences over and over trying to figure out what precisely they mean.
Yes, I would also expect to see less than a quarter of your comments on your own self-promo. Lots of people read /active and comments contribute to story score, so comments on one’s own stories are also seen as part of self-promo. The point of this one-quarter guideline is that it is very easy to reach if someone sees Lobsters as a forum they are part of rather than a traffic source with some occasional commenting chores.
The previous attempt at a simple code solution had a too-high false positive rate and I’m currently working on new features. So I appreciate your questions and I’m taking them into account as I continue this work. In ~45m I’ll be streaming office hours that’ll include that work, but to set expectations, it’ll be an overview, discussion with any chatters, and incremental progress rather than completely implementing a next approach in a couple hours.
So the current code feature I have to deal with topical, well-received self-promo from people who aren’t otherwise engaging with the community is to ban their domain for a year to give them a chance to acculturate and demonstrate that they’re here to join a community rather than harvest clicks. That feels like it would be too much for this situation.
EDIT: To be real explicit: you’ve submitted six links and 5 were to your own stuff. To get on the right side of the guideline, take a break from submitting your own work until you’ve submitted 19 more links. This isn’t a code limitation, it’s going to be the Lobsters community reading them and folding them into our discussions, so if you pull the first 19 links off r/programming’s newest page, we’re not going to see that as meaningful participation.
Thank you for clarifying this.
I do wish this conversation had happened less publicly, as while you have been very helpful, the sheer number of comments telling me slightly different things with varying levels of politeness has been frankly overwhelming.
There are a lot of posts, starting from a very simple nudge, because you have responded to every one with an excuse. That you have no other way to get notifications, that you’re ignoring the rules until a mod reiterates, that the rules are unclear and you have to engage, that an explanation again wasn’t specific enough, and now that there’s been an overwhelming number of public corrections. You’re getting many public responses because you’ve publicly tried to duck responsibility in so many different ways. The sum of your excuses is that you believe the rules don’t apply to you unless a mod explains to you in private and in detail but not too much length, to your preferred level of politeness, that rules do in fact apply to you because you are required to be here. And just typing that out… sure, you’ve convinced me to reach for code. I’m banning your blog until I think you aren’t here to exploit the community. If you try to find reasons to break the other guidelines, too, I’m going to ban you.
HTH. HAND.
I’ll be honest, most of this just comes across as “stop being neurodivergent”.
I cannot simply flip a switch and suddenly understand subtle social cues. If something about my post was rude, you need to point out what exactly it is.
This is not helping my confusion.
I realize that being neurodivergent comes with its own unique challenges.
But I also think that there’s a higher proportion of neurodivergent individuals here than in the general population, and in the large we rub along quite well.
Saying “I’m neurodivergent” as an excuse to being abrasive or unkind is perilously close to using it as an excuse for trolling. Or rather, it’s a thing a troll would say.
I’ll disengage now, I realise there’s a been a lot dumped on you in the last few days. I hope you take the time to reflect, read other’s comments on this site, and figure out how it works here. If it helps, some people also wandered in here like a bull in a china shop but eventually settled down to be valued members of this community.
Oh, by the way “HTH, HAND” is a Usenet idiom. It stands for “Hope this helps. Have a nice day”.
Only if you interact very little outside your own self-submissions and are thus close to breaking the rule.
OP is doing you a favor by telling you this.
To keep this website alive, they have to enforce strong moderation rules and when you don’t have a lot of time and resources, it’s more efficient to ban in doubt to avoid letting things getting out of hand. Sure you’ll be getting a few false positives, but it sets the tone, and keep the front page clean.
That’s why lobster is not collapsing under its own weight despite a small team like many alternatives did and stays relevant.
I got banned for one year of posting things to my own site, and I’m generally a good web citizen who appreciates and understands moderation rules.
Don’t wait for pushcx to come in, it will likely be too late.
I can’t help but wonder if people are calling this spam because of the way I phrased the title…
I said “plea” because it rhymes…
after all, noone had an issue with any of my other “self promotion” posts…
Relax my guy, it’s because of too much self-promo, lurk a bit and you’ll see this sort of thing actually happens a lot. You are far from the first person to self-promo too much, it’s actually something the community keeps a keen eye on.
