I work on GitHub code search. Grep.app is a great product and I really love their UI and how fast it is.
Comparing it to GitHub code search, we index more repositories (like, over 100 times more) and you can request any repository be added to the index by performing a search and waiting a few minutes. However, you do have to be logged into GitHub and we only support repositories hosted on GitHub.
The new code search is great, congrats on it! But your company is getting creepier and creepier every year, so I’ll start decoupling my work from github.com, and welcome any software that will help me in that journey.
Putting aside the discussions of attitude, I’m curious on technical side, is it actually possible to have those “profiles” really working? Like, could the compilers somehow get to a point where just slapping [[enforce(memory_safety)]] would somehow automagically error-out on any memory-unsafe code? What would be the specific rules that would work by enforcing? Something like Rust’s tree-like memory tracking? Some new kind of smart pointers? What would “memory_safety” actually mean in such a “profile”?
Would we also get an [[enforce(ub_safety)]] trigger?
OTOH, would that feature let me write Python-/JS-like dynamically-typed code if I slap [[suppress(type_safety)]] somewhere? Can I get TypeScript-like gradual typing then? Would that open doors for some new libraries for working more loosely in this regime?
I do since some time ago yearn for a cool practical language that would be “gradually typed” all the way, such that it could let me start by writing a fast-and-loose PoC in a dynamically-typed dialect, then allow me to slowly enable static typing in most/all of the codebase to improve stability and iron out corner-cases, then to finally selectively enable theorem-prover-/TLAplus-/formal-methods-level strictness in some areas of critical importance/security. If C++ was to become that language, I must say I would be honestly surprised, and that could make me consider looking at the language once again. (Though with a huge practical concern whether any of the shops where I worked, that years ago already had tons of warnings show up on any compilation, would ever care to pay more than lip service to those “profiles”.) But my most itching question at this moment remains - is that “profiles” idea actually anything more than just a beautiful pipe dream and unicorns-farting-rainbows-grade wishful thinking? Is any of that realistically in any way doable - in C++?
Hmm, there’s a lot of details in the temporary draft of release-notes; those might be relevant to Chez insiders, but feel overwhelming to a layperson like me; would anyone more knowledgeable care to summarize some highlights, and explain them to outsiders with some context?
About 5 years ago, the Racket developers decided to replace their compiler and runtime (mostly written in C) with Chez Scheme (mostly written in Scheme). This required some changes to Chez to make it work more like Racket, so the Racket developers made a friendly fork so that they could work on the adaptations without disrupting mainline Chez, with a view to reconverge when possible. There are details in their experience report tho I don’t know of a good summary of what has happened since then to get them to this point. There was a series of Racket-on-Chez status blog posts, but the last one was 2021.
I took a brief skim, look like a broad collection of performance optimizations, as well as new features that Racket had added for their rebase onto Chez scheme. Section 2 covers them – everything from new platform support, a new machine-independent platform for easier bootstrapping, various datastructures and procedures that Racket needed, etc.
Two questions, I didn’t seem able to answer them after skimming the text twice:
is the Pancake compiler available as open-source software somewhere?
does Pancake actually let me prove the code I write in it? or is it “only” the compiler itself that is proven? or is it only some aspects of the code I’d write in it that can be proven (how?)?
The compiler is implemented as shallowly embedded functions in the HOL4 theorem prover [Slind and Norrish 2008], as well as a stand-alone binary compiler obtained by in-logic bootstrapping [Myreen 2021]. The former is used for in-logic evaluation, which can generate very strong certificate theorems about the machine code produced by individual compiler runs. The latter is suitable for a more humane workflow, with compilation times in seconds instead of hours.
So the compiler is actually developed in a proof assistant - HOL4 in this case. That means that you can write Pancake source inside of the proof assistant and prove properties about it. They also bootstrapped a traditional (binary) compiler inside of the proof assistant, which you can compile programs with, but the binary compiler can’t be used to write any proofs about a source program.
I’m not sure if they provide a link between the two, but the link is conceptually simple: there’s a direct (conceptual) translation of source code in the proof assistant to source code in a text file to be consumed by the binary compiler.
And to add: this is why CakeML is awesome. You can prove properties about your source code, and there’s also a path to execute it. I personally think this workflow will see a growing amount of usage in coming years, the tools just need a bit more refinement.
Thanks a lot! I haven’t actually played with theorem provers at all yet, only read a bit about one or two, so I certainly don’t feel confident in this area. As such, may I ask if I correctly understood this from your answer: it seems that I can:
write some Code in Pancake language,
somehow input it into the HOL4 theorem prover environment/IDE,
use HOL4 to prove whether the Code is holding/fulfilling some conditions/properties (i.e. “the proving”),
then take this same Code and put it into another compiler, which will then emit a binary I can execute, probably on Linux? (i.e. “compilation” as seen by a day-to-day coder guy like me)
From what I glanced from the PDF, step 4 might require me to also provide some helpers in C for the actual FFI (actually interacting with Linux API/glibc/whatever “side effects”, a.k.a. actually doing any input/output)?
That sounds right. It’s worth mentioning that you don’t technically have to use a separate compiler in step 4, that compiler was just extracted from the theorem prover logic for performance reasons. Theorem provers can generally evaluate code, so the compiler is defined and can be evaluated there.
Can I see somewhere what’s the result of what this generates? The readme seems to explain some steps of what I should do - but what’s the outcome that this will give me? Why would I spend time to follow those steps? I don’t seem to clearly see a demo, am I missing something?
Can I see somewhere what’s the result of what this generates? The readme seems to explain some steps of what I should do - but what’s the outcome that this will give me? Why would I spend time to follow those steps? I don’t seem to clearly see a demo, am I missing something?
We need something like this for Rust (if it doesn’t already exist - I haven’t looked into it lately). I maintain winresource since the original maintainer abandoned the winres crate. However, it does depend on Windows SDK or Mingw. It would be nice to have a plain Rust solution. But then we’re writing another resource compiler - and do we really want that? Even old and well-established resource compilers contain various questionable behaviors. There is a lot of ugliness and decades of legacy under the hood, it’s a miracle that these things work at all.
I think I recall seeing an issue about it recently somewhere in Rust repos. IMO, the thing here is, how much of windres functionality is really needed. I feel that requiring it to be 100% of windres functionality, even including the quirks, makes it a (potentially unnecessarily) huge effort, per the Pareto Principle/rule of diminishing returns. I think I even commented with a link to rsrc, but got some response that windres provides so much more than rsrc. Sure, but if you reduce your goal, there’s a bigger chance you may actually get it working in reasonable time. And later someone can always try incrementing on it. Unfortunately, I myself won’t do this, as I already have way too many hobby projects, and for this one I already lost my motivation to the extent that I can’t get myself to actively maintain this project :(
I agree, you don’t have to support everything. I think the minimum feature set that I would want for a Windows resource is shown in the image that I made for winresource. With this, your Windows executable looks reasonably professional.
That was what I more or less thought I would like to add to rsrc as well, but ended up losing interest and motivation/personal itch before that happened. That said, there’s a kinda fork/inspired project that added some properties like this, at: https://github.com/tc-hib/go-winres - I link to it from rsrc’s readme.
I’m curious, how does it differ from using the Microsoft resource compiler and linking it in? Does Go use a special linker? Or is it just about being a little bit more convenient?
Just a little bit more convenient (i.e. not having to download the whole MSVC or Mingw toolchain; and also still working fine from Linux if you cross-compile).
You can find it even more appropriate when you realize that Lua actually evolved from a config language. In short, its authors kind of avoided “Greenspun’s tenth rule” by quickly noticing that it’s where they seem to be going, and thus just implementing a proper programming language.
the Lua state gL contains our configuration, we can now query it for values
part. I guess a lot of lua_getglobal; gettop; tonumber/tostring/etc calls?
It seems like in your real code you’re doing a lot of getglobal; luaL_optstring(-1), which I guess means -1 can be used for the top of the stack.
I know that I can just go read the docs but coming at this from the perspective of “ok convince me to use Lua as a config language if I am not already familiar” the consumption of the config is an important part of the story IMO.
You will abstract the interaction with the Lua interpreter away by providing an API for configuration file handling. I’m using Lua as a configuration format for a collection of more than 20 programs, and it works great. Additionally, it was trivially easy to add Lua as a scripting language to some of the programs. However, Lua has more benefits:
Variables may be injected into the Lua state, to provide memorable “constants”. For example, it is easier to set a log level option to WARNING than to remember the numeric value of the level.
Configuration files are evaluable. Therefore, we can create complex ones with the help of loops and other control structures. Additionally, some auxiliary routines could return complex data structures from templates.
A single file can store configurations of multiple programs or program instances if Lua tables are used to separate the settings.
You will abstract the interaction with the Lua interpreter away by providing an API for configuration file handling.
Sure, I am just interested in what that looks like. Because Lua is a programming language the api to consume it naturally has a bigger surface area than a json or yaml or ini file or toml etc. The post goes into the boilerplate of loading the file, but stops short of showing what observing and acting on a configuration element looks like.
Therefore, we can create complex ones with the help of loops and other control structures.
That feels more like a threat than a benefit 😅
Like, I’ve been in the position of “shit, if only this configuration was more flexible, I could avoid tons of boilerplate”, but I also seem what happens when, let’s call them less-detail-oriented people, get a hold of a feature intended for flexibility and use it to summon Satan and Cthulhu and shove them in an octagon.
That is because lua_getglobal already pushes the value on top of the stack, and -1 is the index of the value on top of the stack. That said, you may want first to check if the value is actually a string, or maybe a nil for example (if “someconfig” was never assigned to). See e.g. lua_isstring.
AFAIU, luaL_optstring is only for use in functions (callbacks) called from Lua, and I think -1 is not allowed in those - the index in luaL_optstring is called “arg” and described as “function argument” in the docs, not “index on the stack”.
edit: I’m somewhat confused why in the article they made it a global to be honest; it should be perfectly fine to define lua_State *L inside your local function, especially if it’s only used there to read the config. It’s totally normal, I’d say default, to create a local L and pass it to various helper functions.
There are only three places I use lua_gettop() when reading the configuration from Lua. One is in lua_absindex() (only defined for Lua 5.1, which lacks that function), and the other two when reading a Lua table (from a table passed in—lines 626 and 681) to track the location of the table on the stack. I could skip the use of lua_gettop() and manually track the indexes, but (I thnk) the code is clearer this way.
Also, if luaL_optstring() only worked in callbacks, then this code wouldn’t have worked at all. And it’s works for Lua versions 5.1 or higher. You might be taking the “arg” name a bit too literally. It, like nearly all other Lua functions, takes an index value, which can be positive (absolute stack position) or negative (relative to the top of stack). Also, in Lua, function arguments to “callbacks” are on the Lua stack.
I made the Lua state a global to simplify the example. Yes, you can define it locally, but then all the error paths would have needed to clean up the Lua state. I thought it was clear from the post that the cleanup should happen when the program exits. If I made it local (which it originally was), then people would complain about leaking resources in the error path, and I didn’t want to clutter the code with too much error handling.
Ok, I may totally be wrong about luaL_optstring, didn’t really check its source! That said, what do you mean by “this code”? I don’t seem to see luaL_optstring in the linked article? Am I missing/overlooking something?
Well, were did you get luaL_optstring() from then? The code where luaL_optstring() is used is linked to in the article (in a parenthetical), and I even linked to it in my comment above.
I just applied to Canonical a few days ago, and got a rejection email today. No idea why. You rarely know (but some companies do tell! I respect those very highly!). Did I have a typo in my CV, or some field of the application form, which they found “unprofessional”? Did they honestly not find me a good fit for the position? Did someone in the hiring review path have a worse day? I learnt to try hard to treat hiring as a lottery and not try to agonize over rejections. I did have cases in some processes where I reached a really smart interlocutor, we had a great discussion, I got rejected, and it made clear sense in this particular case, and I respect them all the higher. Those ones can give me food for thought, although they also tend to hang on some bigger area of expertise that I just didn’t luck into exploring in my career; and I don’t think I can easily and quickly catch up with to such an extent that I could demonstrate the air of fluent expertise at in a short interview slot. I also had interviewers who clearly seemed to want me to recite verbatim the particular list of bullet points from some or other set of “good practices” like “Clean Code” etc., and frown if I showed the audacity to discuss that there are always exceptions and nuance. Please note that I totally don’t claim I would be a good interviewer, or know how to do this well; on the contrary, I am quite dubious of that.
