spinningD20 (u/spinningD20)

spinningD20 commented on Self-Hosting a Firefox Sync Server blog.diego.dev/posts/fire... · Posted by u/shantara

gudzpoz · a year ago

Garuda Linux has been hosting their own Firefox Sync server for a while now for their FireDragon browser [1]:

   defaultPref("identity.sync.tokenserver.uri", "https://ffsync.garudalinux.org/token/1.0/sync/1.5"); // --> FIREDRAGON CONFIG

(They seem to be running the older non-Rust sync server though. [2])

[1] https://firedragon.garudalinux.org/

[2] https://gitlab.com/garuda-linux/infra-nix/-/blob/main/docker...

spinningD20 · a year ago

A little off topic, but I had to refresh my memory as to what Garuda was. As a long time user of arch in various "forms" (initially manjaro until I grew frustrated with all the extra/different things, then antergos because it was mostly just plain arch with a nice installer/sane default packages, then endeavouros because it was the closest thing to what antergos provided me), I'm not sure how I missed garuda. Some of their utilities look convenient.

Thanks for the mention! I'll have to try them again on my next machine.

spinningD20 commented on FCC fines largest wireless carriers for sharing location data docs.fcc.gov/public/attac... · Posted by u/coloneltcb

sofixa · 2 years ago

> Most of this abuse of personal data would go away if people knew it was going on.

GDPR proves this wrong. Most people click OK/accept even in front of relatively clear information (to be fair sometimes the options are "accept for you to be tracked and shared with 'our partners' or pay a subscription/fee", which is an easy choice for many.

spinningD20 · 2 years ago

Yet if the business model / customer's _existing_ service agreement is changed, the temperature of the water that the frog is in just went up a little bit, so folks continue using it, which is what often happens as well.

"well, I'm not sure if they're going to start collecting or using my data, because I don't actually really KNOW that or the extent of everything, just an email from them with a vague update to an equally vague privacy policy that I apparently implicitly agree to if I don't discontinue using their service."

Just like a manufacturer/seller on say, amazon shouldn't be able to revise their product with cheaper quality under the same model number (and yet it happens all the time), changes to the agreement of a service should be treated as a new service.

Whatever the solution, it should be a big enough deal that it cannot be implicitly agreed to, and clear enough language (maybe vetted by a third party review of the agreement) to communicate to all users, what is at stake and how, to which third parties, etc.

spinningD20 commented on The history of lead pencils and their lack of any lead (2021) pensunlimited.co.uk/blog/... · Posted by u/nkurz

spinningD20 · 2 years ago

As a toddler in the early 80s, I playfully stole my older sister's pencil when she was working on her homework, ran away with it, tripped and fell, the lead breaking off in my eye. Fortunately I don't remember any of that myself...

Almost 40 years later it's still there, still scaring any new eye care establishment personnel with each visit.

Fortunately no noticable side effects, other than when I get something in my eye and back out again, my brain keeps telling me something is there for an hour or two afterward.

spinningD20 commented on FOSDEM 2024: PineTime Talk blog.mlich.cz/2024/02/fos... · Posted by u/lupyuen

spinningD20 · 2 years ago

it took me two weeks to get the sealed pinetime working back when it launched. for some reason it would get stuck on the initial boot screen, and it would be in a state to where I couldn't update the firmware. eventually in a mindless "flap/spin it in a circle with my hand while I was thinking about work" I felt it vibrate and to my surprise, it booted for the first time ever.

It turned out, even with a firmware update months later applied to it, that whenever it gets rebooted, I have to do the above movement until it finally decides to boot, and it's random. Sometimes it takes a few spins/flicks, sometimes I'm doing it for minutes on end.

I confirmed this isn't a red herring by leaving it in its frozen state and motionless, and it would never recover, even 24hr later.

This was the second Pine purchase of mine, the first being the PinePhone Pro, which A) I couldn't get activated on AT&T (not Pine's fault with the 3g phase out and whitelist approach, but I digress), and when I used TMobile, I couldn't make a call with it without having audio problems or etc.

Look, I wanted to support them, and the idea of less expensive open hardware/software, even if it meant rough edges, but completely non functional for even the most basic usages... I might as well just build my own and understand all of the reasons why something doesn't work instead of spending days or months getting it to do what it said it would do on the tin out of the box.

spinningD20 commented on Is something bugging you? antithesis.com/blog/is_so... · Posted by u/wwilson

btrettel · 2 years ago

The earliest that I've seen the attitude that one should eliminate dependencies because they have more bugs than internally written code was this book from 1995: https://store.doverpublications.com/products/9780486152936

pp. 65-66:

> The longer I have computed, the less I seem to use Numerical Software Packages. In an ideal world this would be crazy; maybe it is even a little bit crazy today. But I've been bitten too often by bugs in those Packages. For me, it is simply too frustrating to be sidetracked while solving my own problem by the need to debug somebody else's software. So, except for linear algebra packages, I usually roll my own. It's inefficient, I suppose, but my nerves are calmer.

> The most troubling aspect of using Numerical Software Packages, however, is not their occasional goofs, but rather the way the packages inevitably hide deficiencies in a problem's formulation. We can dump a set of equations into a solver and it will usually give back a solution without complaint - even if the equations are quite poorly conditioned or have an unsuspected singularity that is distorting the answers from physical reality. Or it may give us an alternative solution that we failed to anticipate. The package helps us ignore these possibilities - or even to detect their occurrence if the execution is buried inside a larger program. Given our capacity for error-blindness, software that actually hides our errors from us is a questionable form of progress.

> And if we do detect suspicious behavior, we really can't dig into the package to find our troubles. We will simply have to reprogram the problem ourselves. We would have been better off doing so from the beginning - with a good chance that the immersion into the problem's reality would have dispelled the logical confusions before ever getting to the machine.

