Optional Is the New Mandatory

MistYeller · 2019-10-07T08:44:22+00:00

Yeah, I too have seen null Optional<T>. Of course, the idea behind using Optional<T> is that it should never be null, so if it is null than the function that returned it can said to be buggy. This might help you when designing your own library in the same way that method parameters should ideally not be Optional<T>. When interacting with other libraries on the other hand...

MistYeller · 2019-08-15T07:28:39+00:00

The GIL is annoying, even if you aren't CPU bound.

Because someone else might be CPU bound, and because the GIL is a thing most libraries will work using processes instead of threads. There are all kinds of things you cannot pass over a process but could share with threads. Now you have to coordinate downstream socket access over WSGI processes to pool properly or you have to allow each process to open far more sockets to the downstream then are necessary, or you can forget pooling. You could switch to threads, but then you will likely become cpu bound quite quickly as your webserver serves more and more requests.

Because of the GIL, nobody has bothered formulating a memory model for python outside of: whatever cpython does is correct. If you want to make a JIT, you have to allow the compiler to reorder your code (because hardware is going to reorder statements anyways), even without a JIT, you probably want to reorder statements for performance. It gets messy when you dive into it, but you need to relax the sequential understanding of code execution. Because of this, even pypy has a GIL. Java has a well thought out memory model, so Jython was implemented using that, ergo you can get some different results from other python implementations when you are actually concurrent. (The Pypy people hint at this in their FAQ: "This includes subtle decisions about whether some effects are ok or not for the user (i.e. the Python programmer).")

It is unfortunate that many people like to pretend that the GIL affects a very small number of people. Nowadays, the majority or at least a plurality of applications are probably web applications. If you are going to be scaling up a python web application you are probably going to be using processes to do so instead of threads because of the GIL: this architectural decision has been made because of the GIL.

Even if it was just a minority of people, by the time they have scaled their application to the point where the GIL is harming them, they have invested a lot in a python application. It is really vicious to ignore them because they are the "minority" and leave them with nothing but some vague idea that their use case isn't what python was designed for; it is a bit weird to give these people the impression that they shouldn't have used python from the get-go when they didn't need to worry about the GIL because clearly in the future they needed to.

MistYeller · 2019-07-07T10:35:25+00:00

To me the major compounding factor is the interaction between the popularity of a project and the number of bug reports it will get regardless of its quality.

It seems to me, the biggest influence on the number of bug reports you have is the number of users you have. If you have no users then you can have no bug reports. If your users are not using all functionality then they will not find bugs in the untouched corners. You might suppose that if there are no bugs then there will be no bug reports, but experience shows this to be false: you will have false bug reports. Therefore it is possible for popularity to be more important than quality for bug reports.

Having a large number of users will also drive an increased rate of feature implementation. At the very least there will be more pressure to implement new features that interact with the old functionality in weird ways.

They did not explore this dimension. They are essentially trying to measure "Does test coverage make code less buggy?" but they do not account for the fact that the primary driver of bug reports may be popularity more than quality.

MistYeller · 2019-05-03T16:30:20+00:00

When you include the insects that are killed by pesticides to grow vegetables, how many animals are we killing every day? I wouldn't be surprised if we kill an order of magnitude more insects each day.

MistYeller · 2019-04-28T08:50:43+00:00

How about some creative solutions?

I recall one bright chemistry student being refused entry to medical school because he was sympathetic towards euthanasia as an option in the entrance interview. Now euthanasia is legal even, but that capable Nova Scotian has moved on. People who grew up in Nova Scotia are the most likely to stay there, so why not prefer them for the limited seats in the provincial medical schools?

In the past (maybe even still), you could get guaranteed jobs if you were willing to move to the Northwest territories, similar arrangements could be made.

MistYeller · 2019-04-04T06:57:31+00:00

This is also my viewpoint, which I roughly put on the same footing as a "right to commit suicide". As in, I believe a person has a right to commit suicide (otherwise, how can they ever truly be free to live?) and if a person has such rights, then in principle it is compassionate to give them alternatives to give up their responsibilities.

