If I run a PDS at home, does it replicate the BlueSky social interactions that has occurred to my posts? Or is that not seen because it occurred in the past, and the PDS is my personal archive?
I suppose my question really is, “what exactly is stored on a PDS beyond my posts?”
You can see everything she liked, but not what people liked that she posted - those are stored in the PDS of those who performed the like. This also answers your question of what’s stored in the PDS beyond your posts.
If you wanted to replicate all of the interactions with your posts by other people you’d have to consume from the firehose and store the relevant events in your own database.
Also, seems like Jay has only used Bluesky, but if you’ve ever used any other atproto apps, that info will get stored there too. For example, I’ve used FrontPage and Smoke Signal: https://atproto-browser.vercel.app/at/steveklabnik.com
But this model also has some really interesting implications on things. For example, on X, you can “soft block” someone by blocking them and then unblocking them. When you block them, it makes them not follow you any more. But since “I follow this person” is written into my PDS, if you wanted to force me to not be following you any more, that would require you deleting that record in my PDS. And you can’t write to my PDS. So the semantics end up differently.
Nginx, in 2024, still defaults to HTTP/1.0 when proxying. I imagine these are fake things, but I also wouldn’t be shocked if someone was using Nginx as a proxy and not realising they need to set proxy_http_version 1.1;
Backwards compatibility is great, but not using at least HTTP/1.1 today will cause some clients and servers issues, such as (as mentioned in the Nginx documentation) not being able to use keepalives.
Not using (at least) HTTP/1.1 is like not supporting TLS with SNI. It’s not really viable on the modern Internet.
That is definitely a gotcha I would have to check my own nginx configs for. Something something backwards compatibility of configs would make this a breaking change?
This reminds me of Solaris profile shells. I used to find these really useful when I was a Solaris sysadmin. Where previously I’d had to give some owners of a service full root access in sudo to manage their service, I was able to replace that with an RBAC profile and tell them “here, just run pfexec ”, or if they really wanted, switch their shell to pfbash.
I’ve always wanted similar on non-Solaris systems.
Zerolog looks like a hell of an interesting system
I’ve used zerolog in quite a few systems and I really like it. It’s a bit un-Go like in using the builder pattern (you see that code around, but it feels less common to me) but for this use case it works well.
These days I tend to start new things with the new stdlib log/slog package instead, but it’s not as nice to use as zerolog.
My “favourite”* thing related to Nginx is Avoiding the Top 10 NGINX Configuration Mistakes. To me this entire post can be summarised as “our default are bad and we should feel bad, but we’ll make you feel bad instead”.
Nginx has so many footguns that I just can’t recommend it for anything other than very simple or hobby setups anymore. It was great at being an Apache httpd alternative 20 years ago, but it’s really showing its age now.
* Meaning, wow this post should not have to exist.
No but really, Mistake 6 is “if you use an if statement in the wrong kind of scope, you can get memory corruption”.
That’s right, nginx.conf is a memory unsafe language. And they could 100% check for this one at config-load time, it’s entirely a static (syntactic, even) property. But they don’t, because there is no safety culture there.
Oh damn, they took that down? That was one of my favorite things on the internet!
Anything else may possibly cause unpredictable behaviour, including potential SIGSEGV.
It is important to note that the behaviour of if is not inconsistent, given two identical requests it will not randomly fail on one and work on the other, with proper testing and understanding ifs ‘’’can’’’ be used.
It depends on the use case. Caddy is great for simple setups and gets you TLS for free. You can’t do that with Nginx. (Caddy is great for more complex setups too, but I mention simple here because you can run it with almost no configuration and have working system with TLS.)
Traefik is next on my list. Great for containerised environments as it can do auto discovery. It has a lot of tricks up its sleeve, and also has automatic TLS support. More configuration needed than Caddy.
For complex requirements, such as that described by the OP, I’d suggest Envoy. It’s a complex beast, but very powerful. At work I’m starting to replace our Nginx-based proxies with Envoy, and am writing a custom control plane for it.
For large or complex deployments I’m generally in favour of having the centralised control plane approach so that all your proxies get configured consistently. With Nginx I’m tired of having masses of templated configuration files and getting them in to Kubernetes pods.
Nginx has so many footguns that I just can’t recommend it for anything other than very simple or hobby setups anymore. It was great at being an Apache httpd alternative 20 years ago, but it’s really showing its age now.
I suppose this is hyperbole but if my memory is not failing me, nginx was just a blip in 2006-2007 era and was all the rage up until 2014-15, so I’d say it was absolutely great 10 years ago, I can only not comment about the state after that.
That doesn’t mean it wasn’t perfect or had no footguns, but you’re making it sound like it was a liability. It was not.
This is just the Swift language. I’m not aware of SwiftUI being available on other platforms, although rumour has it The Browser Company made it work for Arc on Windows.
