Threads for johnolinda

    1. 2

      I’ve loved Racket as a teaching language for my introduction to functional programming course but I’ve noticed very little production code out there. I’ve never promoted it as a “career” language but I do wonder if I’ll find something else that supplants it that is more practical while still being a great language to teach and learn with.

    2. 1

      I am not exactly sure I understand the issue here. Is the claim that someone with root access to the file system could add payloads to the kernel that would be linked in on the next reboot? And the workaround is to remove the linker?

      And are they also claiming that since each relinked kernel is unique there is no way to check that the new kernel is safe since it will never match a known-good kernel?

      1. 2

        I think that they are trying to claim something about auditing. If your kernel was compromised at some point in the past, it’s useful to know when. For OpenBSD, with their relinking thing, an attacker who gains the ability to corrupt a root-owned file (e.g. via a setuid binary that doesn’t sanitise its environment or other state) can inject a rootkit into one of the .o files. Because the kernel binary changes every boot, even logging the hash of the kernel doesn’t easily tell you when this happened.

        The problem with their analysis is that you need to have secure boot for this attack to be worthwhile. Without secure boot (which Theo de Raadt has previously been opposed to, so will probably not make it into OpenBSD any time soon), you don’t check kernel signatures in any meaningful way anyway. If you wanted to support secure boot with this randomisation scheme then it’s possible (you would need to sign the kernel with something derived from a PCR that includes the bootloader state and an attestation that the kernel was signed by the same key). The things that the submitter is fixating on (signing .o files) are not very useful to talk about initially because you need an attestation over the whole kernel, which is not necessarily composable from the individual .o files. Ideally you’d have something like a signed immutable filesystem image.

        1. 1

          OK, so paraphrasing back to you: basically it’s hard to know when the kernel was compromised, but until secure boot is implemented, the proposed solution is more trouble than it’s worth. It’s a legitimate problem, but the solution is unrealistic.

          1. 4

            Not quite. It would be a legitimate attack if not for the fact that there are easier ways for an attacker to achieve the same thing unless you implement secure boot. At that point, this becomes a useful tool for an attacker and you should close this gap.

    3. 3

      When I was a kid I knew someone who had one of these (several over the years in fact) and they just seemed magical. Every time they would come and visit I would manage to get my hands on it for at least a few minutes. What’s crazy is how we’ve never really replicated that in more modern devices, although GPD and Reform are probably the closest I can think of at the moment.

    4. 2

      Reading these kinds of articles just makes my day. Not for profit, not even really fulfilling some great need, just hacking and tinkering for the fun of it. Great to see!

    5. 11

      I think the article would have benefited from being called “Writing code isn’t the hard part” since that really seemed to be the main point. Once you have decomposed the problem and modeled solutions, writing the code is just a matter of translating that into whatever language you want (or need) to use. About two years ago someone here recommended How to Design Programs and I started using it as the textbook for my Fundamental Programming Concepts course (the only FP course our school has so far) and hands-down the biggest benefit has been the Function Design Recipe. I’ve started adapting it to my other classes, even the AP-level ones with good results. Obviously it is tailored to an FP model, but there are similar things you can do in OOP too. Anyway, it’s helped my students see that most of the work happens before you ever touch the keyboard. The way this article is titled and starts out makes it seem like the author is offended by “easy” languages or environments, and I don’t think that’s really the case. He just wants people to understand that the heavy lifting happens earlier in the process.

      1. 2

        Yes, the function design recipe is really useful. I was teaching a student a year ago, and even though we were in Python, I went through the same structured process with her.

    6. 7

      This could be a real boon for schools that are already invested in the Google ecosystem but have lots of legacy hardware that didn’t come with ChromeOS. Although I don’t love embracing Google’s services even more, the security benefits would be pretty significant. Especially with how Microsoft drew a weird line in the sand with Windows 11 update compatibility, there might be a lot of admins who take a long, hard look at ChromeOS now.