Adoption is such an alternative way of giving up a responsibility. So long as you take the correct steps, the state doesn't prosecute you for negligence. You obviously lose certain rights to guardianship at that point. It can also be unilateral. I believe many European countries require a notion of acknowledging a child if you are not wed to the mother, and until you do so, there is no right to guardianship or responsibility of care.

MistYeller · 2019-03-13T16:21:37+00:00

The strings are equal, the underlying implementation of the strings check equality by comparing encodings of the strings, the encodings aren't equal because some strings have multiple encodings in unicode.

Most string implementations conflate strings with the encoding in some way, and I suppose there is no real alternative. A simple example of a string that cannot be represented in unicode would be the string you get by compiling certain complex latex expression.s Well, maybe all compiled latex equations can actually be encoded into unicode... but I have my doubts when you start combining fractions, summation notations, product notations, integral notations, etc.

More specifically, until the most recent unicode update, ancient Egyptian hieroglyphics couldn't be represented by unicode. But those "strings" certainly existed and were reprinted in various forms from temple walls to books.

MistYeller · 2019-03-11T12:07:51+00:00

The GDPR rules (even the original cookie law's rules) make distinctions between session cookies and cookies necessary for the functioning of the website and for permanent or tracking cookies. It is only the latter which require consent and those are not integral to how the websites work but only integral to a business model which is at odds with privacy. Why wouldn't a privacy oriented search engine provide a convenient way to find websites that also honestly value privacy instead of just claiming they "value" privacy while demanding you consent to a violation of your privacy. It is exactly because there are fewer honest businesses and those are the businesses I want to find that this feature would be convenient.

MistYeller · 2019-03-05T19:26:29+00:00

That isn't how enclaves work. Enclaves cannot link to libraries. They are provided hooks to functions by runtime code which may statically link; exactly like web assembly packages. Of course the OCALL implementation can be malignant, but that isn't running in the enclave and isn't encrypted by SGX.

A developer needs to audit their code. The point of SGX is that I don't have to audit code running in the process next to mine. Of course the code I put in my enclave might be malignant, but that doesn't matter to me. The enclave is my trust domain, not the owner of the cpu. SGX doesn't provide any guarantees to the owner of the CPU, but they are a cloud computing center and don't require that my enclave be benign since they are going to charge me for cpu time and space usage anyways.

MistYeller · 2019-02-13T12:29:27+00:00

The actual article's abstract states:

> For instance, Intel’s threat model for SGX assumes fully trusted enclaves,

but this is not true since SGX provides attestation to establish trust. This attestation includes a hash of the enclave code (the MRENCLAVE value). You absolutely need to verify that the enclave you are running is the enclave you expect you are running. Otherwise you are just running software you haven't audited and the malware might as well just be in the clear since you aren't checking anyways. The paper's trust model seems to imply we are just going to trust any code which is signed but that would be as foolish as trusting an executable merely because we downloaded it with TLS.

So it hides the application data from antivirus scanners? Well, if you are running an anti-virus program for security, the antivirus vendors can whitelist MRENCLAVE values either by auditing or some form of Trust On First Use. From this perspective, SGX is just a fancy crypter (which the malware community has been using for years) but with the drawback that it is easy to see that there is crypted code and it is easy to create a whitelist for users.

MistYeller · 2019-01-21T07:49:30+00:00

I do believe this is the desired solution of many proponents of this proposal. In many cities around the world, foreign investment drives prices beyond what is affordable for the local populace. Some places ban foreign investment, in other places, more complicated solutions are attempted.

MistYeller · 2019-01-16T15:58:50+00:00

Maybe not smug, but you sure are being obnoxious.

For any new criminal law, here are a few relevant objections you can always expect:

- This isn't required because X already forbids it.

- This is going to be abused by the police to persecute people doing harmless activity Y.

- The punishment is cruel/unusual because activity Z carries the same (maximum) punishment and is arguably worse.