There’s no SwiftUI clone, but the Adwaita integration is pretty neat IMO, and probably the most user-friendly integration to GNOME that I’ve ever seen.
GitHub’s UI does not allow us to review or comment on commit messages for pull requests.
I don’t understand this. You can comment on anything you like in a GitHub PR. Code review has a specific special UI, but people leave feedback on other things all the time as a normal comment.
I suppose it’s a bit awkward if you’re like, “I don’t like bef1482‘s commit message, can you remove the punctuation and fix the blah and make it 50 characters or less”, and then they do that, but now bef1482 doesn’t exist. When you comment on code, the context sticks around even when it gets force-pushed away, but that wouldn’t happen reliably for the commit messages. I think it’s a valid enough gripe, even though there’s nothing really stopping you like you say.
If you compare Github interface to e.g. Gerrit it’s easier to understand: I’m Gerrit the commit message looks like a pseudo-file and you can comment say, on line 2 of that commit message that you want something adjusted.
While you can read the commit message, and you can leave a comment that relates to the commit message, they’re not actually linked - you can’t comment on the commit message like you can a line of code in the diff. Tools like Gerrit include the commit message as part of the diff to allow this.
You can’t comment on lines of the commit message in diff view; but you can in just a regular comment say, “I don’t like Foo of commit bef1482” which will be automatically linked to the commit. I agree though that it could be helpful to have collapsable review style comments on the message itself that follow even after forced pushes/commit message re-writes.
No, if a PR has multiple commits and you want to review them 1 by 1, you can’t add comments on the commit. It makes sense to me because some changes in a commit can be overridden in a newer commit, so the comments would be on outdated code. I guess this encourages making smaller PRs.
I guess DNS, like SMTP, is a service no one bothers to run anymore. Personally, I run my own DNS server, so it’s easy enough for me to maintain my own zone files, with comments (and keep them in git if I so choose). However, my DNS server is firewalled off, and my host provider’s DNS servers (which are listed as the authoritative nameserver for my domains) are configured to slave off my server.
I ran my own DNS and mail servers for maybe 20 years, but it’s no longer fun anymore and I don’t have the time to sysadmin any of it properly, so I’m happy to pay people who do.
I had never heard of either of the projects and have been using plain old Terraform to manage DNS records where possible. Thanks for throwing these out there as viable alternatives!
I used to use Terraform, but I’ve been incredibly burned out by Terraform for other things so even though it’s “fine” for DNS, I gave up on it there too. The quality and consistency of providers makes Terraform a bit annoying to use if you have DNS with multiple providers.
I use some stupid simple scripts i wrote and GitHub Actions workflows to drive DNSControl and manage my records on Cloudflare via API, and a small handful of self-hosted DNS servers via AXFR/RFC DDNS updates all via a GitHub repository: https://github.com/b-/dns-zones
It’s hacky and disorganized, but it works perfectly for me.
I probably should organize it better and do a blog post one of these days.
In my mental model, when I say brew install python, I am telling homebrew “go ahead and install a version of python for yourself”, rather than “install a version of python for me”.
For me this is the most fundamental problem with Homebrew. If I’m explicitly installing some software it’s because I want to use it, not because I want some other software to use it for itself.
The general advice I’ve seen is “don’t use the system-provided python, it’s for system thing”, which is fair enough. Installing your own copy means you get the version you want (probably) and an OS upgrade might not break your things. Except with Homebrew every python upgrade breaks your things.
Like @calvin I tend to prefer MacPorts. For me it handles these things much better, and you can have multiple versions installed, with only one “active” at a time. But I agree with Calvin that MacPorts-the-project has issues because it has so few people actively working on it and things like binary builds for new OS releases can take a long time to appear as they don’t have enough infrastructure.
For me this is the most fundamental problem with Homebrew. If I’m explicitly installing some software it’s because I want to use it, not because I want some other software to use it for itself.
I share this dissonance. But once I started putting “homebrew installed python” into the same bucket as “system installed python” and switched my “python for me” step to brew install pyenv; pyenv install ... I was able to like homebrew again. (Also, I love the way pyenv lets me keep multiple versions of python installed and easily pin them on a per-project basis.)
Another vote for this. I like Homebrew quite a lot, but I don’t rely on it for any version-specific languages that I need to use. Which is more or less what the author is saying.
I self-hosted for around 20 years, initially from a server at home off my DSL line when I first upgraded from dial-up, eventually moving to a colocated server, then I got bored of maintaining hardware (it was also my day job) and moved between VPSes several times. Eventually I got bored of trying to keep up with spam filtering - and for a while outsourced inbound MX to a service run by friends who did a much better job at spam filtering than me - but in the end I realised running my own mail server wasn’t worth my time any more. Given how long I ran it myself, it’s pretty good that I only really messed things up 2 or 3 times, but even so few occurrences made me doubt ever wanting to touch the setup. Even a “straightforward” Exim upgrade once silently broke something that I wasn’t made aware of for several days.
