Also be careful not to reach for system design when you only need software design: https://lukerissacher.com/blog/optimizing_your_web_app
Readit NewsQuadrupleA commented on Good system design seangoedecke.com/good-sys... · Posted by u/dondraper36
QuadrupleA commented on The Chrome VRP Panel has decided to award $250k for this report issues.chromium.org/issue... · Posted by u/alexcos
People are evaluating this from a cold perspective to see if the system is working as designed or not.
Hopefully decency reduces the necessary price a little.
QuadrupleA commented on The Chrome VRP Panel has decided to award $250k for this report issues.chromium.org/issue... · Posted by u/alexcos
He had a pretty reliable exploit on the most used browser, pretty sure it he could have gotten more tax free on the black market.
Now, with EDR widely deployed it's likely that the exploit usage ends up being caught sooner than later, but pretty sure some dictatorship intelligence agency would have found all those journalists deep compromise worthwhile...
Everybody here is coldly evaluating the financial profit comparison. How about being a decent human being, and not enabling hundreds of criminals to hurt millions of people because your net income is potentially better?
Deleted Comment
QuadrupleA commented on Anaconda Raises $150M Series C anaconda.com/press/anacon... · Posted by u/diverted247
$50m more than Oxide Computer, a company actually building something, just raised. For what exactly? A free python distro, doing some vague AI pivot?
QuadrupleA commented on It's time for modern CSS to kill the SPA jonoalderson.com/conjectu... · Posted by u/tambourine_man
SPAs make sense when your users have long sessions in your app. When it is worth the pain to load a large bundle in exchange for having really small network requests after the load.
Smooth transitions are a nice side effect, but not the reason for an SPA. The core argument of the article, that client-side routing is a solution for page transitions, is a complete misunderstanding of what problems SPAs solve. So absolutely, if you shared that misunderstanding of SPAs and used them to solve the wrong problem, this article is 100% correct.
But SPAs came about in the days of jQuery, not React. You'd have a complex app, and load up a giant pile of jQuery spaghetti, which would then treat each div of your app is its own little mini-app, with lots of small network requests keeping everything in sync. It solved a real problem, of not wanting to reload all that code every time a user on an old browser, with a slow connection, changed some data. jQuery made it feasible to do SPAs instead.
Later, React and other frameworks made it less spaghetti-like. And it really took off. Often, for sketchy reasons. But the strongest argument for SPAs remains using them as a solution to provide a single-load of a large code bundle, that can be cached, to provide minimal network traffic subsequent to the load when the expected session time of a user is long enough to be worth the trouble of the complexity of an SPA.
Side note, sick of jQuery being always associated with spaghetti in the tech lexicon.
Any Turing-complete system is spaghetti in the hands of bad programmers. And simple & clear in the hands of good ones who know how to design.
QuadrupleA commented on Linux Reaches 5% Desktop Market Share in USA ostechnix.com/linux-reach... · Posted by u/marcodiego
Recently moved to Arch Linux after 25+ years on Windows. It was a LOT of work (my whole career is on the computer and I have a lot of custom scripts and tools), but I'm so happy with the result.
No more hundreds of background processes sapping my battery life and performance.
No more blatantly manipulative ads every time Windows updates, about how I won't be "safe" unless I sign up for OneDrive, switch to Edge, and subscribe to Office Live Dynamics Pro Limited 365, because now word processing and spreadsheets are a subscription for some fucking reason.
No more 3 different generations of UI styles sloppily bolted together (though Linux desktop styling can be plenty sloppy).
No more news feeds in my start menu and task bar filled with the outrage and statistically improbable evil human acts of the day, no doubt with MS ads, alongside prods to install Candy Crush and other crap.
No more whack-a-mole MS telemetry I have to read obscure guides to find out how to turn off.
No more needing to sign in to a FUCKING CLOUD ACCOUNT to use my own computer.
No more stupid crap like copilot, sucking screenshots and forwarding them to MS and OpenAI, and other sparkly AI icons on every damn thing.
Haven't booted Windows in a month or two. So happy to have switched - my computer belongs to me again, for the first time in a long while
QuadrupleA commented on Show HN: PunchCard Key Backup github.com/volution/punch... · Posted by u/ciprian_craciun
Wouldn't printing a QR code be way easier? If it's just for retro fun / Rube Goldberginess than nevermind, carry on :)
QuadrupleA commented on Making code last a long time twitter.com/jonathan_blow... · Posted by u/robinhouston
> The way you make code last a long time is you minimize dependencies that are likely to change and, to the extent you must take such dependencies, you minimize the contact surface between your program and those dependencies.
A lot of value is driven from those dependencies though. Zapier as a pointed example: Zapier sans dependencies is ... well I don't even know. So sure, you could avoid dependencies at all cost, but at some point you might end up deleting the reason someone else wants to use your code in the first place.
Of course, if you're writing code only for yourself that will totally work, but most professional software engineers are not -- it's a balance and it's not fair to say all they have to do is stop writing glue code.
What are you doing with Zapier that you couldn't do with your own code, or carefully curated small set of libraries? For networked services, the REST APIs of popular providers (Stripe, AWS, etc.) are usually kept backwards compatible for a long time.
QuadrupleA commented on Making code last a long time twitter.com/jonathan_blow... · Posted by u/robinhouston
This seems like another case where jblow's opinions are guided by his experience as a game dev. Games can be "finished" and never touched again. I think I mostly agree with him that software could be made to be timeless to some degree. But, in the world of web apps and saas, the culture is to offload much of the work to third party libraries/APIs which locks you into a never-ending cycle of dependency management. I don't know if this culture is totally necessary (maybe to ship fast and keep up with security updates?), but in a world where users expect software to be constantly improving you can't expect anything to be "done". Maybe you could get close if you built everything in-house, but even still you have to keep up with security flaws.
From experience - if you look at the "security flaws" in detail that updates and patches address, an app with good dependency hygiene is rarely vulnerable to them, and doesn't need the purported fixes. So in those cases it's mostly a comforting mirage that your software is improving as you do "security updates" on your libraries and dependencies, except in rare cases.
And, security updates should not break your app! What breaks your app are feature changes, API changes, and the like, which is a breach of backwards compatibility and IMHO kind of lazy and hostile on the part of the library developers. It creates massive unnecessary work for developers, and unnecessary bugs and problems for millions of end users.