Interestingly, I also had a few times in my career where before some stages of the interview the company suggested a list of books and resources to help prepare for the discussion, and not some “how to interview well” ones, but really concrete “how database internals are built” ones. That really feels to me like someone putting an effort into helping me prep for the particular interview, and what might be expected of me. If I am a fast learner, I can read the book, understand it, and be ready for your needs. A win-win for both sides!
Curiously to me, I found the Canonical’s application form in particular very surprising, in that it is the only one I ever seen that asks me questions like in which Top N% percentile of pupils my high school final score/grading was. And this is a mandatory position in the form. Like I remember much of my high school after 15 years in the industry; not to mention that we didn’t actually have or know that kind of statistics at my country. Is this why I was rejected? Who knows. Don’t see a mention of that one in the linked blogpost.
From running, enduring, and observing several rounds of hiring:
Keep it short, ideally a page front and back. Resume, not CV.
I will check that you have public code. No public code is–usually–negative signal.
I will check that your Github stuff (for example) is not just forks of other work.
Be specific in what you did in a role–I know how people write these things, and it’s a red flag to say “helped ship a project”. You could’ve been the coffee gopher and that statement would still be true.
Cover letter, especially if asked. Easy “can this person read and follow simple directions?” test.
For higher-end and executive positions, write thank-you notes. This one surprised me, but I’ve seen it cost some veep candidates their shot.
Paragraphs are not as helpful as concise bullets.
Dates and titles are helpful.
If you have one, mention your clearance.
Take a second to trim your mentioned experience to the job–if I’m hiring an EM, code experience is not quite as interesting to me. If I’m hiring an IC for a web thing, your school raytracing project is off-topic.
Don’t add any social media you wouldn’t want to be considered from a culture-fit standpoint. Your X account owning the libs or your Mastodon making fun of boomers may not have the effect you expect.
Spelling and grammar mistakes are extra bad. Easy problem to solve, and it makes you look sloppy and inattentive to detail…typically bad qualities in a candidate.
If you are applying for a job outside your skillset (say, MUMPS programming), including experience that emphasizes your adaptability.
All of these of course have exceptions, of course–if you spent a few years at a defense contractor I’m not going to be too surprised if you don’t have a lot of public source code.
…don’t want to jump through the (perceived or real) legal hoops of publishing code under a FOSS license
…do allow their employees to publish code, but put a bunch of red tape in the way, so that it would be self-defeating for any employee to actually try to do it
It’s not at all limited to defense contractors.
The larger problem with using public code as a signal is that it puts people at a disadvantage if they don’t have the time or energy to publish projects outside of work. Lots of people have caregiving responsibilities that don’t leave them time for outside-of-work work, and a hiring process that values a well-stocked GitHub profile implicitly devalues parents and other groups.
I read it charitably as “usually” and “signal” doing a lot of heavy lifting. I.e., no public code won’t instantly disqualify a candidate, but will be a nail in the coffin if there are other negative signals. Which I think is valid.
Right, so in a heads to heads comparison between two candidates you’ll choose the one without kids? Or you’ll favor the young one over the older, because the older one “can’t show what code they’ve been writing because of having an actual job” whereas the young one can more easily point to work done in public recently?
Like you understand “can have publicly listed code” is going to be significantly biased by age, right?
Similarly the way a lot of women are treated on line means many intentionally limit their public presence, so I suspect you’ll get gender bias there as well.
The problem with @friendlysock’s approach with regards to the public code is that a lack of a positive signal is not the same as a negative signal.
Lacking a positive signal means that the things you could have learned (in this case: code quality, motivation to code off of work hours, etc) you have to learn from another way.
A negative signal is something that is either an instant disqualification (a belligerent public online persona) or something that needs to be combatted by more positive signals (a spelling error on the resume might be mitigated by a long-standing blog that communicates clearly).
For most companies/positions, using lack of a Github profile shouldn’t be considered a negative signal unless the position is something like “Open Source Developer Evangelist”.
And I agree with @olliej’s reply below that a lack of a Github profile isn’t a great filtering measure, even if you are so flooded by resumes that you need some kind of mass filtering measure. Here are some reasons I wouldn’t use it as a first filtering mechanism:
It’s not a simple pass (everyone with a Github passes the screen)
It’s not a simple reject (“usually negative” means you need to weigh against something else anyway)
It’s subjective
It takes a significant amount of an engineer’s time to do it
You are trying to quickly evaluate code in an unfamiliar project or projects, and perhaps in an unfamiliar language, which will have big room for error
Bingo. In practice, I almost always ask about it–some people just have private hosting or whatever, or have some other reason.
The thing I also think a lot of people miss is: I had over a thousand (no joke, 1e3) applicants for a junior position I opened up. When you are trying to plow through that many applicants, applicants without easy code to show their talent are automatically lower priority in the heap than those with.
… so you looked all the code from those folk, or you just went “does/does not have a GitHub profile” as a filter?
Again, this seems like a really good way to discriminate against people who are lower income, have families, etc. Not intentionally, just that that is the result of such filtering.
For example, when I was at uni there was a real sharp divide between people who did open source work and those who did not, and it was super strongly correlated with wealth, and not “competence”. It’s far easier to do code beyond your assignments and whatnot if you don’t also have essentially a full-time job, or you don’t have children to care for, etc. The person that I would say was the single best developer in my uni’s CS department was also working pretty much every hour outside of uni for his entire time there. By your metric they would be worse than one of the people in my year, who I would argue was far below in competence but did have a lot of open source code and “community involvement” because his family was loaded.
This reminds me of the discussions about how screening résumés with names removed to prevent bias still end up failing because you can tell so much from other clues like someone playing lacrosse in college, or that they went to a HBCU or an all-women’s college, etc.
Software development is a qualified job – you have to invest something (your time at first) before you can earn money. You read books, follow tutorials, discuss things with more experienced folks, study at university, do your own projects, study existing free software and contribute to it, get some junior job or internship etc. This is all part of preparing for a more qualified job.
How does a university degree requirement differ from taking your own public projects into consideration? Both cost you your time. (not mentioning that diploma is often a mandatory requirement while own projects are just softly appreciated + getting a diploma is a much larger investment than writing and publishing some code, the entry-barrier in IT is very low, compare it also to other fields).
If I ask a candidate: show me a photo of your bookshelf (or list of eBooks), tell me something about your favorite books that helped you grow professionally or tell something about an article you read and that opened your eyes… do you think that it is also bad and discriminatory? Because not everyone has time to study books and read articles…
Another aspect is enthusiasm. The abovementioned activities are not done intentionally to look good for future employer, but because you like them, find them entertaining or enriching.
I will check that you have public code. No public code is–usually–negative signal
Then you’re rejecting a lot of excellent people for no good reason. Many (most?) jobs don’t let you publish your work code, put restrictions your ability to contribute to OSS projects, and consider code developed by employees to be there’s (e.g. you need special permission to publish anything). This is in no way restricted to defense contractors, in my experience this is the norm for any case where your job is not explicitly working on OSS software. You may philosophically disagree with these employer’s policies but that still the reality for most developers.
I will check that you have public code. No public code is–usually–negative signal.
I will check that your Github stuff (for example) is not just forks of other work.
The older I get the weirder this idea seems: evaluating someone for a paid position based on the quality and quantity of work they do outside of the time that they’re paid to do a job as a professional. Does any other profession work this way?
But if your hiring an accountant and there’s one who runs audits for fun and has a blog with the places where they caught major errors in the audits that they did for fun, you can bet they’d be near the top of the hiring pile.
For a lot of other professions, (especially arts and engineering) there’s a concept of a portfolio: a curated set of work that you bring to the interview to talk through, and which you may be asked to provide up front. With software engineering, it!s easy to make your portfolio public so it can be used earlier in the hiring process.
Nobody has an expectation that accountants or many other professions will have professional-quality work done, for free, on one’s spare time, or suggests that the presence/absence of such should be a significant factor in hiring decisions.
Also, it’s not “easy to make your portfolio public” in software. Out of all the companies I’ve worked for across my entire career, do you know how many of them even have a listing of their main repositories public on a site like GitHub? One, and that was Mozilla. Every other company has been private locked-down repos that nobody else can see. I can’t even see former employers’ repos.
The only way to have a “portfolio” like you’re suggesting is thus to do unpaid work in one’s own free time. Which is not something we should expect of candidates and not something we should use as a way to compare them or decide between them.
Also, it’s not “easy to make your portfolio public” in software.
In the time it took me to write my comments in this thread, I could’ve signed up for Github (or Gitlab or Bitbucket or whatever) and opened a new repository with a basic Sinatra, Express, or even Bash script demonstrating some basic skill. Hundreds of thousands of developers, millions probably, have done this–and it’s near standard practice for any bootcamp graduate of the last decade.
The only way to have a “portfolio” like you’re suggesting is thus to do unpaid work in one’s own free time. Which is not something we should expect of candidates and not something we should use as a way to compare them or decide between them.
You don’t have to have a portfolio online. You don’t have to ever do any work that isn’t attached to a billable hour. Similarly, I also don’t have to take a risk on interviewing or hiring you when other people show more information.
Similarly, I also don’t have to take a risk on interviewing or hiring you when other people show more information.
This sounds more like a failure in your interviewing process than anything else.
So, look. I’ve run more interviews than I could count or care to remember. I’ve helped design interview processes at multiple companies. I’ve written about interviewing processes and given conference talks about interviewing processes. I am not lacking in experience with interviewing.
And this is just a gigantic red flag. As others keep telling you, what you’re doing is not hiring the best candidates. What you’re doing is artificially restricting your candidate pool in a way that excludes lots of perfectly qualified people who, for whatever reason – and the reason is none of your business and in many cases is something that, at least in civilized countries, you wouldn’t even legally be allowed to ask about in the interview – don’t have a bunch of hobby/open-source projects on GitHub.
I feel I’ve explained my process (including many “this is not a hard-and-fast rule” qualifications) sufficiently well and accurately, and have given honest and conservative advice for people that I sincerely believe will help them get a job or at least improve their odds. If this is unsatisfactory to you, so be it.
I’m not interested in discussing this further with you, good day.
More than that: introspective professionals are valuable. All paid coders should be able to write up some fun algorithms and discover them for a given need, but not all will go above and beyond in their understanding and mentorship.
It’s a useful signal when present. It’s not a useful signal if absent. It’s a very negatively useful signal if all you have on your public commits is messages like “blah” and zero sanity in your repository layout.
I tell people who are learning to code to get blame in other people’s projects, to learn good style and show some useful activity beyond forking a project and uploading commits of questionable value to the internet.
Supposedly all these hoops we make people jump through in programming interviews are because the interviewers say they see too many people with degrees and impressive credentials who can’t write a for loop.
If the software certification exams were anything like the CPA certification exams, we wouldn’t need to do nearly as many technical interviews. In other fields getting certified is an ordeal.
Other fields managed it: the CPA standardized exam takes 16 hours (not to study, to actually take) and the architecture ARE takes 22 hours.
Or we could not throw software engineers through that kind of meat grinder and stick with using other signals, like portfolios and technical interviews.
If it were possible to build a single exam that actually did it, I don’t know if I’d mind just because it would end a lot of pointless discussions and avert a lot of horrible processes.
Meanwhile, asking for a “portfolio” or using it to decide between candidates has problems that are well-documented, including in this thread, and I don’t really think we should be perpetuating it. It’s one of those interview practices that just needs to go away.
Nobody asks artists for a portfolio? Nobody asks engineers for previous specific projects, even if the details are obscured?
The projects one is way more than a job role. The portfolio is often of paid work where there has been a release for a portfolio, or work done outside the office.
I’ve worked for multiple companies that used GitHub for their repositories. If I were applying for a job with you today, and you browsed my GitHub profile, you would not see any of the code I wrote at those companies, or even the names of the repositories.
When people talk about a “portfolio” they always mean code written, unpaid, in one’s own spare time, unrelated to one’s current job, and many perfectly well-qualified programmers either do not do that or cannot do that due to not having the luxury of enough time to do so and make it look good.
Nobody asks civil engineers to have a portfolio of bridges they built as hobby projects.
Not true. Architects, for example, design many buildings during studies or send proposals for architectural design competitions. Most of that buildings are never build and remained only on paper. And were created in spare time. Guess what such architect would discuss on the job interview… Portfolio of the proposals and unrealized designs is very important.