Now I’m on Fastmail and couldn’t be happier. The service is fantastic and the webmail is great. Best webmail I’ve ever used - and so much better than Gmail. I consider the cost of Fastmail offset by no longer running a VPS and my own time of maintaining it.
I’d like to know if you have a custom domain (especially one with a nonstandard TLD like .bike, .cc, .ke, etc.) and whether that complicates things for you (mostly with regard to getting flagged as spam).
I have many! My “main” domains are “standard” - .co.uk, .com, .net, but I also have some in .im, .li, .ninja, .dev. No issues there.
I feel about the same as James here (and indeed use FreeBSD now based on his recommendation), but I was running mail for a group of people, if a steadily shrinking set. [1] So I felt like I’d best keep going for my users.
I was able to get the server management under control over time. Key things were:
automating the server build env (KVM + a salt bootstrap, oddly the bootstrap especially was just much easier with FreeBSD than Debian preseed)
use OpenSMTPD + the Rspamd filter (the naive bayes classifier is fine, though I had to disable some negative scoring for DKIM, etc)
writing tests for the server build
It’s been OK and kinda fun, especially once Let’s Encrypt made TLS certs affordable and low stress. Deliverabilty is weirdly OK, too, best I can tell.
But, yeah, if you’re doing just your own mail, I dunno. Best do what sounds fun.
[1] Artifex.org started on an ISDN line in 1996, moved to Hurricane Electric with the California Community Colocation Project, moved to an admin’s fiber line for many years outside Sacramento, and then went virtual (and from Debian to FreeBSD) with the CCCP’s successor, IO Cooperative. Oddly enough, after a move I helped out on in early 2021, it’s now back at Hurricane Electric, though in their newer facility.
Am I just lucky or is the M1 significantly less flaky than the M2? My M1 Pro has been happily buzzing along since I got it last year, I don’t think I’ve seen more than a couple apps crash. If anything, it’s been more stable than the Intel Mac it replaced.
I have an M1 Pro MacBook Pro and an M2 Pro Mac mini. Both are great.
I’ve had none of the flakiness described in the article, in hardware or software.
If anything Ventura on my Apple silicon machines is more stable than on my (work-provided) Intel-based MacBook Pro, which has had several weird crashes. I’m more inclined to put any issues down to the OS than the hardware.
This has been my experience as well. I have so few problems with the M1 that I can’t come up with any off the top of my head. The machine has been chugging along happily for 2 years. This is what prompted me to to seriously consider the M2.
I’m curious why you thought an M2 was much of an upgrade from an M1 in the first place. It’s well documented in many reviews that it’s only an incremental improvement over M1, and so only more likely to be worth it if coming from an older machine.
I’ve been using a maxed out M1 Max MBP since it was released. Very few problems.
But Apple does do lots of arbitrarily stupid stuff with their OSs and apps. I’m not here to defend the stupidity. I can totally understand someone getting frustrated with macOS.
For software development, though, it has been a great machine for me.
Tailscale: Securing access to my various servers and getting access to devices at home when away was always such a pain and slightly complicated in the past. Now it’s dead easy and I don’t have to think about it. It just works.
Shottr: I didn’t think I needed a screenshot tool before I came across Shottr, and now I use it all the time. It’s great for being able to preview screenshots, add markup, etc. It’s a really great little tool.
Some alternative i love and that do the same things:
zerotier for securing my home network. Equivalent to tailscale, zero-conf, just works. It makes it very easy to secure access to a local instance of home assistance.
I recently looked into it for the same reasons, and if you’re looking for a really no-frills registrar with a world-class security team (which was my priority) it looks like AWS Route53 Domains is really the only choice. The other option would be Google Domains, but I don’t trust their account closure policies.
The list of TLDs they support has grown significantly, and they have everything I own but Google’s .dev.
The UI is not particularly friendly, being the AWS console, but I use dnscontrol anyway.
My bias here is that I generally trust a large business with serious customers that have confidentiality demands like AWS more than small businesses that market themselves as “privacy first” (with few exceptions).
My previous employer basically had no path. All engineers are ICs (some are tech leads or team leads), but there’s no levelling there, so you can either move sideways (to another team or department) or hope a tech lead role opens up, or move to management. I was the tech lead for my team in my time zone, so there was no real opportunity for others in my team to level up in any official way. This frustrated a few of my team members quite a bit.
My current employer has a great career path for ICs which is well supported at a company level and managers are strongly encouraged to work with their reports to make sure they’re getting what they want from their career and promotion ambitions.