You can use codecs to do that (https://docs.python.org/3/library/codecs.html):
Here is a very fragile PoC:
Import that into a *.pth file in your venv, and you can then do::
Not that I would use that, I think the pros of white space indentations are greater than the cons.
But it’s neat.
That’s really cool, did you just make it for this thread or is this coming from somewhere else? I vaguely remember reading about creative use of codec.
Made it up for the thread but it’s not tested code, more to show off the general idea.
Nice, well done!
Any guesses as to what this will be for?
Given that information: https://www.bitecode.dev/i/142131682/stand-alone-pythons-on-the-move
I’m fully expecting astral to go full Python packaging for their next tooling. Installing package in a better way than uv pip, then creating the package, then actually creating user shipable installers, and so on, one step at a time.
Eventually, my guess is they’ll move to a service to make that easier cross-platform and that’s how they’ll make their money.
Given the quality of their standalone tooling, they will have, indeed, my money.
So we’ll be moving from the embrace stage to the extend stage?
Unlikely
For once, we have good reasons to be very optimistic about the outcome.
Using a Sass will create some lock in, but honestly, there are not that many people capable of building a cross platform installer for a Python projects with c extensions, so I don’t think many will have any desire to implement that by hand.
I’ve done it and it sucks. I’ll gladly pay.
I love the readme:
“DO NOT USE IN PRODUCTION OR YOU WILL BE FIRED. UNLESS YOU WORK AT EDGEDB.”
For context, this is a way to share data between the new subinterpretter feature in Python.
Given there is no doc, the tests give a glimpse of what it looks like:
https://github.com/edgedb/memhive/blob/main/tests/test_basics.py
Note that in the context of hashes, if may want to use:
value = bytearray(secrets.token_bytes(16))
Instead of urandom. Secrets is higher level and offers explicit garanties that the generated values are suitable for cryptographic purposes.
urandom will be fine most of the time, it already sources from the OS source of randomness, so I’m nit picking.
The graph of Python installation methods is why I wrote “Installing Python: the bare minimum you can get away with” (https://bitecode.substack.com/p/installing-python-the-bare-minimum) which really strongly insist on:
Now, they chose to go pyenv, but they also demonstrate how capable they are of dealing with the consequences of this decision. Remember that pyenv often compiles Python, which is something you can, and will, mess up in a number of ways.
And worse, you often won’t know that you did. You will have some random PATH/import/packaging error, and have no way to trace it back to the decision you took months ago.
So unless you really, really know what you are doing, stick to the happy path.
I value the directness of the approach of downloading binaries from python.org. I’d be OK with that if pyenv did that instead of compiling it. I’ve never seen pyenv not compile on my systems.
The only problem I’ve encountered somewhat predictably with using pyenv + Homebrew is when the OpenSSL library that a Python managed with pyenv depends upon is cleaned up in a
brew cleanupgoes away and suddenly Python cannot load thesslmodule. “Turning it off and on again” by deleting that build withpyenv uninstall 3.9.18and runningmake depsagain fixes it reliably, at the minor cost of recompliation. It’s an annoyance but deemed an acceptable risk of our chosen pattern since we’re constantly bumping the Python version. In practice, someone only needs this somewhat percussive maintenance when they’ve failed to runmake depsregularly, which should be done after everygit pullin our workflow.Yes, pyenv and homebrew come with numerous modes of failure people don’t expect. And you clearly have the ability to deal with them (even if you might not want to, or don’t have the time to spare for that), but many Python users don’t have the skill to figure them out.
python.org installers are not a bullet proof solution, but it’s the one that will fail the least often.
Note that it doesn’t save you from having to install ipykernel in each env you want to use it in.
GraphQL makes sense at facebook because at their scale, dealing with the consequence of allowing all possible queries was less work that having to create dedicated enpoints for all the possible client queries.
People completely missed the point of GraphQL, which is you TRADE flexibility for the client for added cost on the server.