Doctors spend long time in poorly paid or unpaid work before they gain enough experience. Journalists or even writers have to write pages and pages for nothing, before they earn some money. Music bands, actors, painters, carpenters, joiners, blacksmiths, etc. etc. Actually it is quite common pattern across the society that you have to prove your skills before getting a good job.
Maybe the world is „unfair“ and „cruel“, but if I compare IT with other fields… we have not much to complain about.
Again, nobody expects a civil engineer to have a portfolio of actually completely-constructed full-scale physical real-world bridges built in their spare time for free as hobby projects.
If you want to argue for apprenticeship as a form of education, feel free to, but apprenticeship is different from “do unpaid work on your own time”.
Most open source code exists to ‘scratch an itch’. It’s written because the author had a problem that wasn’t solved by anything that existed on the market today. If you have never encountered a problem that can be solved by writing software in your life then you’re almost certainly in a tiny minority. If you’ve encountered such problems but not tried to solve them, that tells me something about you. If you’ve encountered them and not been able to solve them, that also tells me something.
If you’ve encountered such problems but not tried to solve them, that tells me something about you.
Yes, it tells you that they’ve encountered such problems but not tried to solve them. Nothing more. You can’t know why someone doesn’t spend their free time doing their day job again for fun. Maybe they just don’t enjoy doing their day job again, which would be terrible, somehow, according to this thread. But maybe they just have even more important things to do than that?
Why guess? What do you think you’re indirectly detecting and why can’t you just ask about it?
As others have pointed out to you repeatedly in this thread, no one is saying don’t ask. But if people encounter problems that are within their power to fix, yet don’t fix them unless they consider it part of their job, then that’s definitely an attitude I’d like to discuss in some detail before I considered making a job offer,
Nobody has pointed out anything to me on this thread before, repeatedly or otherwise.
Everyone encounters problems that are “within their power to fix” and doesn’t fix them all the time. I don’t think that’s hyperbole. We could fix any of them, but we can’t fix all of them because our problem-fixing resources are finite. I take your position to be that if they happen to prioritise the software in their life over any other kind of problem they might encounter that that means they are going to be better at their job. I think this is a bit silly.
For what it’s worth, I get home from my computer job most days somewhere on the mood spectrum between wanting to set fire to all computers and wanting to set fire to anyone who’s ever touched one. I’d love to get a job that doesn’t make me feel like that, and it’s rather frustrating to know that my job sucking all the joy out of computing for me also makes me unqualified to get a better one, at least in the eyes of quite a lot of people here.
What does this mean to you? They’re synonyms to me, so I’ve never really tried to define how they might differ.
I will check that your Github stuff (for example) is not just forks of other work
This seems a bit of a red-herring to me. I include my GH to show that yes I really know how to program so we can skip the mutually-embarrassing “are you a complete fraud using somebody else’s CV” stage, not to show that I own several interesting repos. I mean, there’s a few in there that I actually started and they used to be things people used. But 90+ percent of “my” repos are forks because that’s how you contribute to many existing projects.
But 90+ percent of “my” repos are forks because that’s how you contribute to many existing projects.
Two things you can do here that are useful:
Make a branch that contains code that you wrote the default. I will probably click on them. If I see branches that have raised PRs and good interactions between you and the upstream that’s a very positive thing. Especially if the PRs are merged.
Pin repos that you want me to look at. GitHub gives you (I think) six repos to show in the profile screen. These should be the ones that you think best showcase your work.
I’m used (rightly or wrongly) to resumes being shorter documents that are typically more focused for a particular job, especially in the US. CVs are typically longer, have a lot more detail including coursework, talks, presentations, publications, and other stuff. My understanding is that CVs are also more common in academia, which I’ve never hired for.
But 90+ percent of “my” repos are forks because that’s how you contribute to many existing projects.
Indeed, which is why I also tend to click-through to a few of the repos to see if people have commits or attempted commits in those projects.
There are folks that, if you exclude forks, suddenly go from scores of repos to perhaps less than 10. There are folks I’ve seen who only have a few forks and no source repos of their own, but who have made significant contributions to those forks. My experience is that there are far more of the former than the latter, because the first order signalling is “how many repos do you have on Github” for people that care about such things and that’s how you spoof.
It’s pretty common to use “CV” to mean a complete list of all prior work, education, and awards, and “resume” to mean a one page summary of relevant experience.
I will check that your Github stuff (for example) is not just forks of other work.
If those forked repos are there because the person is contributing to others’ open-source projects, I would argue that kind of work is probably more reflective of the skills that are useful in most professional programming jobs in industry than a bunch of solo projects, however impressive.
Primarily looking for employment. {Just in case: ideally in Rust, OK in Go. I have 15yrs experience as a mostly backend SE, split “officially” roughly: [1y Rust, 7y Go, 5y C++, 2y C#] but in reality started with C++ & Asm in primary school, and started with Go in 2009 (official contributor since 2011, pre-1.0). Based in EU. See also: https://github.com/akavel. I’m picky though esp. as to the domain, needs to be something I see as constructive/useful for people. You can contact me here or via mastodon: @akavel@merveilles.town}
Regarding that “The comments are duplicative (…)” and people “may” — which is better spelled will — forget to update them: I try hard to reduce the number of in-comment references, especially “as a rule” of those going “up the dependency tree”. Instead, I take a solid effort to “turn my mind around” and try to describe what the thing is by itself, as if the other thing did not exist at all. Like, when describing SafeCommand, to think of it as if RunCommand was never to be. The first instinct may be that it’s hard or even impossible — but that’s just laziness and looming deadlines singing their siren song of seduction. When I let go of the thought that “it can’t be done without referencing RunCommand”, I start to actually try to think and describe what SafeCommand really is in its very core and meaning. In other words, I start actually writing a good documentation comment.
In this particular example case, after I quashed my thought of “not possible to describe without RunCommand”, my mind started going in the direction of something like: “SafeCommand is a Linux command that we know is safe to run against risks Foo and Bar when called with arguments ‘woop’ and ‘boing’. A SafeCommand is important in scope of package blargh because it consumes blargh and emits rainbow farts useful for further processing.” You see? No reference to RunCommand at all, but an explanation of why it may be useful for someone in package blargh (where it is defined) instead. (Package blargh is intrinsically referenced by SafeCommand’s very existence in it. It need not be even spelled out in the commend, I just did it because it’s hard to show the file’s path in this post. But in Go the package name is really a part of a name of every entity defined in it, and that matters.) On the other hand, RunCommand already references SafeCommand in its argument list, so it may not even be necessary to duplicate that in the comment — a common Go documentation practice in the standard library is to only reference the argument name in the godoc comment — and that in fact is what the article author already did at that point in the text.
Kind of tangential — and at a glance maybe already exemplified by the article — is that a cool trick I found for Naming Things (esp. funcs, structs, and fields) in Go, is to first use some quick name; then, write the actual function code; and finally, write a documentation comment for the function/entity, thinking about it as if the function/entity was not named at all. Thus, don’t try to make the godoc fit the name of the function, but instead just consider the current name as a temporary placeholder, and focus on writing the most accurate godoc. Then, more often than not (though possibly after a few rewrites/redactions of the godoc to make it even better), I found that the first sentence of the comment basically contains 1-3 words that will make a really great name for the function.
It’s actually a lot closer to what I want: a way of publishing a static blog that makes it easy for Mastodon users to follow.
The follower count is interesting. The article notes that Mastodon doesn’t check it but misses the fact that Mastodon can’t possibly check it. In a federated system, a single instance shouldn’t let untrusted instances see who on that system is following people for privacy reasons (and may also want to avoid sharing aggregated information if the activity is anonymity sets are sufficiently small). Even if it did, there’s nothing stopping me from creating a Mastodon instance with 10,000,000 accounts all following one person.
It might be interesting to do some kind of aggregated thing of ‘these 20 instances all have 100+ followers of this account’, presenting something signed by each of those servers’ private keys, which would suggest that a person has a broad set of followers. You could trivially fake this by having a single machine host 20 domains, but then other instances can rely on their own reputation rankings for the following servers and so ignore ones where no one on your instance is following them and so on.
I guess ‘number of followers’ has become important for ‘influencers’ and so Mastodon needs to present this number, but hopefully the ease with which it can be faked will make it fall out of use if Fediverse things take off.
It’s a shame that there isn’t something in the various Fediverse protocols for privacy-preserving aggregated analytics, where small instances can nominate one or more systems that will track their reputation and share it with other instances.
ActivityPub really feels like a step back from RSS/Atom if your use case is hosting a static blog. Instead of just publishing a static XML file, now you need a server that can respond dynamically according to a much more complicated protocol. The server also needs to persist data (the list of followers) and it needs to hit a bunch of other servers whenever the blog is updated.
This model seems way worse for privacy, too. Following an RSS feed is inherently semi-anonymous, and you can specify your own User-Agent header and use a proxy/VPN if you want to blend into the crowd even more. Following an ActivityPub-based blog without exposing your identity would require even more work than is described in the OP.
Agreed. I publish a blog, like a normal person, and I wrote a janky Perl script to echo the RSS content to a fedi account. If you know Python you can even dispense with the jank!
Trying to force SSG blogging into the mold of current ActivityPub just feels like a roundabout way to get a dead blog in a couple of months.
Following an ActivityPub-based blog without exposing your identity would require even more work than is described in the OP.
It’s not that much harder, you can just keep polling the outbox like you’d do with an RSS feed. And on the plus side you don’t have to deal with XML and you can paginate instead of getting cut off at an arbitrary number of items.
Now that you mention it, I think I remember that Mastodon offers a ready-made RSS feed of a user’s outbox?
Still, though, (1) that statement is true for Mastodon, but probably not for most other ActivityPub software, and (2) even if readers can consume RSS just like they would for “static site” blogs, there’s still a lot of complexity for the publisher.
Personally, what I’m interested in, is what you wrote (easy for Mastodon users to follow), plus comments via Mastodon. Meaning, I’d like to make it easy for Mastodon users to post replies to my blogposts, which would then be automatically appended into the HTML of the blogpost (that they replied to) as comments. Such that afterwards the page with the comments could still be served as a static HTML.
Perhaps obviously, it would also need some HTML sanitization, rate-/capacity-limiting, and moderation tools. For moderation, hopefully some kind of a static blocklist of users & servers, checked before appending the comment, might be enough? (Plus a way to purge any matching already-appended comments when I add new entries to the blocklist.) Then, hopefully, the capacity limit would be just a failsafe until I add the offending spammer to the blocklist.
Is it prefix-only search? When I enter framewor in the default UI on pagefind.app, I get 1 result with framework word highlighted; however, when I enter ramework, I get “No results”. Also, can it do fuzzy-search? When I enter framywork, I don’t get the same result as for framewor.
The low-bandwidth attributes of Pagefind rely on sharding the search index by prefix, so in a search for ramework Pagefind will load the index chunk for something like ram*.
I have some ideas for slightly improving this area and adding some typo tolerance, but the goal of staying very low bandwidth somewhat precludes fuzzy searching, as the fuzzier you get the more of the index you need to load.
For example, using https://mdn.pagefind.app/ as a reference: Excluding Pagefind’s assets itself I can search for framework and load results in 80kB — but the total index for MDN is ~15MB, and to do a full fuzzy search you’d need to load most of that.
( For framywork it’s probably trimming it back to fram to find results. this case could and will be improved since in doing so it has likely loaded the shard of the index containing framework. )
I tend to like to recommend https://aip.dev as a great recommendations set with lots of hard-learnt lessons baked in. (Though many of the ones in the OP link are not there yet.)
I’ve been sneaking it in at work to replace internal tools that have 1.5 second startup delay and 200+ MB on runtime dependencies with fast, static little zig exes that I can cross-compile to every platform used in the workplace.
My impression of Zig and you all who are behind it has been that you care about these use cases at least as much as enabling big complex industrial applications, and not only in words but in action. :)
I actually started out with Rust, which I thought would be more easily accepted.
I work in the public sector and tech choices are a bit conservative, but Rust has the power of hype in addition to its nice qualities, and has some interest from techy people in the workplace.
But then the easiest way to cross-compile my initial Rust program seemed to be to use Zig, and I didn’t really want to depend on both of them!
Not OP, but I can’t stand programming in Go. Everything feels painful for no reason. Error handling, scoping rules, hostile CLIs, testing, tooling, etc.
My greatest hope for Zig is that I can use it to replace Go, not just to replace C.
@kristoff what’s your take on that? Given that Zig has higher-level constructs like async/await built-in, with the support of higher-level APIs, are there reasons programming in Zig can’t be as convenient as programming in higher-level languages like Go?