Now I’m at the Staff level (and as a tech lead) I’ve started reading The Staff Engineer’s Path. It’s a great read so far and I can really relate to everything it talks about.
I’m quite skeptical of a book that starts the blurb with:
For years, companies have rewarded their most effective engineers with management positions
The first company that I’m aware of that stopped doing this was HP in the ‘80s. They had explicit management vs engineering paths and normalised the idea that an engineer might be at a higher level than the manager that they reported to (managing a small team may not require a senior manager, but the work that they’re doing may require some of the most senior engineers in the company). This has been something covered in a lot of different management theory books that I’ve read and seems to be universally regarded as a good idea (I’ve never read anything defending the management-is-the-only-promotion-path idea, the closest is to recognise that it’s good for managers of engineers to be able to understand explanations that engineers give and so they should have some relevant technical background).
At Microsoft, I think the two-track approach was introduced in the ’90s, possibly earlier. The IC track ends with Partner, Distinguished Engineer, and Technical Fellow. A TF is the same level as a Corporate Vice President and is invited to the senior leadership team retreats and things but does not (normally) have any people-management responsibilities. As I understand it, the only level above CVP is Executive Vice President (and CEO) and those are somewhat intrinsically management roles.
It definitely depends on the company, and the size of the company. All the companies you name are behemoths, and I’m not surprised they all have a good two-track system.
My previous employer was a startup that grew quickly and took a very long time to even have formal managers. 10 years later they still don’t really have any real track for ICs, as I mentioned, and from what I’ve seen this is relatively common amongst tech companies that are still relatively immature and don’t take an early decision to create a good career path.
I understand your skepticism, but as usual it’s all about context and experience. My current role is the first job I’ve had in my 20 years of working that actually has a good career path.
I understand your skepticism, but as usual it’s all about context and experience. My current role is the first job I’ve had in my 20 years of working that actually has a good career path.
I’m more skeptical of the book than the idea but my experience is somewhat tarnished by having recently had to do a load of manager training that got very excited about ideas that I’d read in books published in the ’70s and ’80s as if they were previously unheard of.
It’s hard for very small companies to have this kind of separation, but it’s something that you can introduce as soon as you have a management track and it’s something that pretty much everything that I’ve ever read about managing engineers tells you to do. If a company doesn’t do it then I have to wonder what they’re doing in terms of expectations for managers.
I was at HPE within the past decade. My first manager was an individual contributor who was promoted into management so that the team did not collapse, and incidentally they were also the person who built the product initially. My second manager was an external hire who did not know how to code. It looks to me like the book has a reasonable grasp of the situation.
the idea that an engineer might be at a higher level than the manager that they reported to
What does “level” mean in practise, at this point? Is it just about compensation, parking spaces, corner offices and generous travel allowances? Or is there some sort of implicit authority that comes with a higher level? (And what then does it mean to manage someone at a higher level?)
What does “level” mean in practise, at this point? Is it just about compensation, parking spaces, corner offices and generous travel allowances? Or is there some sort of implicit authority that comes with a higher level? (And what then does it mean to manage someone at a higher level?)
Seniority along their respective tracks. This normally comes with increased compensation and so on. Authority is contextual, but someone at a higher level on the management track would be expected to be able to manager higher-stakes and larger teams than a more junior person. Similarly, someone at a higher level on the engineering track would be expected to be able to solve more difficult engineering problems (for example, design the architecture for larger systems, implement things with more constraints on resources, and so on).
Managing a senior engineer does not intrinsically require a more senior manager (often the reverse, since a more senior engineer may be more able to articulate their requirements and more able to accurately predict schedules) and that was something that their model reflected.
I see. It sounds to me like the contextuality of the levels makes it hard to compare an engineering level to a management level, aside from compensation and similar.
I would strongly disagree with this. Unless the script is very simple - only single commands, few variables - shell scripts can have many pitfalls that many people don’t realise until things go wrong. Pipelines and subshells and their side effects are not widely understood, for example.
Don’t get me wrong, shell scripts do have their place, but for anything even vaguely complex they’re generally the wrong choice. Use the right tool for the job.
You can do a lot of useful stuff with simple bash scripts.
I’m not disputing that. I’ve been writing shell scripts for a very long time, and I use them where they’re appropriate. What I am disputing is your statement that the maintenance cost of shell scripts is lower compared to other languages. If you’re only ever writing simple scripts this is often true; but if you’re comparing shell to other languages there was probably a need to use the other language in the cases they were used.
They can even be indeterministic:
Indeed. You’re kind of making my argument for me. :-)
With “maintenance cost” I do not mean the cost to change the functionality. I mean that from time to time you have to change your script because the language changes. I expect Bash to have less of these breaking changes than most other languages.
Python in my opinion is an example for high maintenance cost. They sometimes do backwards-incompatible changes within a major version. For example Python 3.7 introduced “async” as a reserved keyword, breaking code that used “async” as a variable name.