    7. 5

      I just got the DIY Ploopy Classic, and I’m absolutely hooked. If you want the utmost customizability I can’t recommend their products any more highly. They recently released a mouse, too. The big selling point to me is the open source QMK firmware, which allows me to program things like drag scrolling, button macros, gestures, and so on into the firmware itself. Here’s an abbreviated list of things I’ve done in firmware:

      • adjusted the tracking angle
      • customized my button layout
      • enabled drag scrolling while holding the far right button down (and the sensor speed changes in hardware while the button is held down)

      And I’m working on understanding the USB HID protocol well enough to add high resolution scrolling.

      All this without any drivers or any additional load on my computer whatsoever. As far as the computer is concerned this is the most ordinary mouse there ever was!

      Ploopy trackballs are definitely very “hacker aesthetic,” though, being made of 3D-printed parts. It’s not for everyone. But I imagine some post-print work such as sanding and acetone vapor smoothing on the upper case and buttons would go a long way.

      Another great open source option for heavily customizing a pointing device in hardware is jfedor2’s hid-remapper project. As the name implies, hid-remapper remaps existing HID devices much like ordinary mouse drivers do, but it does so by sitting between the input device and the host (i.e., a computer) and altering HID reports in-transit, so it also needs no drivers and produces no extra load on the host. hid-remapper also supports high-resolution scrolling on Windows and Linux very intuitively (by “scaling” inputs by a multiplier value).

      1. 1

        I got one to go along with my split keyboard and love it. I still use the Logitech M570 as well, but the rollers on the Ploopy make ceramic bearings feel like trying to run in water by comparison. It’s not that the M570 is bad, but that the Ploopy is so much better. I also have a Kensington Expert and it’s… alright. I love the size, but the button layout is a little awkward for me.

    8. 1

      How does this compare to Magic Wormhole?

      1. 11

        Firefox Send is “async”. The file is uploaded first, then the server “buffers” it until the downloader comes by. This enables a nicer workflow but has some downsides (mostly server costs).

        Magic Wormhole is Peer-to-Peer which removes the need for size limits and can have lower end-to-end latency and higher performance if both ends have a good connection (although it also means that both ends have to suffer if one end has a bad connection). But both users need to be online at the same time.

      2. 2

        Wormhole is single-use, whereas Send can be accessed by several people without generating a new link.

      3. 1

        Magic Wormhole has no size limits, which is nicer.

        ffsend might be a little easier to use? Ymmv.

    9. 3

      The meat of this link is their recent update calling for 50000 survey signups and a demo video of monochrome (not grayscale) mode eink operating at high refresh:

      1. 3

        I’m glad I watched the video demo. I didn’t realize that E-ink could refresh so quickly, that was very impressive, even if it’s only monochrome instead of grayscale.

    10. 7

      technology itself is, not just computers.

      Ivan Illich on convival tools

      In short: be very careful If tools put themselves in the loop.

      1. 4

        I’d never heard of this book before and have been plowing through it ever since I read your comment last night. His observations about the way society has conformed to our tools really resonates with me. And as someone who has one foot in education and one in computer science, his arguments about technology and education are really resonating. Thanks for pointing out this resource!

        1. 2

          Nice to hear! I discovered Illich last summer and since he’s popping up in unexpected places. As usual with patterns. E.g. about minute 41’ in the congress hearing with Seymour Papert and Alan Kay, 1996

      2. 2

        I read this recently after discovering Illich through L. M. Sacasas’s newsletter The Convivial Society. It’s kind of a long rant instead of a formal argument, but I do think it’s a really good lens to use when looking at technology.

        I keep thinking that the fediverse (which has had limited, but nonzero success) embodies the principles of maximizing individual freedom when compared to traditional centralized services like Facebook and Apple. Makes me want to go all-in on self hosted open source tools and abandon the corporate overlords. Although freedom is a double-edged sword when it comes to social networks online. I think small communities with strong moderation are the way to go.

        BTW I recommend The Convivial Society. It’s thought-provoking and well written. It’s available in audio form too.

        1. 1

          yes, the fediverse seems the agreeable way out. What shocks me about it, however, are the bloaty ‘standards’[2,3] that consider themselves both mandatory as well as half-baked and unreliable (‘living document’, ‘every implementer can choose’). The degree of neglection showing in link rot, expired certs, deserted referential tests etc. is breathtaking. So they are utterly useless and just a wordy burden. No wonder the implementations are so unwieldy, laypersons can’t operate them. So we’re not better off than we were with atom & websub almost 20 years since.