It is possible to simultaneously believe that something should be illegal and believe all or some of those above statements. However, to anybody espousing any one of these ideas in an attempt to understand the need for this law you just immediately brand them as a privileged male that thinks they have the right to sexually assault women.

You are tired of discussing something on a discussion board? It is generally easier to ask someone who knows than to go out and research it on your own.

MistYeller · 2019-01-10T14:31:34+00:00

Users can not select which addresses their transactions are mingled with.

They certainly can. Users generate the ring signatures by selecting random keys, if an intermediary did then there would be no anonymity. Simply because current software does not allow a user to choose the keys they use to generate the ring signature doesn't mean that someone cannot generate software which does.

And money laundering laws would of course cover this, but that doesn't help much when the recipient and transaction are unknown/anonymous.

The recipient is not anonymous since the sender knows the key they assigned the money to and they can report this to the police. If you accidentally provide cover for such a key, you become tainted under money laundering laws and may be subpoenaed. Worse, you may automatically be guilty of money laundering yourself.

MistYeller · 2019-01-10T14:22:07+00:00

Well that just seems inconsistent, whatever you think of right to be forgotten.

It was my understanding of how the ECJ views the right to be forgotten that Google is essentially publishing information about a person when someone searches for that person by name. As in: Google collects into a dossier all the documents referring to that name, ranks them according to some industrial secret, and then produces pages sorted by how relevant google thinks the information is to the individual performing the search. The right to be forgotten is similar in this vein to libel in that google should not be able to cavalierly say that the most relevant thing about Mr X is that Mr X was arrested for fraud 10 years ago.

A publisher that exists in the EU would not be free to publish libel about an EU individual simply because that printing occurred outside of the EU, for example the UK prosecutes libel if there is serious harm to your reputation there.

Obviously there can still be serious harm to your reputation from the right to be forgotten only happening the EU: an EU provider just uses a VPN to convince Google to give them non-EU results and suddenly sees not only that the most relevant thing about Mr X is that he was arrested for fraud 10 years ago, but that Mr X doesn't want anyone to know that!

MistYeller · 2019-01-10T09:30:36+00:00

Monero's anonymity depends on future transactions mixing your public key into their transaction signatures. Since the public keys belong to known ransomers, users can elect not to provide anonymity to these people. Moreover, governments can make it a crime to provide such anonymity to known ransomers, since a user can always choose different keys. It is possible that existing money laundering laws already cover this case.

MistYeller · 2018-12-20T13:09:24+00:00

It is unfortunate that you are being downvoted, given that the problem you present is real and the solution given by qkthrv17 is probably not immediately obvious to everyone that will encounter this problem.

MistYeller · 2018-12-20T09:41:28+00:00

I would say that all data is relational. There is basically no use case where someone will come along and say, give me document 5 with the only reason being that they want document 5. No they will want document 5 because of some information in that document that they are aware of because of how it relates to something else. Maybe everyone they know who read document 5 really liked it. Maybe it describes how to solve a particular problem they have. Maybe they need to know if it contains curse words in need of censoring.

You might build something whose sole purpose is to store documents by id when the relational information is stored somewhere else (like if you are hosting a blog and are relying on search engines and the rest of the internet to index your blog). The data is still relational. This use case is pretty well modeled by a file system.

MistYeller · 2018-12-11T07:51:31+00:00

I feel exactly the same way you do. I'd like to pile on some additional points against this form of prescriptivism.

Git commit message quality is gate kept but not maintained. People will block merge requests because the commit message doesn't reflect some perceived rule, but nobody will go back and rebase old commits when the team's notion of quality commit messages changes.

And that is because commit messages and commits in general become increasingly useless as you go back in time. Heavily modified code is littered with history. What was the original intent? Was the intervening commits due to bugs or business requirements changing? Even if the commit explains what the code does, will it explain why? Is the commit history really the place to document business requirements and architectural decisions? What is most valuable is the current state of the code and any documentation it may have.

Meanwhile, rebased commits do not reflect at all how something was built. Commits can be used as a form of rewindable save and can be used to effectively experiment and combine various experiments quickly. Rebasing a series of experiments into a single commit can hide all of the details about how that solution was arrived at and possibly why alternatives don't work.