If you follow each version update of Python, you will probably recognize all breaking changes as deprecations in earlier versions. But if I would just write a script, leave it alone for 10 years and then try to run it with the latest Python version, I would not bet on it running without errors. Whereas for bash scripts I would assume they still work.
But for bash scripts it totally depends on which programs you call.
You can put this directly in your .gitconfig. I have the following in mine:
# "commit fix <commit>" - Add index files to given commit without changing
# its message. For more control, create a temp commit, then "rebase -i" and
# use fixup and edit (which lets you change commits msgs)
cfix = "!f() { \
local committofix=${1:-HEAD}; \
git commit --fixup="$committofix"; \
git rebase -i --autosquash "$committofix"^; \
}; f"
I do something similar, but in a more generic way. I have two “search engines” defined in Chrome, one called Jira and the other called JQL.
Jira is defined as https://company.atlassian.net/secure/QuickSearch.jspa?searchString=%s
JQL is defined as https://company.atlassian.net/issues/?jql=%s
The Jira one means I can do jira<space>project foo which activates Jira’s “smart” search and, if project is a valid Jira project, searches for foo in that project, or otherwise does a more generic text search for project foo; and jira<space>project-1234 also takes you right to ticket PROJECT-1234 as in this blog post.
For those that use Alfred on macOS you can also create a similar search there, using {query} instead of %s
Yes, Alfred is what I use and it’s extremely useful for this. My shortcut is jira and putting in a ticket number will go straight to it.
I also created a workflow to take the full URL of a Jira ticket from my clipboard and replace it with just the ticket. All this saves a great deal of tedium.
Yes the QuickSearch one is great, and that’s what I have j aliased to in Firefox. You can type in a ticket ID or a search term or whatever.
One really frustrating thing is that Jira then redirects you to a combination search/ticket view and puts the first result’s ID in the URL bar. This makes it that much harder for people to reverse-engineer the search URL!
If I run a PDS at home, does it replicate the BlueSky social interactions that has occurred to my posts? Or is that not seen because it occurred in the past, and the PDS is my personal archive?
I suppose my question really is, “what exactly is stored on a PDS beyond my posts?”
A PDS stores everything you do, but not what is done to you.
You can view everything about an account, i.e. what’s in the PDS, e.g. for Jay Graber (the Bluesky CEO): https://atproto-browser.vercel.app/at/jay.bsky.team
You can see everything she liked, but not what people liked that she posted - those are stored in the PDS of those who performed the like. This also answers your question of what’s stored in the PDS beyond your posts.
If you wanted to replicate all of the interactions with your posts by other people you’d have to consume from the firehose and store the relevant events in your own database.
I see. Thank you for the clarification.
Also, seems like Jay has only used Bluesky, but if you’ve ever used any other atproto apps, that info will get stored there too. For example, I’ve used FrontPage and Smoke Signal: https://atproto-browser.vercel.app/at/steveklabnik.com
But this model also has some really interesting implications on things. For example, on X, you can “soft block” someone by blocking them and then unblocking them. When you block them, it makes them not follow you any more. But since “I follow this person” is written into my PDS, if you wanted to force me to not be following you any more, that would require you deleting that record in my PDS. And you can’t write to my PDS. So the semantics end up differently.
Can’t help but laugh at FrontPage being something other than the ill-fated Microsoft website designer!
Is there a way to force, or perhaps request, an unfollow? The docs aren’t clear.
via
app.bsky.graph.follow(i.e. a Bluesky follow), no. An alternative app could use a lexicon with a req/ack system for its follows.so forcing an unfollow would be deleting the follow acknowledgement from your repo, which the AppView would catch and sever the relation
Oh hey, I was referenced in a cks post!
I said:
(Reference)
Backwards compatibility is great, but not using at least HTTP/1.1 today will cause some clients and servers issues, such as (as mentioned in the Nginx documentation) not being able to use keepalives.
Not using (at least) HTTP/1.1 is like not supporting TLS with SNI. It’s not really viable on the modern Internet.
That is definitely a gotcha I would have to check my own nginx configs for. Something something backwards compatibility of configs would make this a breaking change?
That’s my guess for why it’s never been modernised. Then again, when Nginx was first released HTTP/1.1 was already 7 years old 🤷
This reminds me of Solaris profile shells. I used to find these really useful when I was a Solaris sysadmin. Where previously I’d had to give some owners of a service full root access in sudo to manage their service, I was able to replace that with an RBAC profile and tell them “here, just run pfexec ”, or if they really wanted, switch their shell to pfbash.
I’ve always wanted similar on non-Solaris systems.
This looks cool. I adopted devenv for a project recently and I’m loving it.
That’s great to hear :)
My Atlas probe turned 10 years old this year 💪🏻
It’s such a useful service. I use it regularly for work (and my company is a sponsor).