Indeed, with GraphQLs you delegate a lot of the query building to the client, hoping that it will not suddenly change your performance profile by being creative and that you will have not missed an obviously expensive use case coming.
That’s a huge bet, especially given that GraphQL is expensive in the first place, and given that the more you grow the API in size, the less you can actually map the cartesian product of all request params.
Which in a app and team as huge as facebooks’ made sense, especially since they have the so-called facebook apps that could do… anything.
Most people adopted GraphQL out of hype, not because they needed it. Like they adopted microservices, SPA, or the cloud.
You can make good use of all those things, but your use case must match it. Otherwise they are going to be costly.
Remember when XML was the future ?
https://www.bitecode.dev/p/hype-cycles
No! That’s not what’s going on at all.
GraphQL solves this with persisted queries, which let you lock down what queries you allow to a set of queries crafted by your developers. There’s no reason you need to allow arbitrary queries from unknown clients just because you chose to use GraphQL.
It’s so frustrating how often people paint these simple, solved problems as huge, gaping, unfixable holes intrinsic to the GraphQL ecosystem.
A post basically expanding on that opinion: https://xuorig.medium.com/no-graphql-persisted-queries-are-not-re-inventing-a-rest-api-dcca7e876f7d
I like it. I skim for those points and when I see them I know that I don’t need to read the article because the author is clueless and I won’t learn anything new.
I have been working on getting rid of a GraphQL BFF at my work, so I have been thinking about this.
It isn’t just because of their scale. It’s the mobile apps. Think about how you’d create those. The central feature is an infinite scroll of heterogeneous cards. Text, photo, video, link, ad (probably dozens of ad types in reality, including carousels) all have different data requirements to display properly. Because mobile connections have relatively high latency, you want fewer round trips, so you want to specify exactly what you need in the query. Thus, you wind up needing a query language that has sum types and fragments. If you just had the sum types, you’d have to craft this giant query up front, so that’s where the fragments come into play. You just declare what fragments you need, and then the individual components supply the specifics.
I disagree. The advantage of graphql is in data intensive apis with changing clients. It provides a lot of the benefits promised by really actually HATEOAS rest.
As ever, by making the data intensive API less coupled to changes in the clients, you move some complexity around. The server now needs to do things like impose limits on query complexity, and coders need to use tools that don’t generate n+1 queries everywhere.
It did get better:
Unfortunately:
And days have finite hours. You have problem to solve, and you just want to code the solution, not reading several blog posts to make sure you don’t get in trouble when installing packages.
-m means you can ignore path problems but say hello to path problems because . is on the module path. If there’s a
pip.pyin the current directory,python3 -m pipwill just run that. I’m kind of excited for someone to use this in an attack, tbh.For CI and other less-trusted environments,
python -Imis a useful approach – that-Iflag is “isolated mode”, which removes the current working directory from the import path, ignores any user-specific package dir, and ignoresPYTHONPATHand other env vars which modify behavior (if you actually want modified behavior, pass the appropriate command-line flags. You can also turn on subsets of this behavior with other flags, as explained in the linked documentation.Funnily, a similar reason is invoked when discussing the introduction of
__pypackages__as an equivalent to node_modules for Python: it’s an attack vector because the content is automatically auto imported.I hadn’t read your “Relieving your pain” article and I kinda liked it (although my head subsitutes “Reliving your pain” automatically every time the topic came up) and I also skimmed the other one but I’m still not sure you’re even answering the question of packaging a piece of software/artifact (not python itself or libs).
My stance is: It’s been a few years since this was my day job and if you either ignore native extensions (or are lucky enough to be able to build and deploy on exactly the same arch/OS version) then I’ve still not seen anything that would beat PEX. One file, copy it over, it works. No weird installation on the target system, just one file.
Indeed, I don’t. In the second article, I explain why: the vast majority of users never package software, for them “packaging” is “installing dependencies”.
Since my resources are limited, and people can’t read infinite content, I wanted to help the maximum of people with the most optimum amount of effort. So this article covered the Pareto case, knowing that the people that actually packaged libs were of a better technical level and would need my help less.