          I find it telling, that GAFAM started it (look at the authors of [1]) and destroyed it the same instant (dear ‘social’ websites[4], google reader, atom vs. rss, (iphoto) photo feeds, etc.). And since have grown to an ubiquitous plague.


    11. 4

      The “why” is not really explained. What, for example, do subdomains have to do with giving users control over their own HTML/CSS? Why is it necessary to have custom subdomains as a stepping stone to custom domains? Isn’t that already a solved problem? Without answers to those questions, we’re left with getting rid of “noise” in the URLs.

      The “how,” which has more depth, also seems incomplete. Session cookies and CORS headers are inherently specific down to the subdomain. Does this assume that centralized authentication and resources are not needed?

      1. 2

        What, for example, do subdomains have to do with giving users control over their own HTML/CSS?

        This specific example comes from the way that browsers handle requests for resources within a domain versus ones between domains since a subdomain is considered a separate silo. Malicious (or unwanted) payloads are harder to deliver across domains.

        1. 2

          So the purpose is to enforce an architecture of isolated sandboxes for each user? That’s what the author means by “control”?

          1. 1

            That was the impression that I got when I read it. In addition to the “branding” of a subdomain it also isolates users’ content from the rest of the domains on the server.

    12. 18

      I am a software & web developer - and Linux is a toolbox, full of highly polished tools, crafted over decades by software developers, for software developers. Windows is…​ not that. It’s a commercial OS, aimed at users of Word, Excel & Outlook, pretty much. You can feel this difference all the time that you’re using it - it pervades everything.

      I think this kind of encapsulates the reason I stopped caring so much about operating systems. Someone whose work life revolves around documents, spreadsheets, and presentations sees Windows the same way a developer sees Linux or BSD: a familiar toolbox full of the things that they need to get a job done.

      1. 9

        This is partly why I started a Operating System comparison spreadsheet more around workflows:

        There’s a number of philosophical reasons why one may opt towards a certain OS or hardware, but feel for many knowing there’s some guidance around what workflows can be met (or not) by a given setup to decide whether to make a switch (or wait, or try things out, or stay with what works) makes a difference.

        Dream is to someday see someone make a website/wiki of sortof like this spreadsheet. Aware of existing sites like but those are app-centric whereas workflows are sometimes provided by the OS itself and/or combinations of tools.

        1. 2

          Nice! I love the idea of being able to search for specific workflows to see what is available in the different operating systems.

    13. 28

      At the risk of forfeiting my nerd card: I first read SICP in my 40s and the big barrier to entry for me wasn’t Scheme, but rather the fact that a lot of the examples and exercises are, for lack of a better word, very math-y. I hadn’t had a reason to use things like calculus for over two decades, so I spent easily ten times as long refreshing my memory on the problem domains as I spent thinking about the programming concepts the book was trying to convey. Or rather, I did that toward the beginning of the book; later on it got easier once it was able to focus on ASTs and such.

      However, those examples are probably completely fine for the book’s target audience of MIT students, who will have all those topics fresh in their heads.

      1. 13

        There is always How To Design Programs which has been described as SICP but for humanities.

        1. 3

          My school is holding the first session of our fundamentals of programming course in years, and none of the previous instructors left notes for the course so I decided to reboot it using this text instead of the Python one that was used before. I have enjoyed using Python to teach in the past, and I use JavaScript in other courses for practical reasons, but since the course is completely dedicated to programming, without some sort of career-based outcome at the end, I decided to give this book a shot. It’s a one-semester high-school course, so I will be curious to see how far into the book we are able to make it.

        2. 1

          This book is excellent. I much prefer it to SICP for this very reason.

      2. 4

        You’re definitely not the only one. I’m not sure if I even have a nerd card, but the math in SICP was too much for me. I never took calculus—I never even took trig!—so I had nothing to fall back on. The Little Schemer worked much better for me, though obviously it’s not SICP.

      3. 3

        I had a similar experience but it was the Scheme plus the “math-y” stuff. The new edition interests me because JavaScript was the first language (for good or ill) I reacted with in any “real” way and I wonder, with SICP’s examples and such now being in the more approachable (for me) JavaScript, how approaching the book now will turn out even with its “math-y” parts (I assume) intact.