It’s interesting ’cause some of the most convenient parts are not particularly boring! At least to me.
I suppose none of this is really about the code though, but about the data. Which makes sense, on several levels.
I’ve used zerolog in quite a few systems and I really like it. It’s a bit un-Go like in using the builder pattern (you see that code around, but it feels less common to me) but for this use case it works well.
These days I tend to start new things with the new stdlib log/slog package instead, but it’s not as nice to use as zerolog.
My “favourite”* thing related to Nginx is Avoiding the Top 10 NGINX Configuration Mistakes. To me this entire post can be summarised as “our default are bad and we should feel bad, but we’ll make you feel bad instead”.
Nginx has so many footguns that I just can’t recommend it for anything other than very simple or hobby setups anymore. It was great at being an Apache httpd alternative 20 years ago, but it’s really showing its age now.
* Meaning, wow this post should not have to exist.
Yeah, number 6 will terrify you!
No but really, Mistake 6 is “if you use an
ifstatement in the wrong kind of scope, you can get memory corruption”. That’s right, nginx.conf is a memory unsafe language. And they could 100% check for this one at config-load time, it’s entirely a static (syntactic, even) property. But they don’t, because there is no safety culture there.It’s amusing that, prior to the F5 acquisition, the Nginx wiki had a document called “If is Evil”. F5 seem to have taken that down now. Thank goodness for the Internet Archive! https://web.archive.org/web/20230802145207/https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
Oh damn, they took that down? That was one of my favorite things on the internet!
Gotta love the triple scare quotes!
What alternatives to nginx would you recommend?
It depends on the use case. Caddy is great for simple setups and gets you TLS for free. You can’t do that with Nginx. (Caddy is great for more complex setups too, but I mention simple here because you can run it with almost no configuration and have working system with TLS.)
Traefik is next on my list. Great for containerised environments as it can do auto discovery. It has a lot of tricks up its sleeve, and also has automatic TLS support. More configuration needed than Caddy.
For complex requirements, such as that described by the OP, I’d suggest Envoy. It’s a complex beast, but very powerful. At work I’m starting to replace our Nginx-based proxies with Envoy, and am writing a custom control plane for it.
For large or complex deployments I’m generally in favour of having the centralised control plane approach so that all your proxies get configured consistently. With Nginx I’m tired of having masses of templated configuration files and getting them in to Kubernetes pods.
Caddy seems popular.
I suppose this is hyperbole but if my memory is not failing me, nginx was just a blip in 2006-2007 era and was all the rage up until 2014-15, so I’d say it was absolutely great 10 years ago, I can only not comment about the state after that.
That doesn’t mean it wasn’t perfect or had no footguns, but you’re making it sound like it was a liability. It was not.
Is there a SwiftUI clone for Linux that people use? Or is this just Swift the core language?
This is just the Swift language. I’m not aware of SwiftUI being available on other platforms, although rumour has it The Browser Company made it work for Arc on Windows.
There are a few similar things around yes, but not SwiftUI itself
There’s no SwiftUI clone, but the Adwaita integration is pretty neat IMO, and probably the most user-friendly integration to GNOME that I’ve ever seen.
I don’t understand this. You can comment on anything you like in a GitHub PR. Code review has a specific special UI, but people leave feedback on other things all the time as a normal comment.
I suppose it’s a bit awkward if you’re like, “I don’t like
bef1482‘s commit message, can you remove the punctuation and fix the blah and make it 50 characters or less”, and then they do that, but nowbef1482doesn’t exist. When you comment on code, the context sticks around even when it gets force-pushed away, but that wouldn’t happen reliably for the commit messages. I think it’s a valid enough gripe, even though there’s nothing really stopping you like you say.Awkward as hell is what it is. Reviewing commit messages is miserable.
If you compare Github interface to e.g. Gerrit it’s easier to understand: I’m Gerrit the commit message looks like a pseudo-file and you can comment say, on line 2 of that commit message that you want something adjusted.
Sample “PR”, although it doesn’t have any comments on the commit file: https://android-review.googlesource.com/c/platform/tools/security/+/3108165
While you can read the commit message, and you can leave a comment that relates to the commit message, they’re not actually linked - you can’t comment on the commit message like you can a line of code in the diff. Tools like Gerrit include the commit message as part of the diff to allow this.
You can’t comment on lines of the commit message in diff view; but you can in just a regular comment say, “I don’t like Foo of commit bef1482” which will be automatically linked to the commit. I agree though that it could be helpful to have collapsable review style comments on the message itself that follow even after forced pushes/commit message re-writes.
No, if a PR has multiple commits and you want to review them 1 by 1, you can’t add comments on the commit. It makes sense to me because some changes in a commit can be overridden in a newer commit, so the comments would be on outdated code. I guess this encourages making smaller PRs.