But for what it’s worth, there is no easy way to distribute software in Python. I go shiv (a pex alternative) or nuitka depending of the context if I have to. But most of the time, I try to avoid it and just build on every target.
There is a whole startup to build on turning Python software into executable and installers.
Interesting to see how it works, but that’s maybe a few requests per second tops. A 2GB VPS is plenty for that with memory caching even if there are 10x peaks.
Indeed, but it’s still a good reminder. Too many people have overkilled setup for similar needs.
definitely agreed
1.2 million requests/month, divided by around 43200 minutes in a 30 day month, results in slightly less than 1 request every 2 seconds.
The article calls it “not that crazy”, but I think trivial is a more accurate definition.
Not that throwing modern frameworks and cloud at this would improve it, of course, but yeah, that’s kind of outside even the order of magnitude of problems developers solve professionally.
Perhaps it is trivial and I am way out of my depth here but just thinking out loud, we can’t smooth things out to one request every two seconds. There are still peaks where you would get thousands of requests per second, and hours where you get no requests at all. Again, not saying thousands of requests per second is anything but trivial but just want to point out we need more information than just that one line of 1.2 million requests per month.
Cheers!
Yes, but they didn’t give any info on the distribution of the load, so, not much I can do.
I will concede it’s an assumption that somewhat stretches the point. But I think reality is likely not that far away, though.
It’s an interesting indication of scale. A lot of personal blogs get thousands of requests a month. It’s pretty obvious that you can host that on a tiny machine with even some fairly inefficient code. Right up until you’re on the front page of some popular aggregator. I’m not sure what kind of traffic those spikes get. Back in the day, Slashdot could generate a few hundred requests per second sustained over a day. From what I’ve seen of Hacker News comments, no one there reads the article, but maybe there are a lot of lurkers who do.
Given that the overwhelming majority of their responses look as if they’ll be served from their in-memory cache, and they’re using FastCGI so really just have a few IPC messages overhead on top of running the PHP interpreter, I wouldn’t be surprised if they can handle most requests in single-digit milliseconds with a single core. Given that their responses are almost entirely independent, they could easily use PHP FPM to load balance across a few processes and scale almost linearly with the number of cores, so their headroom is at least thousands, if not tens of thousands of requests per second.
That shouldn’t be surprising. I think WhatsApp managed over a hundred thousand (active) users on a single machine (not a hundred thousand messages per second), and that was around 15 years ago.
It’s a good reminder that very few uses actually need to scale. It’s also why I kept pushing Azure to think a lot more about the opposite end of the scaling direction. There are a few huge customers that really need insane throughput, but most of them are big enough that it’s worth building their own infrastructure (is Azure going to provide a video streaming service that makes Netflix want to use it? Absolutely not). At the opposite extreme, there are hundreds of millions of potential customers for tiny services, and a few tens of thousands of them are likely to grow to be moderately large customers. If you can provide a service that lets me run something like a Mastodon instance for a handful of users for $1/year, then I’ll absolutely buy it and a lot of people will build things on top of it.
Did you have any luck convincing Azure to look at this end of the market? I would love something like this: it would be perfect for various hobby projects, most of which will probably never grow to anything more but one or two might. There must be a lot of people in a similar situation: surely there’s a market to be profitably served here?
Nope. They’re really focused on big customers doing on-prem to cloud migrations and oblivious to the fact that this is not a growing market and that an increasing number of customers are looking in the opposite direction. Their biggest growth area is people moving Windows servers into the cloud (because who wants to admin a Windows server) and, when they look at that growth, they don’t see a migration from Windows servers to Windows VMs to Linux VMs to Linux containers, to FaaS workloads running on competitors’ systems (I do, but I think in terms of decades and they think in terms of quarters).
Companies like fly.io are doing some interesting things in this space. If I had a spare couple of hundred million dollars, I’d build server SoCs for this market - there are some huge wins if you’re aiming to run cloud-native workloads, rather than virtualising things that pretend to be fast PDP-11s running minicomputer operating systems.