    14. 13

      We’re talking about a language designed in ten days to enable a monkey to dance in a webpage when you hovered over it with a mouse. A language that warranted a book with a title like JavaScript: the Good Parts. A language where “3” * “3” is 9 and “3” + “3” is “33”.

      Though arguably JS is closer to Lisp than Python is. Python, with its statement-orientation, pitiful lambda, lack of TCO, and bizarre idea of scope was chosen to succeed Scheme as the teaching language in the MIT course.

        1. 6

          That … is debatable. Designed by someone who knew enough jargon to sound like a lisp hacker, at least.

      1. 5

        The language is type checked, try it out using cndreisbach’s link. For example, your multiplication of strings results in:

        Line 1: Expected number on left hand side of operation, got string.
        Line 1: A type mismatch was detected in the binary expression:
          "3" * "3"
        The binary operator (*) expected two operands with types:
          number * number
        but instead it received two operands of types:
          string * string

        But the + is still working for concatenation of strings.

      2. 4

        JS from Netscape days is not the JS of today and people could use some break. The language grown. And yes, lots of the old gotchas are still there, but that is for a good reason. Either they’re needed to not break the web because you don’t want all old content suddenly breaking, or they’re misunderstood and part of some standard that people complaining are not aware of.

        In your example, the plus sign is the concatenation operator between strings. That is the correct behaviour. The multiplication example works because of automatic type coercion. You don’t want the string concatenation operator to attempt to do integer coercion and sum the strings. Today, we might not want that kind of automatic coercion, but there are sites using this and changing it would break the web.

        It is better to have a working and retrocompatible web than break things for language purity and elegance.

        1. 4

          I’d argue a language with so much cruft that is strongly bound to backwards-compatibility is not the most suitable language for teaching fundamental concepts. Purity and elegance is exactly what you need when teaching fundamentals, so that the awkwardness does not get in the way of the exposition.

          1. 6

            Speaking as a teacher, I think that teachers like the purity and elegance (and I do) because it makes it easy to teach, not because it makes learning easy or durable. So when students come up with weird ways to use JavaScript, it slows me down, but it also allows me to present a realistic picture of the way actual work in the field is probably going to be.

            There has been an ongoing debate in my faith over the tension between God’s sovereignty and human will, with competing systems proposed to defend one or the other. Both of them break down in different ways on close inspection because they’re an effort to impose a kind of order on a system that seems disorderly.

            So I suppose in some ways I feel the same way about all the arguments about language purity or OOP vs FP. They’re systems imposed on top of the reality of programming, and none of them will perfectly fit it. I’d rather be flexible on that end, even if it makes teaching more complicated, since it means more of what I teach will probably actually be useful beyond the “clean room” environment of a CS course.

            When I worked construction, it really surprised me how complex some of the math was that my coworkers were scribbling on scraps of lumber while we worked to solve different problems. But they were showing me how to do this with a drill in the other hand. Sometimes I like to think of this as an analogy for how teaching computer science. You need theory and you need to get actual work done. Languages like JavaScript can accomplish this, however inelegantly, and it’s one of the most ubiquitous languages on the planet now.

            But yeah, sometimes I scream into a pillow when I see how my students have used it and gotten away with it.

          2. 3

            BASIC was used for decades to teach programming to people who had never even thought about how to write a program. It was everywhere; in those days nearly every computer came with a BASIC interpreter either in ROM or the OS or both.

            Today every computer you buy has a JS interpreter right there, just hidden from view. Even if it’s not the cleanest language, it’s ubiquity makes it ideal for learning how to program.

            1. 1

              Yes, and Dijkstra had some less than nice things to say about it, too. I seem to recall a quote about teachBASIC causing brain damage. If he were alive and posting on here today, he’d probably get flagged for trolling.

        2. 2

          Lots of languages do implicit type conversions. I may not like it, but I can live with it. Lua does it. Perl, the first language I really mastered, does it. So does PHP. But all 3 have a dedicated string concatenation operator, instead of overloading +. Overloading + isn’t by itself a bad thing. Python does it, and it’s fine there. But combine type conversions with operator overloading, and the language is unsound.