I’m not going to argue with that but if you’re my report and you’re building company infrastructure in some esoteric language like Zig that will be impossible to find team members to maintain said infrastructure after you leave, we’re going to have a serious talk about the clash between the company’s priorities and your priorities.
OP said “sneaking in at work”. When working in a team, you use tooling that the team agrees to use and support.
small, well-scoped utilities should not be hard for some future engineer to come up to speed on, especially in a language with an ever-growing pool of documentation. if OP was “sneaking in” some Brainfuck, that’s one thing. Zig? that’s not a horribly unsafe bet - it’s a squiggly brace language that looks and feels reasonably familiar, with the bonus of memory management thrown in
orgs that adhere religiously to “you use tooling that the team agrees to use and support” tend to rarely iterate on that list, which can make growth and learning hard. keeping engineers happy often entails a bit of letting them spread their wings and try/learn/do new things. this seems like a relatively lower-risk way to allow for that. mind you, if OP were “sneaking in” whole database engines or even Zig into hot-path app code without broader discussion, that’s a whole other problem, but in sidecar utility scripts? not much worse than writing a Bash script (which can often end up write-only anyway) IMO
I have used it before at work to implement external functions for Db2, which has a C API, which is very easy to use with Zig: import the C headers, write your code, add a C ABI wrapper on top. Using it just as “a better C” in that case.
And while we mostly use “boring” old languages, there are some other things here and there. It’s not entirely rigid, especially not outside of the main projects.
(1) assumes that there is no cost to adding an additional tool chain simply because it’s for a small/self contained utility, which I’d hope people understand is simply not true
(2) you’re not wrong about tooling conservatism, but that’s because of your statement (1) being false - adding new tools has a real cost. The goal of a project is not to help you learn new things, that’s largely a happy coincidence. More to the point you’re artificially limiting who can fix things later, especially if it’s a small out of the way tool - once you’re gone if any issues arise any bug fix first requires learning a new tool chain not used elsewhere.
At least in my own domain (stuff interacting with other stuff on internet) I could say the same thing about Go, or most languages that aren’t Java/JS/C#/PHP/Python/Ruby. Maybe we will get to live in the 90’s forever :)
I am not a Zig user, but a Go user, yet I disagree about the team part.
In my experience that’s not really true, and my assumption here is that this is because it’s not just fewer people looking for a job using language X, but also fewer companies for these developers to choose from.
More then that I’d argue that the programming language might not be the main factor. As in that’s something you can learn if it’s interesting.
Of course all of that depends on a lot of other context as well. The domain of the field that you’ll actually work on, the team, its mentality, frameworks being used, alignment of values within the profession and potentially ones outside as well.
I also would assume that using Zig for example might make it a lot easier to find a fitting candidate when compared to let’s say Java where you night get a very low percentage of applications where the candidates actually fit. Especially when looking for a less junior position. Simply because that’s what everyone learns in school.
So I think having a hard time finding (good) devs using Zig or other smaller languages (I think esoteric means something else for programming languages) is not a given.
I don’t think that Zig can be a Go replacement for everyone, but if you are comfortable knowing what lies behind the Go runtime, it can be. I can totally see myself replacing all of my usage of Go once the Zig ecosystem becomes mature enough (which, even optimistically, is going to take a while, Go has a very good ecosystem IMO, especially when it comes to web stuff).
Zig has some nice quality of life improvements over Go (try, sane defer, unions, enums, optionals, …), which can be enough for me to want to switch, but I also had an interest in learning lower level programming. If you really don’t want to learn anything about that, I don’t think Zig can really be a comfortable replacement, as it doesn’t have 100% fool-proof guard rails to protect you from lower level programming issues.
I “agree to disagree” on many of the listed issues, but one of them sincerely piqued my interest. Coming from Go and now Rust (and before C, C++, and others), I am actually honestly interested in Zig (as another tool in my toolbox), and tried dabbling in it a few times. However (apart from waiting for better docs), one thing I’m still super confused by and how I should approach it, is in fact error handling in Zig. Specifically, that Zig seems to be missing errors with “rich context”. I see that the issue is still open, so I assume there’s still hope something will be done in this area, but I keep wondering, is this considered not a pain point by Zig users? Is there some established, non-painful way of passing error context up the call stack? What do experienced Zig devs do in this area when writing non-trivial apps?
I see that the issue is still open, so I assume there’s still hope something will be done in this area
You are right, no final decision has been made yet, but you will find that not everybody thinks that errors with payloads are a good idea. They clearly are a good idea from an ergonomics perspective, but they also have some other downisides and I’m personally in the camp that thinks not having them is the better choice overall (for Zig).
Cool post, big thanks!!! It gives me an understandable rationale, especially making sense in the context of Zig’s ideals: squeezing out performance (in this case esp. allocations; but also potentially useless operations) wherever possible, in simple ways. I’ll need to keep the diagnostics idea in my mind for the next time with Zig then, and see what I think about them after trying. Other than that, after reading it, my main takeaway is, that I was reminded of a feeling I got some time ago, that errors & logging seem a big, important, yet still not well understood nor “solved” area of our craft :/
I used zig-clap recently, which has diagnostics that you can enable and then extract when doing normal Zig error handling. I think that’s an okay compromise.
And easier than all those libraries that help you deal with the mess of composing different error types and whatnot.
I feel like I run into shadowing issues, and then there’s things like where you’re assigning to err a bunch of times and then you want to reorder things and you have to toggle := vs =, or maybe you do err2, err3, etc. In Zig all that error-handling boilerplate is gone and operations become order-independent because you just try.
And don’t get me started on the fact that Go doesn’t even verify that you handle errors, you need to rely on golangci-lint for extra checks the language should do…
Edit: ohh yeah part of what I meant by “scoping” was also “visibility” rules. It’s so dumb that changing the visibility (public/private) of an identifier also makes you change its name (lowercase vs uppercase initial letter).
I have this weird problem where I’m simultaneously excited and compelled by rust (open! memory safe! community! cute crab!), and disgusted by it (magic operators? borrow checker? error boilerplate?)
can anyone recommend a solid, simple place to start? every time I read Rust I feel like I’m looking at a Rails codebase.
I just went through the Programming Rust book (O’Reilly) and thought it was really well done. I would recommend reading it before the “official” Book.
I was familiar with the type system features (generics, traits, etc.) — I’m one of those people who says “oh, it’s sort of a monad” — so it was mostly the lifetime stuff I had to contend with.
I would describe the barrier by saying that in C++ you can make any data structure you want and it’s up to you to ensure you follow your own rules on things like ownership, immutability, passing between threads, etc. Whereas in Rust, you tell the compiler what you’re going to do, it checks whether that makes sense, and then insists that you actually do it. But compilers are dumber than people, so you can come up with a data structure that you “know” is fine, yet you cannot explain to the compiler so it can prove that it’s fine. You have to work within the model of “move by default” and unique/shared references that is quite unlike the C++ assumptions.
Your choice at that point is (1) just relax, clone it or use a reference count or whatever, those wasted cycles probably don’t matter; (2) use a different data structure, and remember there are lots of good ones waiting for you in the library; (3) go ahead and do what you want using a minimal amount of unsafe code and a thorough comment about the safety guarantees you put in but couldn’t express to the compiler. (Number 3 is what the library code does that you should be using.)
Once this clicked, I started to really enjoy the language while working through Advent of Code and various toy problems.
Admittedly, beginner and intermediate resources are a bit of an ongoing problem that the Rust community is working to solve, which this article is meant to be a small part of. Apart from the book, which is great but can be a bit overwhelming at first, a good place to start is Rust By Example, which is a tad more practically oriented.
Seconding, thirding, and fourthing the Programming Rust recommendation, notably the 2nd edition. I struggled with other attempts at learning Rust before (incl. The Rust Book), and the O’Reilly one was a breakthrough for me, suddenly I seemed to not get blocked by the language anymore afterward. (I still get slowed down from time to time, but I seem able to find a more or less pretty/ugly workaround every time, and thus I now feel I am in the intermediate phase of honing and perfecting my skills.)
As for your “excited and compelled” note: my areas were a bit different, but what made me finally accept Rust’s downsides, was when I eventually realized that Rust manages to be very good at marrying two things, that IMO were previously commonly seen as opposites: performance + safety. It’s not always 100% perfect at it, but really close to that. And where it is not, it gives you a choice in unsafe, and notably that’s where you can see some sparks flowing in the community. (That’s because two camps of people previously quite far away from each other, are now able to successfully live together as a Happy Family™ — just having occasional Healthy Family Quarrels™.)
As for error handling, as discussed in the OP article, personally I’m quite confused by two things:
Why not use the thiserror & anyhow libs? I believe reaching for them should be the initial instinct, only possibly hand-unrolling the error types if and only if run-/compile-time performance is found to be impacted by the libs too much (iff proven through profiling). Notably, thiserror & anyhow are described in the Programming Rust, 2nd ed. book, which was one of the reasons I evaluated the book as worth reading. And the creation of those two libraries was a notable argument for me to try learning Rust again, precisely due to how they kill error boilerplate.
Why does the article recommend and_then over the ? operator? Wasn’t ? introduced specifically to combat and streamline callback-style code required by and_then?
I briefly pointed out the existence of crates that can reduce the boilerplate in the article, though I didn’t name any, because I decided it was beyond my ideal scope. I didn’t want to write an entire expose on Rust error handling, because many others had done that better than I ever could, but rather a short and accessible guide on combinators, which are often neglected by people just getting comfortable with Rust.
I never recommended and_thenover?, they’re not mutually exclusive. Sometimes, coming up with names for every individual step’s outputs can be a bit difficult, or a bunch of steps are very tightly logically related, or you simply want to avoid cluttering the code with too many ? operators that can be a bit hard to notice sometimes, especially within as opposed to at the end of a line. I perhaps should have worded myself a bit better, but overall I think and_then simply serves as a good motivator for a reader to go look at the rest of the more specific combinators in the Result type, and I never implied it would at all replace ? in most Rust code.
It walks you through the same things as the The Rust Programming Language, but programmatically. I tend to learn better by doing, so it works for me. But the “puzzles” can be cryptic if you don’t use the hints.
can anyone recommend a solid, simple place to start?
I started on Rust doing last year’s Advent of Code. It was tremendously fun, and TBH a much softer learning curve than i imagined. It helps that the AoC challenges can usually be solved by very straightforward algorithms of parse input -> process data -> output, so i didn’t really have to “fight the borrow checker” or even think about lifetimes. And also Rust standard library and docs are excellent.
I think only on one of the problems i got a bit stuck by Rust’s semantics and i had to learn a little bit about lifetimes. I tried modelling that problem in a more OO way, in the usual “graph of objects” way. Turns out, that’s usually not a very happy path on Rust, as you suddenly have to consider lifetimes seriously and the “who owns who” problem. Still, nothing that a coat of Rc (reference-counted pointers) on all those objects could not fix. And the problem could also be solved using a built-in data structure and some indexing, instead of having objects that point to each other.
Anyways, i digress, my point being that i found Advent of Code an entertaining and effective way of approaching the language for the first time :)
Rust has good PR, but when it comes down to brass tacks, most of the truly innovative stuff is still written in C. Maybe Rust will eventually dominate over C. But it’s been 8 years already. It’s also possible Rust will end up like C++ or Java. Only time will tell. I’m in no rush to learn the language.
Replacing C in our current infrastructure is a totally impossible task, especially in 8 years. I don’t think Rust needs to replace C to be meaningful and useful apart from any hype.
I am employed to write C. I would prefer to be writing Rust, but BIND is critical infrastructure that needs to be maintained. I think it’s more true that C and C++ will continue to be used because of inertia, in terms of programmers’ skills and existing code. But you are right that this inertia will often get rationalised as a good idea, rather than due to the more realistic expense of change.
For your usual suspects, see: https://webring.xxiivv.com
This is awesome! Making a PR to add mine. Thanks much.
I didn’t know about this. This is a gem.
Is the main reason to use this over GitHub’s own search is that it works without being logged into GitHub?
I work on GitHub code search. Grep.app is a great product and I really love their UI and how fast it is.
Comparing it to GitHub code search, we index more repositories (like, over 100 times more) and you can request any repository be added to the index by performing a search and waiting a few minutes. However, you do have to be logged into GitHub and we only support repositories hosted on GitHub.
The new code search is great, congrats on it! But your company is getting creepier and creepier every year, so I’ll start decoupling my work from github.com, and welcome any software that will help me in that journey.