Yeah, I like them. I use them for a couple of hobby projects already. But I still think there’s a gap in the market in between the free tier and the “real company” tiers though. Fly.io is certainly my favourite offering at the moment but it’s not quite what you described (“a service that lets me run something like a Mastodon instance for a handful of users for $1/year”).
Do you have any examples of what you have in mind? Everything I see today seems to be either a minicomputer OS, albeit virtualised, or something like a rump kernel, e.g. MirageOS.
Hehehe
Having seen it firsthand (top link for about a day), certainly not hundreds per second. Can’t recall the exact amount as it was 2 years ago or so, but it amounted to maybe 30k unique visitors total over a day 1, heavily tapering afterwards.
So a lot for a raspberry pi, but largely inconsequential in most cases, even more when half the internet is cached by Cloudflare.
Also there are realistically no real availability requirements here. If your request fails, you can just refresh the page without any noticeable issue anywhere in the system.
They’re using PHP with FastCGI (so no process-creation overheads most of the time) and an in-memory cache that persists across requests (so no system calls to look up hot data). You should be able to hit a few thousand requests per second on a vaguely modern machine with 2 GiB of RAM, without any serious tuning. If a lot of what they’re doing is serving books, then using the sendfile extensions (I think Apache supports these?) and KTLS (I’m pretty sure that’s in Linux now) will mean that most of the time they’re just telling the kernel which thing to encrypt and send from the buffer cache (and the encryption is mostly AES-NI, so close to memcpy speeds and is the only copy needed in the system), which should get them a big speedup (which they don’t need, by the sounds of it).
Fans of esoteric units might like the microfortnight, which is 1.2 seconds. It’s handy to know about when someone is bragging about how many requests per month they handle. Microfortnights were used in an obscure corner of VMS that became a famous historical easter egg, which is how I remember them.
Another fun unit is the microcentury, which at 52.5 minutes is the ideal length of a lecture, allowing time for students to get from room to room in between.
While all of this is true in theory, in practice an e-mail address is the most permanent digital identifier an arbitrary person will have.
nothing about people is permanent. I’ve changed my primary email address at least four times in my adult life, and I’m only in my late twenties. just make up a random uuid or something. that will always be the most permanent, because it’s uninteresting entirely to the user.
That seems crazy to me… my current email is older than you, and I have about the same number of total changes, but that dates back to the early 90s. I’m not sure your pace of change is common, and suspect the average probably lies somewhere in between.
But the problem is that all the issues we’re talking about don’t really go away by just adding some internal identifier… you still need to use some common identity for logins, cross-system links, etc..
I’ve done that … five times? I think? I don’t exactly have a primary email anymore, different addresses serve different purposes…
Many businesses, especially ones that didn’t initially use the Internet, assign users (maybe sequentially) account numbers that are much shorter than UUIDs, which seems user-friendlier to me.
that’s the “or something” my friend
Random IDs in any format seem fine. I would not advise assigning them sequentially; it risks low ones becoming status symbols, which could be a driver of account theft or sale. Of course this is a problem that only comes up if you get hugely successful.
How exactly is that relevant to what your system uses internally to identify an account?
As long as users log in using e-mail addresses as usernames, it is relevant.
You should use a random userID, sure, but all the problems identified in the article (e-mail address reuse, losing access to them, OIDC, etc) are problems causes by the fact that e-mail addresses are usernames, not because they might be userIDs.
Google locked me out of my oldest Gmail account a while ago. I eventually managed to recover it (by just normally logging in from a new phone, probably because their security theater is more lax in these situations to avoid ruining the user experience while a user is setting up new shiny toy) but I’ve seen this happen to other people and they never recovered it.
No, my email has changed many times, and I have 10s of them.
It’s been less stable than my passport number, my id card number, my phone number…
But none of them are permanent, or has any uniqueness guarantee.
The author only mentions Wikipedia once, as likely training data. Amusingly, though, most of their complaints about LLMs were complaints about Wikipedia when I was in high school and university: Wikipedia can be incorrect, Wikipedia blunts research skills, Wikipedia ruins comprehension, Wikipedia is no substitute for mountains of homework, etc.
