|
CRIP EATIN BREAD posted:especially if it just does stuff like call AWS API endpoints yep. what made serverless finally click for me was when someone called them cloud bash scripts. it's just the glue you need sometimes to make pre-existing services work together it's not really for actually building applications
|
# ¿ Sep 4, 2018 17:27 |
|
|
# ¿ Apr 27, 2024 12:26 |
|
iirc, the redis guy decided to reluctantly okay changing the terms after DHH plead with him a bit on twitter. so that will get fixed eventually too
|
# ¿ Sep 12, 2018 17:35 |
|
that rear end in a top hat is wrong anyway. this is exactly the same argument that people bring up with, like, Haskell not having null pointers. "OOHOHOHO, but then when you need to represent absence, you use Maybe which JUST LIKE A NULL!!" yeah, no poo poo dumbass, the point is you're free of null everywhere else. I happened to have watched the original rust conf video last week, and it was 100% "figuring out how to do traditional gamedev poo poo in rust" and it was actually a decent talk. It was a pretty standard "we restrained ourselves with this tool, but now we need to figure out how to do this traditional thing under these constraints." Circumventing the borrow checker? Yeah, in exactly one way: whenever you have entities with persistent references to other entities, you might discover they're stale. That's it. And it's not like her solution causes memory corruption or anything. And it not like those kinds of reference are even that common. It's Maybe types all over again. And meanwhile, literally everything else is still getting checked by the borrow checker. blowhard is mad because Rust got lots of attention, and he feels he deserves all that attention because he feels he's the hottest poo poo ever.
|
# ¿ Sep 14, 2018 21:49 |
|
MononcQc posted:the view or controllers in an app should have no loving clue whether you’re using an ORM or not for the data model or handling. if you do, congratulations you’ve built everything on top of a leaky abstraction. fwiw, this is just typical, though You're absolutely right, but I've never met a web app that wasn't just handing views ORM-based model objects to extract data out of. I have this theory that our programming languages just aren't good enough at quickly and easily describing intermediate data types (and transforming to/from them) that we all just tend to skip doing that pretty aggressively. DELETE CASCADE posted:the object-relational impedance mismatch isn't a real thing, just write the drat sql (using a query builder obvs not raw strings) it's real, it's just a lot narrower than people give it credit for. "don't try to match tables 1:1 with classes, because projection and joins," well golly.
|
# ¿ Apr 10, 2019 17:09 |
|
the .await syntax seems like the right decision to me? it chains, and it's not like the semantics are different from the other syntax choices so... good on them imo
|
# ¿ May 7, 2019 02:43 |
|
ah, yeah wasn't there an old C++ or C# developer wisdom about how when language features are new programmers are like "make it loud and weird and obvious" and then when the language feature becomes commonplace and well understood programmers are like "ugh, why does this have such a bizarre syntax, i wish it were more regular with everything else." i wonder if that applies here
|
# ¿ May 7, 2019 03:54 |
|
Soricidus posted:also it’s all private classes in one module, I’m not exposing this terrible implementation detail to any unsuspecting users the one situation where you *might* not regret it, maybe inheritance isn't the worst if you have total control over the whole world, so you can refactor at will.
|
# ¿ Feb 4, 2020 02:09 |
|
Almost certainly just told the IRB it wasn’t human subject research (even though it was), so the IRB never reviewed it.