FWIW, historically, this service was created years before GitHub’s own search started supporting regexps.
As to what are its advantages now, I’m not 100% sure; there may be some (like what you wrote, maybe).
Putting aside the discussions of attitude, I’m curious on technical side, is it actually possible to have those “profiles” really working? Like, could the compilers somehow get to a point where just slapping
[[enforce(memory_safety)]]would somehow automagically error-out on any memory-unsafe code? What would be the specific rules that would work by enforcing? Something like Rust’s tree-like memory tracking? Some new kind of smart pointers? What would “memory_safety” actually mean in such a “profile”?Would we also get an
[[enforce(ub_safety)]]trigger?OTOH, would that feature let me write Python-/JS-like dynamically-typed code if I slap
[[suppress(type_safety)]]somewhere? Can I get TypeScript-like gradual typing then? Would that open doors for some new libraries for working more loosely in this regime?I do since some time ago yearn for a cool practical language that would be “gradually typed” all the way, such that it could let me start by writing a fast-and-loose PoC in a dynamically-typed dialect, then allow me to slowly enable static typing in most/all of the codebase to improve stability and iron out corner-cases, then to finally selectively enable theorem-prover-/TLAplus-/formal-methods-level strictness in some areas of critical importance/security. If C++ was to become that language, I must say I would be honestly surprised, and that could make me consider looking at the language once again. (Though with a huge practical concern whether any of the shops where I worked, that years ago already had tons of warnings show up on any compilation, would ever care to pay more than lip service to those “profiles”.) But my most itching question at this moment remains - is that “profiles” idea actually anything more than just a beautiful pipe dream and unicorns-farting-rainbows-grade wishful thinking? Is any of that realistically in any way doable - in C++?
See the lifetime safety profile, which has been partially implemented already. https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1179r1.pdf
Oh, wow, the examples are indeed impressive, thanks for sharing the link!
Hmm, there’s a lot of details in the temporary draft of release-notes; those might be relevant to Chez insiders, but feel overwhelming to a layperson like me; would anyone more knowledgeable care to summarize some highlights, and explain them to outsiders with some context?
About 5 years ago, the Racket developers decided to replace their compiler and runtime (mostly written in C) with Chez Scheme (mostly written in Scheme). This required some changes to Chez to make it work more like Racket, so the Racket developers made a friendly fork so that they could work on the adaptations without disrupting mainline Chez, with a view to reconverge when possible. There are details in their experience report tho I don’t know of a good summary of what has happened since then to get them to this point. There was a series of Racket-on-Chez status blog posts, but the last one was 2021.
I took a brief skim, look like a broad collection of performance optimizations, as well as new features that Racket had added for their rebase onto Chez scheme. Section 2 covers them – everything from new platform support, a new machine-independent platform for easier bootstrapping, various datastructures and procedures that Racket needed, etc.
Two questions, I didn’t seem able to answer them after skimming the text twice:
The code seems to be a part of the CakeML repo: https://github.com/CakeML/cakeml/tree/master/pancake.
As far as how to use the compiler:
So the compiler is actually developed in a proof assistant - HOL4 in this case. That means that you can write Pancake source inside of the proof assistant and prove properties about it. They also bootstrapped a traditional (binary) compiler inside of the proof assistant, which you can compile programs with, but the binary compiler can’t be used to write any proofs about a source program.
I’m not sure if they provide a link between the two, but the link is conceptually simple: there’s a direct (conceptual) translation of source code in the proof assistant to source code in a text file to be consumed by the binary compiler.
And to add: this is why CakeML is awesome. You can prove properties about your source code, and there’s also a path to execute it. I personally think this workflow will see a growing amount of usage in coming years, the tools just need a bit more refinement.
Thanks a lot! I haven’t actually played with theorem provers at all yet, only read a bit about one or two, so I certainly don’t feel confident in this area. As such, may I ask if I correctly understood this from your answer: it seems that I can:
That sounds right. It’s worth mentioning that you don’t technically have to use a separate compiler in step 4, that compiler was just extracted from the theorem prover logic for performance reasons. Theorem provers can generally evaluate code, so the compiler is defined and can be evaluated there.
You can see how a piece of source code gets parsed into a format that the theorem prover can read here: https://github.com/CakeML/cakeml/blob/master/pancake/parser/panConcreteExamplesScript.sml#L262-L300. The binary compiler can take that same source code as input.
It would be really cool if you didn’t have to shuffle the source around between two tools, and there was one integrated workflow for it.
Can I see somewhere what’s the result of what this generates? The readme seems to explain some steps of what I should do - but what’s the outcome that this will give me? Why would I spend time to follow those steps? I don’t seem to clearly see a demo, am I missing something?
It seems to add some PNGs to your profile’s README, like so.
https://github.com/antonmedv/antonmedv/blob/master/README.md
Link 404s
Fixed.
Thanks!
True, I will add some demos.
As the author of rsrc, happy to see it’s still useful and somewhat working after some 10 years since first created! 😊
We need something like this for Rust (if it doesn’t already exist - I haven’t looked into it lately). I maintain winresource since the original maintainer abandoned the winres crate. However, it does depend on Windows SDK or Mingw. It would be nice to have a plain Rust solution. But then we’re writing another resource compiler - and do we really want that? Even old and well-established resource compilers contain various questionable behaviors. There is a lot of ugliness and decades of legacy under the hood, it’s a miracle that these things work at all.
I think I recall seeing an issue about it recently somewhere in Rust repos. IMO, the thing here is, how much of
windresfunctionality is really needed. I feel that requiring it to be 100% ofwindresfunctionality, even including the quirks, makes it a (potentially unnecessarily) huge effort, per the Pareto Principle/rule of diminishing returns. I think I even commented with a link to rsrc, but got some response thatwindresprovides so much more than rsrc. Sure, but if you reduce your goal, there’s a bigger chance you may actually get it working in reasonable time. And later someone can always try incrementing on it. Unfortunately, I myself won’t do this, as I already have way too many hobby projects, and for this one I already lost my motivation to the extent that I can’t get myself to actively maintain this project :(I agree, you don’t have to support everything. I think the minimum feature set that I would want for a Windows resource is shown in the image that I made for
winresource. With this, your Windows executable looks reasonably professional.That was what I more or less thought I would like to add to
rsrcas well, but ended up losing interest and motivation/personal itch before that happened. That said, there’s a kinda fork/inspired project that added some properties like this, at: https://github.com/tc-hib/go-winres - I link to it from rsrc’s readme.I’m curious, how does it differ from using the Microsoft resource compiler and linking it in? Does Go use a special linker? Or is it just about being a little bit more convenient?
Just a little bit more convenient (i.e. not having to download the whole MSVC or Mingw toolchain; and also still working fine from Linux if you cross-compile).
You can find it even more appropriate when you realize that Lua actually evolved from a config language. In short, its authors kind of avoided “Greenspun’s tenth rule” by quickly noticing that it’s where they seem to be going, and thus just implementing a proper programming language.
I wish there was example code for the
part. I guess a lot of lua_getglobal; gettop; tonumber/tostring/etc calls?
It seems like in your real code you’re doing a lot of getglobal; luaL_optstring(-1), which I guess means -1 can be used for the top of the stack.
I know that I can just go read the docs but coming at this from the perspective of “ok convince me to use Lua as a config language if I am not already familiar” the consumption of the config is an important part of the story IMO.
You will abstract the interaction with the Lua interpreter away by providing an API for configuration file handling. I’m using Lua as a configuration format for a collection of more than 20 programs, and it works great. Additionally, it was trivially easy to add Lua as a scripting language to some of the programs. However, Lua has more benefits:
WARNINGthan to remember the numeric value of the level.Sure, I am just interested in what that looks like. Because Lua is a programming language the api to consume it naturally has a bigger surface area than a json or yaml or ini file or toml etc. The post goes into the boilerplate of loading the file, but stops short of showing what observing and acting on a configuration element looks like.
That feels more like a threat than a benefit 😅
Like, I’ve been in the position of “shit, if only this configuration was more flexible, I could avoid tons of boilerplate”, but I also seem what happens when, let’s call them less-detail-oriented people, get a hold of a feature intended for flexibility and use it to summon Satan and Cthulhu and shove them in an octagon.
IIRC, you wouldn’t need gettop after getglobal, it should be just:
That is because lua_getglobal already pushes the value on top of the stack, and -1 is the index of the value on top of the stack. That said, you may want first to check if the value is actually a string, or maybe a nil for example (if “someconfig” was never assigned to). See e.g. lua_isstring.
AFAIU, luaL_optstring is only for use in functions (callbacks) called from Lua, and I think -1 is not allowed in those - the index in luaL_optstring is called “arg” and described as “function argument” in the docs, not “index on the stack”.
edit: I’m somewhat confused why in the article they made it a global to be honest; it should be perfectly fine to define
lua_State *Linside your local function, especially if it’s only used there to read the config. It’s totally normal, I’d say default, to create a localLand pass it to various helper functions.There are only three places I use
lua_gettop()when reading the configuration from Lua. One is inlua_absindex()(only defined for Lua 5.1, which lacks that function), and the other two when reading a Lua table (from a table passed in—lines 626 and 681) to track the location of the table on the stack. I could skip the use oflua_gettop()and manually track the indexes, but (I thnk) the code is clearer this way.Also, if
luaL_optstring()only worked in callbacks, then this code wouldn’t have worked at all. And it’s works for Lua versions 5.1 or higher. You might be taking the “arg” name a bit too literally. It, like nearly all other Lua functions, takes an index value, which can be positive (absolute stack position) or negative (relative to the top of stack). Also, in Lua, function arguments to “callbacks” are on the Lua stack.I made the Lua state a global to simplify the example. Yes, you can define it locally, but then all the error paths would have needed to clean up the Lua state. I thought it was clear from the post that the cleanup should happen when the program exits. If I made it local (which it originally was), then people would complain about leaking resources in the error path, and I didn’t want to clutter the code with too much error handling.
Ok, I may totally be wrong about
luaL_optstring, didn’t really check its source! That said, what do you mean by “this code”? I don’t seem to seeluaL_optstringin the linked article? Am I missing/overlooking something?Well, were did you get
luaL_optstring()from then? The code whereluaL_optstring()is used is linked to in the article (in a parenthetical), and I even linked to it in my comment above.I got it from lcapaldo’s comment above; in fact, I was quite confused where they got it from 😂 I didn’t realize it might be in some link 🙂
I just applied to Canonical a few days ago, and got a rejection email today. No idea why. You rarely know (but some companies do tell! I respect those very highly!). Did I have a typo in my CV, or some field of the application form, which they found “unprofessional”? Did they honestly not find me a good fit for the position? Did someone in the hiring review path have a worse day? I learnt to try hard to treat hiring as a lottery and not try to agonize over rejections. I did have cases in some processes where I reached a really smart interlocutor, we had a great discussion, I got rejected, and it made clear sense in this particular case, and I respect them all the higher. Those ones can give me food for thought, although they also tend to hang on some bigger area of expertise that I just didn’t luck into exploring in my career; and I don’t think I can easily and quickly catch up with to such an extent that I could demonstrate the air of fluent expertise at in a short interview slot. I also had interviewers who clearly seemed to want me to recite verbatim the particular list of bullet points from some or other set of “good practices” like “Clean Code” etc., and frown if I showed the audacity to discuss that there are always exceptions and nuance. Please note that I totally don’t claim I would be a good interviewer, or know how to do this well; on the contrary, I am quite dubious of that.
Interestingly, I also had a few times in my career where before some stages of the interview the company suggested a list of books and resources to help prepare for the discussion, and not some “how to interview well” ones, but really concrete “how database internals are built” ones. That really feels to me like someone putting an effort into helping me prep for the particular interview, and what might be expected of me. If I am a fast learner, I can read the book, understand it, and be ready for your needs. A win-win for both sides!
Curiously to me, I found the Canonical’s application form in particular very surprising, in that it is the only one I ever seen that asks me questions like in which Top N% percentile of pupils my high school final score/grading was. And this is a mandatory position in the form. Like I remember much of my high school after 15 years in the industry; not to mention that we didn’t actually have or know that kind of statistics at my country. Is this why I was rejected? Who knows. Don’t see a mention of that one in the linked blogpost.
From running, enduring, and observing several rounds of hiring:
All of these of course have exceptions, of course–if you spent a few years at a defense contractor I’m not going to be too surprised if you don’t have a lot of public source code.