I don’t think we know what ChatGPT was trained on.
Perhaps the arguments are the same, but I see the two as fundamentally different. Wikipedia doesn’t write your paper, even if it could be copied from. And when you plagiarize from Wikipedia, it’s easy to tell. LLMs on the other hand will give you somewhat unique output that can be targeted specifically to the input you’ve given. It’s hard if not impossible to detect plagiarism, even if it’s just as (or more) likely to be incorrect.
The structure of Wikipedia also allows humans to more easily detect inaccuracies and correct them. An LLM might give absolute baloney for a given prompt and there’s no way for an expert to know or correct it.
Maybe we shouldn’t value ‘writing a paper’ so highly.
I routinely have ChatGPT tell me that things I want to do and have done with software can’t be done. If Wikipedia has this problem, it’s rare enough I’ve never encountered it (and I read a fair amount of Wikipedia).
Worse, it often gives me a detailed solution that looks plausible but is complete fiction. Like, it will invent an AWS API that is perfect for my use case but doesn’t actually exist. Imagine that same behavior in the context of medicine or philosophy or sociology.
For my blog post last week, I wanted to know when iframes were introduced. I was pretty sure it was IE4, but I didn’t confirm it with a quick Google, so I tried Claude. It said IE3, which seemed too early. I asked for citations and it gave me a bad link and some unrelated junk. So I dug back into Wikipedia and found that for all that my memory was correct and it was IE4 in 1997. I think most people who didn’t already have a good sense of the answer could have been fooled by Claude’s false confidence.
Spot on.
It’s just people focusing on what they lost instead of what we gained.
ChatGPT open education possibilities like never before.
Instead of seeing only the problems with school, which reveals how obsolete our learning systems are, we can chose to focus on how awesome this thing is to learn on your own.
But as usual, the old guard will not cooperate and be brought to the future screaming.
In their present state, the idea of learning from LLMs seems fraught with disaster. As someone with decades of experience in my subject, I know how to check whether an LLM is generating bullshit or not, and it frequently is. As a beginner, how am I supposed to do that?
(To be clear, the same is true of learning from random internet posts, which is—surprise—what LLMs are trained on…)
LLMs are not a research tool, but as a generative system they are a powerful learning tool enabling playing with language at levels few were able to before.
How does that work? I have asked it to generate python code before and the results had mistakes which it subsequently admitted when I pointed it out. The only way I could challenge it was because I already knew what needed to be done. For this reason, I think it’s not necessarily a good idea to use it as a learning tool as it stands.
The same way you learn when you realize your code was buggy. Only the feedback loop is shorter and you can query it for details.
Also, ChatGPT when you are a beginner produces much, much more often correct answers than bad ones.
And unlike humans, will admit when it’s wrong.
I’m not sure I understand this, ChatGPT can’t “admit” anything and it has no concept or wrong or right. If it gives you code that doesn’t work, it has no idea until you point it out. If you point out something that does work as if it doesn’t, it will happily play along, admit it doesn’t work, and try again.
It’s a linguistic trap that’s hard not to fall for - you do yourself in that final sentence. It doesn’t admit the code doesn’t work, it just plays along (probabilistically).
If it did your work for you that would be useful, but not great for learning. Probably playing with computer languages you can use it for learning as well, but I mostly meant playing with human language. Though it can do both so I expect there’s something to be learned there in both cases. Most learning does not come from being fed answers, but from being given the opportunity to explore.
I’m not sure what you mean by that.
I remember I had a (HTML !) multi-answer test where one of the questions came with no correct answer , and I it took me 30 minutes of the entire test to allow the staff to let me get my phone, call the teacher, and get him to admit he fucked up.
Once I saw one teacher spend an entire 3 hours teaching us assembly only to fail running the program at the end of the course. He never managed to get in running for the whole semester.
I’ve had one teacher teaching us DB solely on paper, but when asked, couldn’t help me chose a proper schema for my tables once I got to her with a real life problem.
I’ve vivid memory of the entire jury, while presenting my memoir that I made on a logging library I wrote as an intern, stumped by the code and use case. They asked what it was for. The title on the first deck was “PHP 4 logging library: a case study”, ffs.