I suppose whether to do this depends on how rigorous one is, how rigorous certain dependencies are, and how much time one has. I'm not going to be writing my own database (too complicated, multiple well-tested options available) but if I only use a subset of the functionality of a smaller package that isn't tested well, rolling my own could make sense.

spinningD20 · 2 years ago

That tracks well (both the quotes and your thoughts).

One example that comes to mind where I want to roll my own thing (and am in the process of doing so) is replacing our ci/cd usage of jenkins that is solely for running qa automation tests against PR's on github. Jenkins does way way more than we need. We just need github PR interaction/webhook, secure credentials management, and spawning ecs tasks on aws...

Every time I force myself to update our jenkins instance, I buckle up because there is probably some random plugin, or jenkins agent thing, or ... SOMETHING that will break and require me to spend time tracking down what broke and why. 100% surface area for issues, whilst we use <5% of what Jenkins actually provides.

spinningD20 commented on Is something bugging you? antithesis.com/blog/is_so... · Posted by u/wwilson

amw-zero · 2 years ago

There's a lot of assertions that I throw into business applications that would be very useful to test in this way. So I don't think this only applies to testing databases.

Also, when properties are difficult to think of, that often means that a model of the behavior might be more appropriate to test against, e.g. https://concerningquality.com/model-based-testing/. It would take a bit of design work to get this to play nicely with the Antithesis approach, but it's definitely doable.

spinningD20 · 2 years ago

Just to clarify, I am definitely not saying this is only useful or only applies to databases.

The point was more that, I don't see how this testing approach (at the level that it functions) would catch all of the bugs that I have seen in my career, and so to say "all of the bugs" or even "most of the bugs" is definitely a stretch.

This is certainly useful, just like unit tests, assertions, etc are all very useful. It's just not the whole picture of "bugs".

spinningD20 commented on Is something bugging you? antithesis.com/blog/is_so... · Posted by u/wwilson

amw-zero · 2 years ago

I do think that it was a mistake to use the word "all" and imply that there are absolutely no bugs in FoundationDB. However, FoundationDB is truly known as having advanced the state of the art for testing practices: https://apple.github.io/foundationdb/testing.html.

So in normal cases this would reek of someone being arrogant / overconfident, but here they really have gotten very close to zero bugs.

spinningD20 · 2 years ago

The other issue I would point out is that building a database, while impressive with their quality, is still fundamentally different than an application or set of applications like a larger SaaS offering would involve (api, web, mobile, etc). Like the difference between API and UI test strategies, where API has much more clearly defined and standardized inputs and outputs.

To be clear, I am not saying that you can't define all inputs and outputs of a "complete SaaS product offering stack", because you likely could, though if it's already been built by someone that doesn't have these things in mind, then it's a different problem space to find bugs.

As someone who has spent the last 15 years championing quality strategy for companies and training folks of varying roles on how to properly assess risk, it does indeed feel like this has a more narrow scope of "bug" as a definition, in the sort of way that a developer could try to claim that robust unit tests would catch "any" bugs, or even most of them. The types of risk to a software's quality have larger surface areas than at that level.

spinningD20 commented on Maybe getting rid of your QA team was bad davidkcaudill.medium.com/... · Posted by u/nlavezzo

natbennett · 2 years ago

It’s not the “separate” part that I think is ridiculous. It’s the fact that the team is named “quality assurance.” It relies on a metaphor from manufacturing that’s entirely inappropriate for software.

If you want to call it “Testing and Exploration” you’d get no argument from me. (Though I do think you’ll find that team is hard to staff.)

spinningD20 · 2 years ago

I'd call it something like "Risk analysis, identification and mitigation group"

spinningD20 commented on Maybe getting rid of your QA team was bad davidkcaudill.medium.com/... · Posted by u/nlavezzo

ThalesX · 2 years ago

I am currently working with a startup that spends a lot of time on building tests that need to be refactored every sprint because it's early stage and the assumptions change. I am shocked at the amount of developer-hours spent on tests that need to be disabled / deleted instead of just hiring 1 - 2 super cheap manual testers that just go through the flows days in and out.

For me it's a no brainer, if I were CEO / CTO, until product-market-fit is achieved and exponential growth is visible, I'd just outsource Q&A and that's that.

spinningD20 · 2 years ago

When outsourced, you either A) rely on someone in your org to tell them what to test and what the workflows are, ie use them as a warm body/monkey to click on things for you - this is what most people see QA as, which is silly - or B) you rely on the outsourced QA to know your product and know what is important or what all of the edge cases are.

If your product is non-trivial in size or scope, ie it is not a cookie-cutter solution, then the testing of your product will also be non-trivial if you want it to work and have a good reputation (including during those all-important live demos, poc's, etc).

QA does not mean "click on things and go through the happy path and everything is fine" - not saying you are implying that, but gosh the amount of companies that think it's child's play is crazy.

spinningD20 commented on Maybe getting rid of your QA team was bad davidkcaudill.medium.com/... · Posted by u/nlavezzo

natbennett · 2 years ago

Strongly disagree with the literal premise of this post. The idea of having a separate team with the mandate to “ensure quality” was always ridiculous. Occasionally it was helpful by accident but it was always ridiculous. “Quality” isn’t something you can bake in afterwards by testing a bunch.

Getting rid of everyone with testing expertise, and treating testing expertise as inherently less valuable that implementation expertise? Sure, you could convince me that was a bad idea.

spinningD20 · 2 years ago

Doing every quality activity "after the fact" I agree is the issue. That's the root of the problem you're seeing, not that there was a separate quality team.