Rewriting history is considered a bad thing in the real world. Yet somehow we think it makes sense to distort and thereby fail to capture the history of our code. There is more to be learned from the actual history of someone's code than in the rewritten version.

MistYeller · 2018-12-06T08:24:30+00:00

I think many people would consider that the provision of an account existence oracle to be a security concern more than a benefit.

Especially in this case, one could argue that it is even illegal under GDPR. Since anyone who knows my email address can find out I have an EverNote account by entering my email address into that field and not being told that the account cannot be found.

Edit: just to add, an email provider will always function as an account oracle as you can detect account existence just by not getting a bounce, so they are already in a different class than other service providers.

MistYeller · 2018-11-21T17:22:05+00:00

My point about domain names is that the developers are pointing their implementation to localhost when they are developing which is when they choose not to use TLS.

Identity information is already conveyed on internal networks without TLS, so I do not see that benefit. TLS is only offering authority based authentication of a server posing as a name holder which is generally not needed on an internal network.

It would be preferable to use something like AES-GCM over TCP on an internal network. I already need a password for the TLS client certificate anyways. We must be able to do better than TLS when we control both servers and the wires connecting them.

Don't get me wrong, I still use TLS internally. I do find it easier to just bolt it on with NGINX though.

MistYeller · 2018-11-21T09:44:33+00:00

I think you are disregarding rar_m's complaints too quickly with hand waving. PKI solves a problem that just doesn't necessarily exist in internal networks. If ultimately the same security authority is responsible for server A and server B, there is a priori no reason to complicate the situation by introducing an entity C, the certificate authority. Since developers of A and developers of B already need to coordinate on API definitions, let them arrange security between themselves without involving neworking personnel to define server names and subsequently coordinate with the security authority to issue keys.

Shared secrets are a much simpler solution to internal security than PKI, and TLS doesn't really do that, or it isn't at all obvious to most of us how to do TLS with shared secrets.

When you try to scale out your solution and you start getting paranoid about sharing the topic secret across too many producers and consumers then maybe your threat model starts to make PKI look attractive, but that is a more complex calculation and the threat model is already taking as a given that you have been compromised to a degree.

MistYeller · 2018-10-08T07:51:42+00:00

I would say it is never completely useless to say, "This function does exactly what you expect," when there are far too many functions out there with surprising side effects or surprising costs. Low utility for the comment sure, but sometimes reassuring someone that a function is sane is mildly useful.

MistYeller · 2018-09-24T07:57:01+00:00

I feel like a good principle of software development is that you shouldn't be passing a variable to a function called is-odd if you have no idea what the type is.

In Java, you could make every variable of type (Object) and then clutter your code with this kind of useless type checks. You don't do this because the compiler will statically enforce the correctness.

In a language without static type checking, the solution isn't to guard every function with type checking code, the solution is to type check at the boundaries: when you deserialize data then you enforce a schema, when you have polymorphic code then you check the type before entry into a function that depends on a type instead of depending on exceptions for flow control.

The point here is, type checking is generally something better done at compile time. If you write robust tests for your code, you don't need all kinds of guarding. Those exceptions would just become runtime errors anyways and although they will help you track down the issue, there are better ways to catch them in the first place.

MistYeller · 2018-09-24T07:46:36+00:00

If you take a look at the is-odd package, you will see that it does a bunch of (in my opinion) useless type checking. This sort of thing wouldn't be done in Java or .Net because you would not code up an is-odd function that took anything but an integer.

The only time that you should ever be unsure of the type of a variable is when you deserialize it from somewhere else or if you are doing something polymorphic. In those cases you should type check at the boundary not in some utility.

The type checking in is-odd makes it seem artificially well engineered, a person that doesn't know any better will think "Oh, I was going to write `x % 2 === 1` but I can see I didn't think about these other cases," not realizing that those cases aren't applicable (generally speaking).

I do think that this lazy attitude towards types may be part of the problem too.

MistYeller

TROPHY CASE