|
# ¿ Apr 21, 2021 17:42 |
|
conventional commits is good for high-churn open-source projects where people actually want to read the release notes their utility is that the release process can be fully automated, so it's just "run script" and now a new release has been made, no extra effort required (contrast with having to figure out what's changed and actually write something as release notes). This is especially nice if you want to do something like "release every 2 weeks" without cursing 1 person with a hell job. example: https://github.com/aws/aws-cdk/releases/tag/v1.131.0
|
# ¿ Nov 30, 2021 01:31 |
|
Plorkyeran posted:we just require each pr with user-visible changes to include an update to the release notes and then the release process is fully automated without any stupid poo poo probably fine usually, yeah. It just has the problem of: "no release notes update? mistake, or not worth mentioning?" and when you start having hundreds of contributors that starts to blow up "conventional commits" starts to look pretty nice if you go compare it to e.g. the kubernetes release notes automation process also.... "commits" might be misleading to people who haven't tried it. It's really "pull request titles" since most of these projects will also squash and merge
|
# ¿ Nov 30, 2021 07:17 |
|
They’re publicly testing the new http index now at least
|
# ¿ Jul 28, 2022 16:14 |
|
DX24TB1 posted:Please tell me I can't be the only one who have a major problem with Rust and the whole crates-for-everything method. I get where you're coming from, but I think things are a lot better than npm. Npm grew up with a wild enthusiasm for their packaging system, to the point where people were legit cheering on one-function modules as this revolution is how programming should happen. This was the enthusiastic culture it grew up in, and how 'left_pad' came to be. Rust's crates systems were largely built in the aftermath of that failure, and I think they did a decent job of learning lessons without throwing out the valuable aspect of people actually being able to easily build on other's packages. For one thing, there's a very slow and deliberate (but existing!) migration path for things to enter the standard library. It's definitely not for everything (e.g. I don't think serde), but eventually I think some things (like anyhow) will make it there. For another, I personally think using a lot of (e: (edit: Please ignore the crossed out parenthetical above, which made this paragraph say something I didn't intend. The problem, of course, is that a proliferation of crates means that there's also going to be a proliferation of bad crates, too, and we're facing the problem of trying to filter those out. It made me seem like I'm just assuming away the whole problem, but I just meant to comment on the _number_ of dependencies here.) But having a large number of dependencies, instead of a small number, does present new problems. You can't answer many of your questions just by kinda looking at the list and spending a few minutes anymore. We need _tools_ to analyze things and answer those questions for us now. I think the Rust community is slowly building those tools, and many of the important ones are already in place. Our (large, security-sensitive tech company) approach is: 1. Use 'cargo-deny' to check licenses and security advisories. 2. Use centralized tools that bump dependencies. (E.g. casually bump patch levels every week, but the same tool can quickly bump anything with a security vulnerability on demand) 3. Use an internal crates.io mirror that comes with a policy of delay new releases by 2 weeks in order to give time for supply chain attacks to be discovered before they could affect us. (Along with a few other policies: e.g. filtering out packages with wholly-unacceptable licenses, allowing people to accelerate new release availability by doing code review, etc.) 4. Some folks are considering 'cargo-auditable' for embedding SBOM into binaries, so security tools can scan what was in them, but our approach to security means we already know this information, so it hasn't really been deployed. Seems more useful for people who distribute binaries to third-parties. I kinda wish our tools for the internal crates.io mirror were open-source, but that's life. crazypenguin fucked around with this message at 18:39 on Jan 2, 2023 |
# ¿ Jan 2, 2023 17:39 |
|
cinci zoo sniper posted:nice strawmanning, so fingers crossed this is a reddit pasta i've not seen before Nah, I legit don't know what you mean. What did I strawman?
|
# ¿ Jan 2, 2023 17:48 |
|
cinci zoo sniper posted:sure, let me clarify Ah, my mistake, I meant to acknowledge these as possible failure modes with that parenthetical. i.e. that "making it easy to share code" might "make it easy to share bad code" and that's certain a potential drawback if people start using that bad code widely for some awful reason. (There certainly are a lot of bad crates out there, thought I don't think they're widely used...) I didn't mean to imply that anyone would be against sharing good code. quote:phrases like this, suggesting that you couldn't quickly build code if the language had a batteries-included standard library, or a smaller number of more comprehensive packages, for instance, is why people use "rust evangelism strike force" as a pejorative. what even is the fact of proposed consensus here, that average language user's propensity to reimplement everything from zero is proportional to the breadth of functionality covered by a representative ecosystem package set that a solo dev or a small team could feasibly audit/be confident in development and management of? Fair, this is an assumption on my part: I do think that if you're working in an ecosystem that makes it a lot easier to build independent modules and compose/depend on them, that you naturally end up in a state where software will use a lot more dependencies, and then you inevitably have the problems that the OP mentioned. But I do think this is true! If you build something new you can either _immediately_ release it as a new crate. If it's bad, nobody cares. (Hopefully!) If it's good, people start using it! (Also hopefully?) But if you build something new and need to get it past gatekeepers of a big library/framework, or the even bigger barrier to the standard library, then people can't use it yet. And it's a lot harder for anyone to really figure out if it's any good yet. So I think the incentives align towards this proliferation of packages. So it'd be nice if we could somehow have the best of both worlds, but I think we staring at two equilibrium points: either it's hard to release packages or there are gatekeepers and few dependencies, or it's easy to release packages and we have to do "quality gatekeeping" in a post-hoc way from a large collection of dependencies.