As you point out, there are many employers who
It’s not at all limited to defense contractors.
The larger problem with using public code as a signal is that it puts people at a disadvantage if they don’t have the time or energy to publish projects outside of work. Lots of people have caregiving responsibilities that don’t leave them time for outside-of-work work, and a hiring process that values a well-stocked GitHub profile implicitly devalues parents and other groups.
I read it charitably as “usually” and “signal” doing a lot of heavy lifting. I.e., no public code won’t instantly disqualify a candidate, but will be a nail in the coffin if there are other negative signals. Which I think is valid.
Right, so in a heads to heads comparison between two candidates you’ll choose the one without kids? Or you’ll favor the young one over the older, because the older one “can’t show what code they’ve been writing because of having an actual job” whereas the young one can more easily point to work done in public recently?
Like you understand “can have publicly listed code” is going to be significantly biased by age, right?
Similarly the way a lot of women are treated on line means many intentionally limit their public presence, so I suspect you’ll get gender bias there as well.
Sounds convenient!
The problem with @friendlysock’s approach with regards to the public code is that a lack of a positive signal is not the same as a negative signal.
Lacking a positive signal means that the things you could have learned (in this case: code quality, motivation to code off of work hours, etc) you have to learn from another way.
A negative signal is something that is either an instant disqualification (a belligerent public online persona) or something that needs to be combatted by more positive signals (a spelling error on the resume might be mitigated by a long-standing blog that communicates clearly).
For most companies/positions, using lack of a Github profile shouldn’t be considered a negative signal unless the position is something like “Open Source Developer Evangelist”.
And I agree with @olliej’s reply below that a lack of a Github profile isn’t a great filtering measure, even if you are so flooded by resumes that you need some kind of mass filtering measure. Here are some reasons I wouldn’t use it as a first filtering mechanism:
Bingo. In practice, I almost always ask about it–some people just have private hosting or whatever, or have some other reason.
The thing I also think a lot of people miss is: I had over a thousand (no joke, 1e3) applicants for a junior position I opened up. When you are trying to plow through that many applicants, applicants without easy code to show their talent are automatically lower priority in the heap than those with.
… so you looked all the code from those folk, or you just went “does/does not have a GitHub profile” as a filter?
Again, this seems like a really good way to discriminate against people who are lower income, have families, etc. Not intentionally, just that that is the result of such filtering.
For example, when I was at uni there was a real sharp divide between people who did open source work and those who did not, and it was super strongly correlated with wealth, and not “competence”. It’s far easier to do code beyond your assignments and whatnot if you don’t also have essentially a full-time job, or you don’t have children to care for, etc. The person that I would say was the single best developer in my uni’s CS department was also working pretty much every hour outside of uni for his entire time there. By your metric they would be worse than one of the people in my year, who I would argue was far below in competence but did have a lot of open source code and “community involvement” because his family was loaded.
This reminds me of the discussions about how screening résumés with names removed to prevent bias still end up failing because you can tell so much from other clues like someone playing lacrosse in college, or that they went to a HBCU or an all-women’s college, etc.
Notes for people outside the USA, a HBCU is a “historically Black college or university”.
Software development is a qualified job – you have to invest something (your time at first) before you can earn money. You read books, follow tutorials, discuss things with more experienced folks, study at university, do your own projects, study existing free software and contribute to it, get some junior job or internship etc. This is all part of preparing for a more qualified job.
How does a university degree requirement differ from taking your own public projects into consideration? Both cost you your time. (not mentioning that diploma is often a mandatory requirement while own projects are just softly appreciated + getting a diploma is a much larger investment than writing and publishing some code, the entry-barrier in IT is very low, compare it also to other fields).
If I ask a candidate: show me a photo of your bookshelf (or list of eBooks), tell me something about your favorite books that helped you grow professionally or tell something about an article you read and that opened your eyes… do you think that it is also bad and discriminatory? Because not everyone has time to study books and read articles…
Another aspect is enthusiasm. The abovementioned activities are not done intentionally to look good for future employer, but because you like them, find them entertaining or enriching.
Then you’re rejecting a lot of excellent people for no good reason. Many (most?) jobs don’t let you publish your work code, put restrictions your ability to contribute to OSS projects, and consider code developed by employees to be there’s (e.g. you need special permission to publish anything). This is in no way restricted to defense contractors, in my experience this is the norm for any case where your job is not explicitly working on OSS software. You may philosophically disagree with these employer’s policies but that still the reality for most developers.
I agree with this. Like programing in MUMPS its not usual to public the code because the type of bussiness
The older I get the weirder this idea seems: evaluating someone for a paid position based on the quality and quantity of work they do outside of the time that they’re paid to do a job as a professional. Does any other profession work this way?
Nobody asks accountants to show audits they’ve run or tax forms they’ve filed in their spare time for fun.
Nobody asks civil engineers to have a portfolio of bridges they built as hobby projects.
Nobody should ask developers to have a “GitHub résumé”.
But if your hiring an accountant and there’s one who runs audits for fun and has a blog with the places where they caught major errors in the audits that they did for fun, you can bet they’d be near the top of the hiring pile.
For a lot of other professions, (especially arts and engineering) there’s a concept of a portfolio: a curated set of work that you bring to the interview to talk through, and which you may be asked to provide up front. With software engineering, it!s easy to make your portfolio public so it can be used earlier in the hiring process.
Nobody has an expectation that accountants or many other professions will have professional-quality work done, for free, on one’s spare time, or suggests that the presence/absence of such should be a significant factor in hiring decisions.
Also, it’s not “easy to make your portfolio public” in software. Out of all the companies I’ve worked for across my entire career, do you know how many of them even have a listing of their main repositories public on a site like GitHub? One, and that was Mozilla. Every other company has been private locked-down repos that nobody else can see. I can’t even see former employers’ repos.
The only way to have a “portfolio” like you’re suggesting is thus to do unpaid work in one’s own free time. Which is not something we should expect of candidates and not something we should use as a way to compare them or decide between them.
In the time it took me to write my comments in this thread, I could’ve signed up for Github (or Gitlab or Bitbucket or whatever) and opened a new repository with a basic Sinatra, Express, or even Bash script demonstrating some basic skill. Hundreds of thousands of developers, millions probably, have done this–and it’s near standard practice for any bootcamp graduate of the last decade.
You don’t have to have a portfolio online. You don’t have to ever do any work that isn’t attached to a billable hour. Similarly, I also don’t have to take a risk on interviewing or hiring you when other people show more information.
This sounds more like a failure in your interviewing process than anything else.
So, look. I’ve run more interviews than I could count or care to remember. I’ve helped design interview processes at multiple companies. I’ve written about interviewing processes and given conference talks about interviewing processes. I am not lacking in experience with interviewing.
And this is just a gigantic red flag. As others keep telling you, what you’re doing is not hiring the best candidates. What you’re doing is artificially restricting your candidate pool in a way that excludes lots of perfectly qualified people who, for whatever reason – and the reason is none of your business and in many cases is something that, at least in civilized countries, you wouldn’t even legally be allowed to ask about in the interview – don’t have a bunch of hobby/open-source projects on GitHub.
I feel I’ve explained my process (including many “this is not a hard-and-fast rule” qualifications) sufficiently well and accurately, and have given honest and conservative advice for people that I sincerely believe will help them get a job or at least improve their odds. If this is unsatisfactory to you, so be it.
I’m not interested in discussing this further with you, good day.
More than that: introspective professionals are valuable. All paid coders should be able to write up some fun algorithms and discover them for a given need, but not all will go above and beyond in their understanding and mentorship.
It’s a useful signal when present. It’s not a useful signal if absent. It’s a very negatively useful signal if all you have on your public commits is messages like “blah” and zero sanity in your repository layout.
I tell people who are learning to code to get blame in other people’s projects, to learn good style and show some useful activity beyond forking a project and uploading commits of questionable value to the internet.
I thought writing software was an art or a craft…
This sounds a lot like people wanting to have it every which way whatever’s convenient.
No, but they do require education and formal credentialing.
Supposedly all these hoops we make people jump through in programming interviews are because the interviewers say they see too many people with degrees and impressive credentials who can’t write a
forloop.If the software certification exams were anything like the CPA certification exams, we wouldn’t need to do nearly as many technical interviews. In other fields getting certified is an ordeal.
Sure. Now, come up with a standardized exam that everyone will agree covers what you need to be hireable as a programmer :)
Other fields managed it: the CPA standardized exam takes 16 hours (not to study, to actually take) and the architecture ARE takes 22 hours.
Or we could not throw software engineers through that kind of meat grinder and stick with using other signals, like portfolios and technical interviews.
If it were possible to build a single exam that actually did it, I don’t know if I’d mind just because it would end a lot of pointless discussions and avert a lot of horrible processes.
Meanwhile, asking for a “portfolio” or using it to decide between candidates has problems that are well-documented, including in this thread, and I don’t really think we should be perpetuating it. It’s one of those interview practices that just needs to go away.
I’d say that’s not true for any graduate from my university. Many people from the non-CS faculties are even forced through a basic programming course.
Nobody asks artists for a portfolio? Nobody asks engineers for previous specific projects, even if the details are obscured?
The projects one is way more than a job role. The portfolio is often of paid work where there has been a release for a portfolio, or work done outside the office.
I’ve worked for multiple companies that used GitHub for their repositories. If I were applying for a job with you today, and you browsed my GitHub profile, you would not see any of the code I wrote at those companies, or even the names of the repositories.
When people talk about a “portfolio” they always mean code written, unpaid, in one’s own spare time, unrelated to one’s current job, and many perfectly well-qualified programmers either do not do that or cannot do that due to not having the luxury of enough time to do so and make it look good.
Not true. Architects, for example, design many buildings during studies or send proposals for architectural design competitions. Most of that buildings are never build and remained only on paper. And were created in spare time. Guess what such architect would discuss on the job interview… Portfolio of the proposals and unrealized designs is very important.
Doctors spend long time in poorly paid or unpaid work before they gain enough experience. Journalists or even writers have to write pages and pages for nothing, before they earn some money. Music bands, actors, painters, carpenters, joiners, blacksmiths, etc. etc. Actually it is quite common pattern across the society that you have to prove your skills before getting a good job.
Maybe the world is „unfair“ and „cruel“, but if I compare IT with other fields… we have not much to complain about.
Again, nobody expects a civil engineer to have a portfolio of actually completely-constructed full-scale physical real-world bridges built in their spare time for free as hobby projects.
If you want to argue for apprenticeship as a form of education, feel free to, but apprenticeship is different from “do unpaid work on your own time”.
Most open source code exists to ‘scratch an itch’. It’s written because the author had a problem that wasn’t solved by anything that existed on the market today. If you have never encountered a problem that can be solved by writing software in your life then you’re almost certainly in a tiny minority. If you’ve encountered such problems but not tried to solve them, that tells me something about you. If you’ve encountered them and not been able to solve them, that also tells me something.
Yes, it tells you that they’ve encountered such problems but not tried to solve them. Nothing more. You can’t know why someone doesn’t spend their free time doing their day job again for fun. Maybe they just don’t enjoy doing their day job again, which would be terrible, somehow, according to this thread. But maybe they just have even more important things to do than that?
Why guess? What do you think you’re indirectly detecting and why can’t you just ask about it?
As others have pointed out to you repeatedly in this thread, no one is saying don’t ask. But if people encounter problems that are within their power to fix, yet don’t fix them unless they consider it part of their job, then that’s definitely an attitude I’d like to discuss in some detail before I considered making a job offer,
Nobody has pointed out anything to me on this thread before, repeatedly or otherwise.
Everyone encounters problems that are “within their power to fix” and doesn’t fix them all the time. I don’t think that’s hyperbole. We could fix any of them, but we can’t fix all of them because our problem-fixing resources are finite. I take your position to be that if they happen to prioritise the software in their life over any other kind of problem they might encounter that that means they are going to be better at their job. I think this is a bit silly.
For what it’s worth, I get home from my computer job most days somewhere on the mood spectrum between wanting to set fire to all computers and wanting to set fire to anyone who’s ever touched one. I’d love to get a job that doesn’t make me feel like that, and it’s rather frustrating to know that my job sucking all the joy out of computing for me also makes me unqualified to get a better one, at least in the eyes of quite a lot of people here.
Your open source app doesn’t have to look good. It just kinda has to exist, and maybe have a readme. If it works, that’s even nicer.
Accountants are certified. I have a CS degree from a brick and mortar university.