          1. 1

            combine type conversions with operator overloading, and the language is unsound.

            And yet C++ remains very popular…

            1. 1

              Lots of unsound things are very popular: gambling, porn etc.

        1. 4

          No, in this book: Line 1: Operator '^' is not allowed.

    15. 2

      JT gives a good overview of Essence (four months ago, so some things have changed) on his YouTube channel that might give another perspective on the operating system. Personally I don’t really understand the UI convention of tabs within windows versus just windows, but I am not sure that it’s a bad idea either. I definitely get Haiku vibes from the ultra-responsive interface though.

        1. 1

          That’s SerenityOS, another from-scratch operating system.

          1. 2

            Oops, sorry! I was obviously not paying enough attention to what I was doing there 😬

    16. 12

      I don’t think the proposed syllabus really achieves what the author says it does. In education, neat plans often have a way of imploding when they meet students.

      As I see it, the “WHY!?” has two components:

      1. What’s my motivation to learn this?
      2. How do I use this in practice?

      The first is the hardest, especially if you have to teach a large group. Who’s to say they will be interested in your card game problem? Experience tells me most will see it as contrived.

      As for the second, I’m fairly certain students will fail to generalise from solving one hyper-specific problem. Yes, you’ve taught them how to make a card game, but will they able to apply these tools to another problem?

      Teaching is definitely easier when you can pair it with practical examples, but I think that’s how any decent teacher would teach the first syllabus anyway. People with no experience in education often like to armchair speculate on how it ought to be done, but the real problems in education tend to be systemic and institutional, which the teachers usually have no power to affect.

      1. 6

        In my introductory robotics course we follow an approach similar to what he recommends, and although I loved the format and my students were overall very successful in the course, I noticed that other than a handful, students really struggled to take the previous material and apply it to a new domain. They tended to compartmentalize solutions versus seeing them as tools that could be used in other ways. It did improve some as we went but I think, like you said, that there are systemic issues that need to be addressed to change that kind of thinking. No CS course can be expected to overcome that without changes elsewhere too.

    17. 3

      Throwing mine on the pile:

      Built a desk into my shop when we all started WFH. No screen shot because there’s not much to see: swaywm on Fedora with Alacritty+tmux+NeoVim fullscreen on workspace 1 and Vivaldi fullscreen on workspace 2. Workspace 3 is for Zoom. All of it’s been themed with Dracula.

      Hardware is a maxed out System76 Meerkat, Dygma Raise keyboard, old (2010) Logitec MX mouse, and LG 27UD68-P monitor. Hanging on the all behind the monitor is an Intel NUC w/ RTX 2060 for gaming. The display stuck on the ceiling is for the WS-2902C weather station mounted outside the shop.

      1. 4

        Coworkers: “Where are you located”

        sprsquish: Pulls out Banjo

      2. 2

        It’s impressive how much those air filters pull out of the air when they’re strapped onto a box fan like that. I tried it a few years ago out of curiosity and was appalled by how quickly the filter had to be changed. Been using them pretty much continuously ever since.

        1. 3

          Absolutely. I was originally looking for a way to get dust collection that wasn’t going to cost a small fortune. The wood working community is a clever and thrifty bunch. These things cost a tenth what a “real” solution would have.

    18. 3

      Screenshots would be pretty boring, it’s just stock Windows 10 with auto-hiding taskbar and no desktop icons on the desktop, XMonad with a very basic config on one laptop and stock Gnome on the other (we don’t talk about the third laptop), so here’s my battlestation. We have:

      • Two LG monitors, the big one’s new and it’s 1440p and 144hz. Behind them there’s a two-arm monitor stand. The LG monitor on the side is not VESA compatible so I had to get a bit creative to mount it like that.
      • Three mice: the big trackball is a Kensington Expert and it’s for normal use on the desktop, the most normal one is a Razer Deathadder is for videogames and the small trackball is a Logitech Ergo M575, which I normally use at work with the laptop.
      • A 90x40cm mousepad, very nice and comfy.
      • On the ground, a cheap foot pedal with three buttons that I mostly use for push-to-talk and to take screenshots. I’ve tried using it more actively but it’s a bit awkward.
      • A mic arm with a very hacky hook for hanging the headphones (just out of the picture).
      • A Raspberry Pi with a passive cooling case under the desktop tower.