|
# ¿ Jan 2, 2023 18:18 |
|
I still quite like postgres But I have to admit, it's got the "open source software" flaws. No product people. They still ship bad defaults for query planner tuning and (last I checked) refuse to allow hints in queries. I used to think people complaining about stuff like that were exaggerating how bad it was, but sure enough, the first bigger important production database I managed suddenly fell over one day by deciding to do a full table scan instead of using the loving primary key index, and the best option immediately available to me was to upgrade the instance size to something big enough to fit the whole goddamn DB in RAM. Naturally, it waited until I was on vacation
|
# ¿ Feb 16, 2023 17:22 |
|
Ciaphas posted:a heretofore undetected stack clobber that's somehow hitting the 2nd parameter of the clock_nanosleep call or something, maybe? wish i could sic valgrind and especially helgrind on this thing can you strace it?
|
# ¿ Mar 4, 2023 18:46 |
|
Antigravitas posted:Split videos into frames? I'd bet a lot that it's just a game of telephone from "key frames" or something
|
# ¿ May 8, 2023 16:06 |
|
why would you not do what tef said and leave the loop there unconditionally? Like, there was the simple straightforward code, and then there's "add preprocessor hacks and gotos" and you... chose the latter?
|
# ¿ Jul 20, 2023 01:46 |
|
anyway, in other amazing coding news, there's a cool exploit for ssh-agent. The write up is neat and cool. https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt While it's less impactful than log4j, it's pretty similarly "WTF?" because it just takes an attacker-supplied string and just loads that as a library. By loving design. At least confined to /usr/lib and not "downloads files over the internet" like log4j but loving hell. Naturally, one of the layers of mitigations, in fact THE primary mitigation, if you actually need and re-enable this feature, is to just grep the .so file for the symbol name before trying to load it https://github.com/openssh/openssh-...d6513828a3R2986 This link brought to you by a github mirror because openssh upstream is developed using CVS.
|
# ¿ Jul 20, 2023 02:53 |
|
Corla Plankun posted:whats that testing methodology called where all the inputs have numerical bounds (or something like that) and so it is possible to test a system for every possible input due to math and type wizardry? I think either bloody or eide was advocating for it at one point but i forget what it was called "model checking" probably the term can include exhaustive checking, probabilistic checking, or symbolic checking
|
# ¿ Oct 5, 2023 18:14 |
|
rotor posted:copilot absolutely increases junior dev productivity. Im sorry, I dont like it either, but its true. I'm not terribly skeptical of this, but the only data I have is mentoring one junior engineer who prompty turned a 4 hour task into a week of flailing because he kept copy and pasting poo poo out of chatgpt he didn't understand, getting horribly confused, and just kept going back to chatgpt for that sweet hit of completely garbage answers instead of loving asking someone who loving knew something
|
# ¿ Nov 7, 2023 21:05 |
|
|
# ¿ Apr 27, 2024 12:26 |
|
necrotic posted:sleep brain is fun - i woke up and realized it should be this simple but our existing process is just very dumb. crossing my fingers it is as simple as i think obviously pursue the simple fix first but I also want to toss out here that this whole thing sounds off to me. The build system should produce the build artifact that is the whole thing being deployed. It sounds vaguely like your build system does the build, but then to deploy, you have the servers also do the build themselves too? (Otherwise, why would including the package lock matter to the deployment?)
|
# ¿ Mar 10, 2024 17:08 |