You can leave a comment on the commit if you’re going 1-by-1, but not the commit message
which leads to:
https://github.com/firebase/firebaseui-web-react/pull/173/commits/acb47b46dc39682d13f2b117524bda95ec1aeddf
Which goes away if anyone force pushes, as it’s tied to the sha, and not the change.
I haven’t seen this happen, I suspect you’re referring to general comments on commits
GitHub allows you to:
I haven’t seen comments on (2) lost after a force push, they should still available on the PR overview.
Oh I didn’t know, thanks
They slow down your code by 500%* if your code does nothing else.
There’s some good advice on sentinel errors in the article as well though.
*the article was updated from 3000% to 500%
Is there a way to update the title here?
I used “suggest” to submit a change and it was accepted.
Got it. I don’t see “suggest” for this link. I suppose that’s because I posted it. Thanks for getting the change made.
Interesting going with a “roll your own” solution when there’s already some good things out there.
DNSControl and OctoDNS are both great.
I guess DNS, like SMTP, is a service no one bothers to run anymore. Personally, I run my own DNS server, so it’s easy enough for me to maintain my own zone files, with comments (and keep them in
gitif I so choose). However, my DNS server is firewalled off, and my host provider’s DNS servers (which are listed as the authoritative nameserver for my domains) are configured to slave off my server.I ran my own DNS and mail servers for maybe 20 years, but it’s no longer fun anymore and I don’t have the time to sysadmin any of it properly, so I’m happy to pay people who do.
I had never heard of either of the projects and have been using plain old Terraform to manage DNS records where possible. Thanks for throwing these out there as viable alternatives!
I used to use Terraform, but I’ve been incredibly burned out by Terraform for other things so even though it’s “fine” for DNS, I gave up on it there too. The quality and consistency of providers makes Terraform a bit annoying to use if you have DNS with multiple providers.
I use some stupid simple scripts i wrote and GitHub Actions workflows to drive DNSControl and manage my records on Cloudflare via API, and a small handful of self-hosted DNS servers via AXFR/RFC DDNS updates all via a GitHub repository: https://github.com/b-/dns-zones
It’s hacky and disorganized, but it works perfectly for me.
I probably should organize it better and do a blog post one of these days.
For me this is the most fundamental problem with Homebrew. If I’m explicitly installing some software it’s because I want to use it, not because I want some other software to use it for itself.
The general advice I’ve seen is “don’t use the system-provided python, it’s for system thing”, which is fair enough. Installing your own copy means you get the version you want (probably) and an OS upgrade might not break your things. Except with Homebrew every python upgrade breaks your things.
Like @calvin I tend to prefer MacPorts. For me it handles these things much better, and you can have multiple versions installed, with only one “active” at a time. But I agree with Calvin that MacPorts-the-project has issues because it has so few people actively working on it and things like binary builds for new OS releases can take a long time to appear as they don’t have enough infrastructure.
I share this dissonance. But once I started putting “homebrew installed python” into the same bucket as “system installed python” and switched my “python for me” step to
brew install pyenv; pyenv install ...I was able to like homebrew again. (Also, I love the way pyenv lets me keep multiple versions of python installed and easily pin them on a per-project basis.)Another vote for this. I like Homebrew quite a lot, but I don’t rely on it for any version-specific languages that I need to use. Which is more or less what the author is saying.
My previous provider was… me :-)
I self-hosted for around 20 years, initially from a server at home off my DSL line when I first upgraded from dial-up, eventually moving to a colocated server, then I got bored of maintaining hardware (it was also my day job) and moved between VPSes several times. Eventually I got bored of trying to keep up with spam filtering - and for a while outsourced inbound MX to a service run by friends who did a much better job at spam filtering than me - but in the end I realised running my own mail server wasn’t worth my time any more. Given how long I ran it myself, it’s pretty good that I only really messed things up 2 or 3 times, but even so few occurrences made me doubt ever wanting to touch the setup. Even a “straightforward” Exim upgrade once silently broke something that I wasn’t made aware of for several days.
Now I’m on Fastmail and couldn’t be happier. The service is fantastic and the webmail is great. Best webmail I’ve ever used - and so much better than Gmail. I consider the cost of Fastmail offset by no longer running a VPS and my own time of maintaining it.
I have many! My “main” domains are “standard” - .co.uk, .com, .net, but I also have some in .im, .li, .ninja, .dev. No issues there.
I feel about the same as James here (and indeed use FreeBSD now based on his recommendation), but I was running mail for a group of people, if a steadily shrinking set. [1] So I felt like I’d best keep going for my users.
I was able to get the server management under control over time. Key things were:
It’s been OK and kinda fun, especially once Let’s Encrypt made TLS certs affordable and low stress. Deliverabilty is weirdly OK, too, best I can tell.