      I’m planning on moving and getting a new desk, so hopefully there will be some big changes next year. Bonus points for recognizing all the characters :)

      1. 1

        How is Kensington compared to Logi Ergo? I am thinking about changing mine.

        1. 1

          I used to use the Kensington and switched to the logitech ergo, tempted to switch back b/c the ergo causes my thumb to ache whereas the kensington did not.

          I wish they would make the new kensingtons with the bearings / wheels from the older models (Kensington Turbo Mouse Pro) where you could spin the ball like you were playing goldentee on your desk.

        2. 1

          It’s kind of unwieldy, honestly. I thought the big orb was gonna be nicer than the Ergo but it’s the other way around, if I had to choose only one of them I’d go with the Ergo.

          1. 1

            Have to second you on that one. I have the Kensington and the M570 and would take the M570 if I had to choose. However, I also purchased a Ploopy Classic last year and it is wonderful. It really knocks both of the others out of the fight for stationary use. It’s the rollers (vs. the bearings on the other two) that really make a huge difference for me.

    19. 38

      A company “bought” Audacity and added spyware. The same company also did it to MuseScore.

      You know, it really was and still is a stretch to describe basic, opt-in telemetry as spyware just because they made the unfortunate decision to use Google Analytics as a backend.

      1. 19

        Also, from what I heard they are doing decent work, actually paying maintainers to work on the software. You know, the exact thing that OP is complaining about not happening.

      2. 5

        please explain how Google Analytics isn’t spyware? it is software that monitors user behavior and reports it to a 3rd party, all typically without user consent.

        1. 20

          Audacity/GA would be spyware if it was monitoring usage of other things the user was doing on their computer. Using the term to describe the app recording usage of itself is hyperbole.

          1. 5

            If my business was audio engineering, having a tool that started reported on my usage of it would be problematic. I would immediately start looking for alternatives. Why should I have to look through the code to find out exactly what it’s logging? File names? My use of licensed plugins? The inference that the lead singer needs pitch correction on every single track, or that we brought in a pro “backup” singer who is actually 85% of the lead on the final mix?

            When I am editing my family’s amateur instrumental work, I think I can reasonably feel equally peeved at having my sound editor report back to base.

            Calling it spyware is not necessarily hyperbole.

            1. 5

              Fortunately the scenario you described doesn’t exist since the telemetry is opt-in.

        2. 19

          all typically without user consent

          Except here it is opt-in, as pekkavaa said.

          1. 2

            thanks, i missed that.

            I was curious what kind of consent was involved, and honestly it’s better than I expected. Based on the issue linked in the OP it seems Audacity now displays a dialog asking users to help “improve audacity” by allowing them to collect “anonymous” usage data. They don’t seem to mention that it also reports this to Google.

        3. 8

          Counting how many people clicked the big red button and bought products, or how many users have a 4K monitor, or how fast the page loads technically involves monitoring.. but it’s not really the same as what you would typically imagine when you hear the word “spying” is it?

          It’s rather silly to equate performance metrics, usability studies and marketing analytics to a secret agent carefully reading all your messages.

    20. 3

      It’s even worse. Most users are unable to input URL when prompted verbally. They use the search field on their home page.

      1. 2

        Yes, it’s pretty much the 60+ method in my impression. I hope kids these days know better.

        But even when you know the difference, there is one more hurdle: My memory, at least, is not just case insensitive, but TLD insensitive: Was it .com, .org or .net again? Sometimes, I guess wrong, and find a shady spam site insetad. I need a TLD resolver, and I use both search engines and Wikipedia for that.

        1. 3

          High school computer science teacher here, and I can assure you the kids these days do not know better, unfortunately.

        2. 2

          More like 50+, at least around me. They also love to share their passwords with me. :shrug:

        3. 1

          I really hate the TLD proliferation. Now you can’t even just assume a company is .com, now it might be .pizza. Or one of those godawful dots in the middle of the word. Those are the worst.

          I’ve used search for things I was even quite confident of just because of that.