Do you think we shouldn’t hire people without credentials?
Which credentials do you intend to require?
The signal exists. Should it be ignored because other industries don’t have an analogous signal?
What does this mean to you? They’re synonyms to me, so I’ve never really tried to define how they might differ.
This seems a bit of a red-herring to me. I include my GH to show that yes I really know how to program so we can skip the mutually-embarrassing “are you a complete fraud using somebody else’s CV” stage, not to show that I own several interesting repos. I mean, there’s a few in there that I actually started and they used to be things people used. But 90+ percent of “my” repos are forks because that’s how you contribute to many existing projects.
Two things you can do here that are useful:
(answering you and @enn in same place)
I’m used (rightly or wrongly) to resumes being shorter documents that are typically more focused for a particular job, especially in the US. CVs are typically longer, have a lot more detail including coursework, talks, presentations, publications, and other stuff. My understanding is that CVs are also more common in academia, which I’ve never hired for.
Indeed, which is why I also tend to click-through to a few of the repos to see if people have commits or attempted commits in those projects.
There are folks that, if you exclude forks, suddenly go from scores of repos to perhaps less than 10. There are folks I’ve seen who only have a few forks and no source repos of their own, but who have made significant contributions to those forks. My experience is that there are far more of the former than the latter, because the first order signalling is “how many repos do you have on Github” for people that care about such things and that’s how you spoof.
It’s pretty common to use “CV” to mean a complete list of all prior work, education, and awards, and “resume” to mean a one page summary of relevant experience.
If those forked repos are there because the person is contributing to others’ open-source projects, I would argue that kind of work is probably more reflective of the skills that are useful in most professional programming jobs in industry than a bunch of solo projects, however impressive.
Primarily looking for employment. {Just in case: ideally in Rust, OK in Go. I have 15yrs experience as a mostly backend SE, split “officially” roughly: [1y Rust, 7y Go, 5y C++, 2y C#] but in reality started with C++ & Asm in primary school, and started with Go in 2009 (official contributor since 2011, pre-1.0). Based in EU. See also: https://github.com/akavel. I’m picky though esp. as to the domain, needs to be something I see as constructive/useful for people. You can contact me here or via mastodon: @akavel@merveilles.town}
Other than that, kinda playing with trying to set up a blog — rendered with a simple custom ad-hoc Rust+Lua SSG (based mainly on the brilliant idea of HTML manipulation stolen from https://soupault.app), hosted on a NixOps-managed VPS. Also solo-fudging with the Shadows of Brimstone: Forbidden Fortress dungeon crawler board game.
Two more or less related thoughts on this:
Regarding that “The comments are duplicative (…)” and people “may” — which is better spelled will — forget to update them: I try hard to reduce the number of in-comment references, especially “as a rule” of those going “up the dependency tree”. Instead, I take a solid effort to “turn my mind around” and try to describe what the thing is by itself, as if the other thing did not exist at all. Like, when describing
SafeCommand, to think of it as ifRunCommandwas never to be. The first instinct may be that it’s hard or even impossible — but that’s just laziness and looming deadlines singing their siren song of seduction. When I let go of the thought that “it can’t be done without referencing RunCommand”, I start to actually try to think and describe what SafeCommand really is in its very core and meaning. In other words, I start actually writing a good documentation comment.In this particular example case, after I quashed my thought of “not possible to describe without RunCommand”, my mind started going in the direction of something like: “SafeCommand is a Linux command that we know is safe to run against risks Foo and Bar when called with arguments ‘woop’ and ‘boing’. A SafeCommand is important in scope of package blargh because it consumes blargh and emits rainbow farts useful for further processing.” You see? No reference to RunCommand at all, but an explanation of why it may be useful for someone in package blargh (where it is defined) instead. (Package blargh is intrinsically referenced by SafeCommand’s very existence in it. It need not be even spelled out in the commend, I just did it because it’s hard to show the file’s path in this post. But in Go the package name is really a part of a name of every entity defined in it, and that matters.) On the other hand, RunCommand already references SafeCommand in its argument list, so it may not even be necessary to duplicate that in the comment — a common Go documentation practice in the standard library is to only reference the argument name in the godoc comment — and that in fact is what the article author already did at that point in the text.
Kind of tangential — and at a glance maybe already exemplified by the article — is that a cool trick I found for Naming Things (esp. funcs, structs, and fields) in Go, is to first use some quick name; then, write the actual function code; and finally, write a documentation comment for the function/entity, thinking about it as if the function/entity was not named at all. Thus, don’t try to make the godoc fit the name of the function, but instead just consider the current name as a temporary placeholder, and focus on writing the most accurate godoc. Then, more often than not (though possibly after a few rewrites/redactions of the godoc to make it even better), I found that the first sentence of the comment basically contains 1-3 words that will make a really great name for the function.
Okay, but it’s not a Mastodon instance. It’s a static ActivityPub instance that’s extremely Mastodon-compatible…
It’s actually a lot closer to what I want: a way of publishing a static blog that makes it easy for Mastodon users to follow.
The follower count is interesting. The article notes that Mastodon doesn’t check it but misses the fact that Mastodon can’t possibly check it. In a federated system, a single instance shouldn’t let untrusted instances see who on that system is following people for privacy reasons (and may also want to avoid sharing aggregated information if the activity is anonymity sets are sufficiently small). Even if it did, there’s nothing stopping me from creating a Mastodon instance with 10,000,000 accounts all following one person.
It might be interesting to do some kind of aggregated thing of ‘these 20 instances all have 100+ followers of this account’, presenting something signed by each of those servers’ private keys, which would suggest that a person has a broad set of followers. You could trivially fake this by having a single machine host 20 domains, but then other instances can rely on their own reputation rankings for the following servers and so ignore ones where no one on your instance is following them and so on.
I guess ‘number of followers’ has become important for ‘influencers’ and so Mastodon needs to present this number, but hopefully the ease with which it can be faked will make it fall out of use if Fediverse things take off.
It’s a shame that there isn’t something in the various Fediverse protocols for privacy-preserving aggregated analytics, where small instances can nominate one or more systems that will track their reputation and share it with other instances.
ActivityPub really feels like a step back from RSS/Atom if your use case is hosting a static blog. Instead of just publishing a static XML file, now you need a server that can respond dynamically according to a much more complicated protocol. The server also needs to persist data (the list of followers) and it needs to hit a bunch of other servers whenever the blog is updated.
This model seems way worse for privacy, too. Following an RSS feed is inherently semi-anonymous, and you can specify your own User-Agent header and use a proxy/VPN if you want to blend into the crowd even more. Following an ActivityPub-based blog without exposing your identity would require even more work than is described in the OP.
Agreed. I publish a blog, like a normal person, and I wrote a janky Perl script to echo the RSS content to a fedi account. If you know Python you can even dispense with the jank!
Trying to force SSG blogging into the mold of current ActivityPub just feels like a roundabout way to get a dead blog in a couple of months.
It’s not that much harder, you can just keep polling the outbox like you’d do with an RSS feed. And on the plus side you don’t have to deal with XML and you can paginate instead of getting cut off at an arbitrary number of items.
curl -s https://universeodon.com/users/georgetakei/outbox\?page\=true | jq -r '.orderedItems[]|select(.type=="Create")|[.published,.object.content]|@tsv'|sed -e 's/<[^>]*>//g'Now that you mention it, I think I remember that Mastodon offers a ready-made RSS feed of a user’s outbox?
Still, though, (1) that statement is true for Mastodon, but probably not for most other ActivityPub software, and (2) even if readers can consume RSS just like they would for “static site” blogs, there’s still a lot of complexity for the publisher.
Personally, what I’m interested in, is what you wrote (easy for Mastodon users to follow), plus comments via Mastodon. Meaning, I’d like to make it easy for Mastodon users to post replies to my blogposts, which would then be automatically appended into the HTML of the blogpost (that they replied to) as comments. Such that afterwards the page with the comments could still be served as a static HTML.
Perhaps obviously, it would also need some HTML sanitization, rate-/capacity-limiting, and moderation tools. For moderation, hopefully some kind of a static blocklist of users & servers, checked before appending the comment, might be enough? (Plus a way to purge any matching already-appended comments when I add new entries to the blocklist.) Then, hopefully, the capacity limit would be just a failsafe until I add the offending spammer to the blocklist.
Is it prefix-only search? When I enter
frameworin the default UI on pagefind.app, I get 1 result withframeworkword highlighted; however, when I enterramework, I get “No results”. Also, can it do fuzzy-search? When I enterframywork, I don’t get the same result as forframewor.Currently prefix-based, yes.
The low-bandwidth attributes of Pagefind rely on sharding the search index by prefix, so in a search for
rameworkPagefind will load the index chunk for something likeram*.I have some ideas for slightly improving this area and adding some typo tolerance, but the goal of staying very low bandwidth somewhat precludes fuzzy searching, as the fuzzier you get the more of the index you need to load.
For example, using https://mdn.pagefind.app/ as a reference: Excluding Pagefind’s assets itself I can search for
frameworkand load results in 80kB — but the total index for MDN is ~15MB, and to do a full fuzzy search you’d need to load most of that.( For
framyworkit’s probably trimming it back toframto find results. this case could and will be improved since in doing so it has likely loaded the shard of the index containingframework. )How about sparklines?
I had some fun with that https://i.imgur.com/eGKs5aG.png
I tend to like to recommend https://aip.dev as a great recommendations set with lots of hard-learnt lessons baked in. (Though many of the ones in the OP link are not there yet.)
Exciting times.
I’ve been sneaking it in at work to replace internal tools that have 1.5 second startup delay and 200+ MB on runtime dependencies with fast, static little zig exes that I can cross-compile to every platform used in the workplace.
I find your story more flattering than any big tech company deciding to adopt Zig. Thank you very much for sharing!
My impression of Zig and you all who are behind it has been that you care about these use cases at least as much as enabling big complex industrial applications, and not only in words but in action. :)
I actually started out with Rust, which I thought would be more easily accepted. I work in the public sector and tech choices are a bit conservative, but Rust has the power of hype in addition to its nice qualities, and has some interest from techy people in the workplace.
But then the easiest way to cross-compile my initial Rust program seemed to be to use Zig, and I didn’t really want to depend on both of them!
Seems like Go would be a natural choice. Far more popular than Zig and cross-compiles everywhere. Why Zig?
Not OP, but I can’t stand programming in Go. Everything feels painful for no reason. Error handling, scoping rules, hostile CLIs, testing, tooling, etc.
My greatest hope for Zig is that I can use it to replace Go, not just to replace C.
@kristoff what’s your take on that? Given that Zig has higher-level constructs like async/await built-in, with the support of higher-level APIs, are there reasons programming in Zig can’t be as convenient as programming in higher-level languages like Go?
I’m not going to argue with that but if you’re my report and you’re building company infrastructure in some esoteric language like Zig that will be impossible to find team members to maintain said infrastructure after you leave, we’re going to have a serious talk about the clash between the company’s priorities and your priorities.
OP said “sneaking in at work”. When working in a team, you use tooling that the team agrees to use and support.
Oh, can’t disagree there. I’m just hoping that someday I can replace my boring corporate Go with boring corporate Zig.
Two half-baked thoughts on this:
small, well-scoped utilities should not be hard for some future engineer to come up to speed on, especially in a language with an ever-growing pool of documentation. if OP was “sneaking in” some Brainfuck, that’s one thing. Zig? that’s not a horribly unsafe bet - it’s a squiggly brace language that looks and feels reasonably familiar, with the bonus of memory management thrown in
orgs that adhere religiously to “you use tooling that the team agrees to use and support” tend to rarely iterate on that list, which can make growth and learning hard. keeping engineers happy often entails a bit of letting them spread their wings and try/learn/do new things. this seems like a relatively lower-risk way to allow for that. mind you, if OP were “sneaking in” whole database engines or even Zig into hot-path app code without broader discussion, that’s a whole other problem, but in sidecar utility scripts? not much worse than writing a Bash script (which can often end up write-only anyway) IMO
Pretty much this, in my case.
The “sneaking” part was not entirely serious.
I have used it before at work to implement external functions for Db2, which has a C API, which is very easy to use with Zig: import the C headers, write your code, add a C ABI wrapper on top. Using it just as “a better C” in that case.
And while we mostly use “boring” old languages, there are some other things here and there. It’s not entirely rigid, especially not outside of the main projects.