I remember I eventually had to ask permission to setup my own class to teach my class mates PHP so they could pass the exam because they couldn’t understand what the heck the teacher was uttering. They got the best grade average of the year.
So yeah, I’ve got more BS from teachers in my IT universities than by ChatGPT.
Saying ChatGPT can produce mistakes is like saying you can cut yourself with knife. Sure. But cooking is still easier with a knife.
I’m sorry you had bad teachers, but giving a bunch of examples of human bad teachers doesn’t explain why ChatGPT is a good one. Knives just do what you tell them, they don’t actively mislead you.
Also, you knew at the time that your teachers were wrong, which means you’re not really the kind of student I’m concerned about!
I’ve been a student in 11 different teaching institutions, including in England, France and in the Caribbean. From private ones to public ones, some posh, some violent… I’ve also discussed extensively with students, parents, and teacher friends. I’ve been giving courses and training myself, in various countries of Europe, Africa and India.
My experience is: bad teachers are the norm, good teachers are the exception.
But good ChatGPT answers is the norm, bad ChatGPT answers is the exception. And ChatGPT is infinity patient, has a huge breadth of knowledge, for some things, surprising depth too. And it can explain in a 1000 different tones, detail everything or summarize, translate to different languages or levels of sophistication…
Besides, I’m pretty sure for anything that is bellow 9th Grade, ChatGPT has on average a better track record that any human teachers, except maybe for math, for which wolfram alpha is already doing better anyway. And after that, students are mature enough to looks things up, provided they are taught how to use the knife correctly so they don’t cut themselves. As we should teach them instead of getting crystalized because of imaginary blockers.
Being sometimes mislead is part of life. We can cope with it if it’s occasional. After all, school books are riddled with such things, especially in history.
The value added with ChatGPT far surpasses any problems it comes with.
If however, a student proves unable to use it correctly after being taught, said student would not have performed better with the current system anyway.
As for me, I’ve made my choice. Not only I actively recommend students to use ChatGPT, advice to use it on many articles in my tutorials, but I use it myself to boosts any learning. It’s a x3 in productivity, easy. I’ve seen to many good things for me and others to pass it by.
I’m completely on board with teaching people how to use ChatGPT in a productive and realistic way. I use it myself, with extreme caution. And good students can certainly make good use of it. And maybe it works OK for universal stuff like sixth grade math (oops, actually it’s pretty bad at math, never mind).
The fear is that for more advanced subjects, especially those that require learning to think, if you add ChatGPT to the mix of a bad teacher plus an unmotivated student (which I agree is all too common), you may not get an improvement in learning. Instead, you’ll get a performance of what looks like learning but has no guardrails that keep it based in reality.
I think it’s pretty well established that the best way to learn is with a 1:1 tutor. Basically the student needs to know the best thing to try next, and then needs accurate feedback on what they did. If we could get a GPT to do that reliably, it would indeed revolutionize learning. Using GPT to appease human teachers who are just looking for performative acts of learning isn’t going to do it.
So we probably have basically the same hope, I’m just cynical about it. :)
Hence “relieving packaging pain”: https://www.bitecode.dev/p/relieving-your-python-packaging-pain
Get fancy once you have a product that needs a fancy setup.
Before that, it’s just adding failure modes you’ll have to deal with.
Also, people in the 80’ were shipping software, swallow the bullet and do it with tech that is a few years old.
One of the points listed in the article you linked was: “Limit yourself to the basics: “pip” and “venv”” which linked to Why not tell people to “simply” use pyenv, poetry or anaconda. I found that to be an interesting read.
One of the main issues I’ve had with pip is that I often end up doing
pip freeze > requirements.txt, spitting every installed package in the virtual environment into one file. It’s convenient but makes it difficult to separate primary from transitive dependencies, as well as separating prodution, dev, and test dependencies. But there seems to be good ways around it, for example using pip-tools or (not from the article) just pinning primary dependencies manually in different requirement files (e.g., “requirements_test.txt” for test depedencies). Will definitely give it a try at some point.