(1) assumes that there is no cost to adding an additional tool chain simply because it’s for a small/self contained utility, which I’d hope people understand is simply not true
(2) you’re not wrong about tooling conservatism, but that’s because of your statement (1) being false - adding new tools has a real cost. The goal of a project is not to help you learn new things, that’s largely a happy coincidence. More to the point you’re artificially limiting who can fix things later, especially if it’s a small out of the way tool - once you’re gone if any issues arise any bug fix first requires learning a new tool chain not used elsewhere.
At least in my own domain (stuff interacting with other stuff on internet) I could say the same thing about Go, or most languages that aren’t Java/JS/C#/PHP/Python/Ruby. Maybe we will get to live in the 90’s forever :)
I am not a Zig user, but a Go user, yet I disagree about the team part.
In my experience that’s not really true, and my assumption here is that this is because it’s not just fewer people looking for a job using language X, but also fewer companies for these developers to choose from.
More then that I’d argue that the programming language might not be the main factor. As in that’s something you can learn if it’s interesting.
Of course all of that depends on a lot of other context as well. The domain of the field that you’ll actually work on, the team, its mentality, frameworks being used, alignment of values within the profession and potentially ones outside as well.
I also would assume that using Zig for example might make it a lot easier to find a fitting candidate when compared to let’s say Java where you night get a very low percentage of applications where the candidates actually fit. Especially when looking for a less junior position. Simply because that’s what everyone learns in school.
So I think having a hard time finding (good) devs using Zig or other smaller languages (I think esoteric means something else for programming languages) is not a given.
That’s completely right, and also a bit sad.
I don’t think that Zig can be a Go replacement for everyone, but if you are comfortable knowing what lies behind the Go runtime, it can be. I can totally see myself replacing all of my usage of Go once the Zig ecosystem becomes mature enough (which, even optimistically, is going to take a while, Go has a very good ecosystem IMO, especially when it comes to web stuff).
Zig has some nice quality of life improvements over Go (
try, sanedefer, unions, enums, optionals, …), which can be enough for me to want to switch, but I also had an interest in learning lower level programming. If you really don’t want to learn anything about that, I don’t think Zig can really be a comfortable replacement, as it doesn’t have 100% fool-proof guard rails to protect you from lower level programming issues.How does Zig’s defer work differently than Go’s?
In Go, deferred function calls inside loops will execute at the end of the function rather than the end of the scope.
Oh I didn’t realize Zig had block scoped defer. I assumed they were like Go. Awesome! Yeah that’s a huge pain with Go.
I “agree to disagree” on many of the listed issues, but one of them sincerely piqued my interest. Coming from Go and now Rust (and before C, C++, and others), I am actually honestly interested in Zig (as another tool in my toolbox), and tried dabbling in it a few times. However (apart from waiting for better docs), one thing I’m still super confused by and how I should approach it, is in fact error handling in Zig. Specifically, that Zig seems to be missing errors with “rich context”. I see that the issue is still open, so I assume there’s still hope something will be done in this area, but I keep wondering, is this considered not a pain point by Zig users? Is there some established, non-painful way of passing error context up the call stack? What do experienced Zig devs do in this area when writing non-trivial apps?
You are right, no final decision has been made yet, but you will find that not everybody thinks that errors with payloads are a good idea. They clearly are a good idea from an ergonomics perspective, but they also have some other downisides and I’m personally in the camp that thinks not having them is the better choice overall (for Zig).
I made a post about this in the Zig subreddit a while ago: https://old.reddit.com/r/Zig/comments/wqnd04/my_reasoning_for_why_zig_errors_shouldnt_have_a/
You will also find that not everybody agrees with my take :^)
Cool post, big thanks!!! It gives me an understandable rationale, especially making sense in the context of Zig’s ideals: squeezing out performance (in this case esp. allocations; but also potentially useless operations) wherever possible, in simple ways. I’ll need to keep the diagnostics idea in my mind for the next time with Zig then, and see what I think about them after trying. Other than that, after reading it, my main takeaway is, that I was reminded of a feeling I got some time ago, that errors & logging seem a big, important, yet still not well understood nor “solved” area of our craft :/
I used
zig-claprecently, which has diagnostics that you can enable and then extract when doing normal Zig error handling. I think that’s an okay compromise. And easier than all those libraries that help you deal with the mess of composing different error types and whatnot.Out of curiosity, what issues have you encountered when it comes to scoping rules in Go?
There are gotchas/flaws like this: https://github.com/golang/go/discussions/56010
I feel like I run into shadowing issues, and then there’s things like where you’re assigning to
erra bunch of times and then you want to reorder things and you have to toggle:=vs=, or maybe you do err2, err3, etc. In Zig all that error-handling boilerplate is gone and operations become order-independent because you justtry.And don’t get me started on the fact that Go doesn’t even verify that you handle errors, you need to rely on golangci-lint for extra checks the language should do…
Edit: also as Andrew points out, Go doesn’t block-scope things when it should: https://lobste.rs/s/csax21/zig_is_self_hosted_now_what_s_next#c_g4xnfw
Edit: ohh yeah part of what I meant by “scoping” was also “visibility” rules. It’s so dumb that changing the visibility (public/private) of an identifier also makes you change its name (lowercase vs uppercase initial letter).
Especially since some people write code in their native language(s) (like at my job), and not all writing systems even have this distinction.
I’ve had better results (and more fun) with Rust and Zig in my personal projects, so Go didn’t really cross my mind.
If it was already in use in this workplace, or if there had been interest from coworkers in it, I might agree that it would be a “natural choice”.
Edit: I think it’s also easier to call Zig code from the other languages we use (and vice versa), than to call Go code. That might come in handy too.
Just curious what platforms you’re targeting? x86 vs. ARM, or different OSes, etc.?
The platforms are those used by people in the organisation, currently Linux, Windows, and macOS. Mostly x86, some ARM.
Ah, the golang niche! Good to see :D
Do the other devs all know Zig? If not, seems like a large downside is that tools formerly editable by anyone become black boxes?
To be clear, I hate unnecessarily bloated tools too. I’m just considering the full picture.
They don’t/didn’t, but it’s a quick one to pick up when you already know C and some other ones.
I didn’t know the previous language before I started contributing to these tools either.
It was pretty easy when someone else had already done the foundation, and I think/hope I am providing a solid foundation for others as well.
What’s the delay from? Are these java tools?
It’s node/TypeScript. It used to be worse. :)
I have this weird problem where I’m simultaneously excited and compelled by rust (open! memory safe! community! cute crab!), and disgusted by it (magic operators? borrow checker? error boilerplate?)
can anyone recommend a solid, simple place to start? every time I read Rust I feel like I’m looking at a Rails codebase.
maybe I have rust fomo or something
I just went through the Programming Rust book (O’Reilly) and thought it was really well done. I would recommend reading it before the “official” Book.
I was familiar with the type system features (generics, traits, etc.) — I’m one of those people who says “oh, it’s sort of a monad” — so it was mostly the lifetime stuff I had to contend with.
I would describe the barrier by saying that in C++ you can make any data structure you want and it’s up to you to ensure you follow your own rules on things like ownership, immutability, passing between threads, etc. Whereas in Rust, you tell the compiler what you’re going to do, it checks whether that makes sense, and then insists that you actually do it. But compilers are dumber than people, so you can come up with a data structure that you “know” is fine, yet you cannot explain to the compiler so it can prove that it’s fine. You have to work within the model of “move by default” and unique/shared references that is quite unlike the C++ assumptions.
Your choice at that point is (1) just relax, clone it or use a reference count or whatever, those wasted cycles probably don’t matter; (2) use a different data structure, and remember there are lots of good ones waiting for you in the library; (3) go ahead and do what you want using a minimal amount of unsafe code and a thorough comment about the safety guarantees you put in but couldn’t express to the compiler. (Number 3 is what the library code does that you should be using.)
Once this clicked, I started to really enjoy the language while working through Advent of Code and various toy problems.
Admittedly, beginner and intermediate resources are a bit of an ongoing problem that the Rust community is working to solve, which this article is meant to be a small part of. Apart from the book, which is great but can be a bit overwhelming at first, a good place to start is Rust By Example, which is a tad more practically oriented.
Seconding, thirding, and fourthing the Programming Rust recommendation, notably the 2nd edition. I struggled with other attempts at learning Rust before (incl. The Rust Book), and the O’Reilly one was a breakthrough for me, suddenly I seemed to not get blocked by the language anymore afterward. (I still get slowed down from time to time, but I seem able to find a more or less pretty/ugly workaround every time, and thus I now feel I am in the intermediate phase of honing and perfecting my skills.)
As for your “excited and compelled” note: my areas were a bit different, but what made me finally accept Rust’s downsides, was when I eventually realized that Rust manages to be very good at marrying two things, that IMO were previously commonly seen as opposites: performance + safety. It’s not always 100% perfect at it, but really close to that. And where it is not, it gives you a choice in
unsafe, and notably that’s where you can see some sparks flowing in the community. (That’s because two camps of people previously quite far away from each other, are now able to successfully live together as a Happy Family™ — just having occasional Healthy Family Quarrels™.)As for error handling, as discussed in the OP article, personally I’m quite confused by two things:
thiserror&anyhowlibs? I believe reaching for them should be the initial instinct, only possibly hand-unrolling the error types if and only if run-/compile-time performance is found to be impacted by the libs too much (iff proven through profiling). Notably,thiserror&anyhoware described in the Programming Rust, 2nd ed. book, which was one of the reasons I evaluated the book as worth reading. And the creation of those two libraries was a notable argument for me to try learning Rust again, precisely due to how they kill error boilerplate.and_thenover the?operator? Wasn’t?introduced specifically to combat and streamline callback-style code required byand_then?I briefly pointed out the existence of crates that can reduce the boilerplate in the article, though I didn’t name any, because I decided it was beyond my ideal scope. I didn’t want to write an entire expose on Rust error handling, because many others had done that better than I ever could, but rather a short and accessible guide on combinators, which are often neglected by people just getting comfortable with Rust.
I never recommended
and_thenover?, they’re not mutually exclusive. Sometimes, coming up with names for every individual step’s outputs can be a bit difficult, or a bunch of steps are very tightly logically related, or you simply want to avoid cluttering the code with too many?operators that can be a bit hard to notice sometimes, especially within as opposed to at the end of a line. I perhaps should have worded myself a bit better, but overall I thinkand_thensimply serves as a good motivator for a reader to go look at the rest of the more specific combinators in theResulttype, and I never implied it would at all replace?in most Rust code.If you’re used to TDD, rustlings can be a great resource for getting into the swing of things with Rust: https://github.com/rust-lang/rustlings
It walks you through the same things as the The Rust Programming Language, but programmatically. I tend to learn better by doing, so it works for me. But the “puzzles” can be cryptic if you don’t use the hints.
I started on Rust doing last year’s Advent of Code. It was tremendously fun, and TBH a much softer learning curve than i imagined. It helps that the AoC challenges can usually be solved by very straightforward algorithms of parse input -> process data -> output, so i didn’t really have to “fight the borrow checker” or even think about lifetimes. And also Rust standard library and docs are excellent.
I think only on one of the problems i got a bit stuck by Rust’s semantics and i had to learn a little bit about lifetimes. I tried modelling that problem in a more OO way, in the usual “graph of objects” way. Turns out, that’s usually not a very happy path on Rust, as you suddenly have to consider lifetimes seriously and the “who owns who” problem. Still, nothing that a coat of
Rc(reference-counted pointers) on all those objects could not fix. And the problem could also be solved using a built-in data structure and some indexing, instead of having objects that point to each other.Anyways, i digress, my point being that i found Advent of Code an entertaining and effective way of approaching the language for the first time :)
Rust has good PR, but when it comes down to brass tacks, most of the truly innovative stuff is still written in C. Maybe Rust will eventually dominate over C. But it’s been 8 years already. It’s also possible Rust will end up like C++ or Java. Only time will tell. I’m in no rush to learn the language.
Replacing C in our current infrastructure is a totally impossible task, especially in 8 years. I don’t think Rust needs to replace C to be meaningful and useful apart from any hype.
I think the problem with anything replacing C is that the people left writing C are those that have convinced themselves it’s a good idea.
I am employed to write C. I would prefer to be writing Rust, but BIND is critical infrastructure that needs to be maintained. I think it’s more true that C and C++ will continue to be used because of inertia, in terms of programmers’ skills and existing code. But you are right that this inertia will often get rationalised as a good idea, rather than due to the more realistic expense of change.
Oh yeah, you’re totally right about inertia especially when it comes to large existing projects.