But, yeah, if you’re doing just your own mail, I dunno. Best do what sounds fun.
[1] Artifex.org started on an ISDN line in 1996, moved to Hurricane Electric with the California Community Colocation Project, moved to an admin’s fiber line for many years outside Sacramento, and then went virtual (and from Debian to FreeBSD) with the CCCP’s successor, IO Cooperative. Oddly enough, after a move I helped out on in early 2021, it’s now back at Hurricane Electric, though in their newer facility.
SREcon EMEA. SREcon is one of my favourite conferences. Always lots of great content and I always enjoy a trip to Dublin.
If I get to go this year it will be my first time going to a conference since Covid which could be… interesting.
Am I just lucky or is the M1 significantly less flaky than the M2? My M1 Pro has been happily buzzing along since I got it last year, I don’t think I’ve seen more than a couple apps crash. If anything, it’s been more stable than the Intel Mac it replaced.
I have an M1 Pro MacBook Pro and an M2 Pro Mac mini. Both are great.
I’ve had none of the flakiness described in the article, in hardware or software.
If anything Ventura on my Apple silicon machines is more stable than on my (work-provided) Intel-based MacBook Pro, which has had several weird crashes. I’m more inclined to put any issues down to the OS than the hardware.
This has been my experience as well. I have so few problems with the M1 that I can’t come up with any off the top of my head. The machine has been chugging along happily for 2 years. This is what prompted me to to seriously consider the M2.
o_O
Doubleplus ungood.
I’m curious why you thought an M2 was much of an upgrade from an M1 in the first place. It’s well documented in many reviews that it’s only an incremental improvement over M1, and so only more likely to be worth it if coming from an older machine.
Wow. That is not good to hear.
Ah well, maybe it’s another justification for a 2nd hand M1 when they get cheap enough…
I’ve been using a maxed out M1 Max MBP since it was released. Very few problems.
But Apple does do lots of arbitrarily stupid stuff with their OSs and apps. I’m not here to defend the stupidity. I can totally understand someone getting frustrated with macOS.
For software development, though, it has been a great machine for me.
Tailscale: Securing access to my various servers and getting access to devices at home when away was always such a pain and slightly complicated in the past. Now it’s dead easy and I don’t have to think about it. It just works.
Shottr: I didn’t think I needed a screenshot tool before I came across Shottr, and now I use it all the time. It’s great for being able to preview screenshots, add markup, etc. It’s a really great little tool.
Some alternative i love and that do the same things:
zerotier for securing my home network. Equivalent to tailscale, zero-conf, just works. It makes it very easy to secure access to a local instance of home assistance.
flameshot for screenshots
oh and since it’s not mentioned yet, for mobile: binary eye for anything qr code and barcode scanning
I recently looked into it for the same reasons, and if you’re looking for a really no-frills registrar with a world-class security team (which was my priority) it looks like AWS Route53 Domains is really the only choice. The other option would be Google Domains, but I don’t trust their account closure policies.
The list of TLDs they support has grown significantly, and they have everything I own but Google’s
.dev.The UI is not particularly friendly, being the AWS console, but I use dnscontrol anyway.
My bias here is that I generally trust a large business with serious customers that have confidentiality demands like AWS more than small businesses that market themselves as “privacy first” (with few exceptions).
Interestingly, it looks like AWS isn’t actually a registrar and themselves use Gandi (amongst others) for domain registration: https://aws.amazon.com/route53/domain-registration-agreement/ §2.1.
Not just managers, but companies in general.
My previous employer basically had no path. All engineers are ICs (some are tech leads or team leads), but there’s no levelling there, so you can either move sideways (to another team or department) or hope a tech lead role opens up, or move to management. I was the tech lead for my team in my time zone, so there was no real opportunity for others in my team to level up in any official way. This frustrated a few of my team members quite a bit.
My current employer has a great career path for ICs which is well supported at a company level and managers are strongly encouraged to work with their reports to make sure they’re getting what they want from their career and promotion ambitions.
Now I’m at the Staff level (and as a tech lead) I’ve started reading The Staff Engineer’s Path. It’s a great read so far and I can really relate to everything it talks about.
I’m quite skeptical of a book that starts the blurb with:
The first company that I’m aware of that stopped doing this was HP in the ‘80s. They had explicit management vs engineering paths and normalised the idea that an engineer might be at a higher level than the manager that they reported to (managing a small team may not require a senior manager, but the work that they’re doing may require some of the most senior engineers in the company). This has been something covered in a lot of different management theory books that I’ve read and seems to be universally regarded as a good idea (I’ve never read anything defending the management-is-the-only-promotion-path idea, the closest is to recognise that it’s good for managers of engineers to be able to understand explanations that engineers give and so they should have some relevant technical background).
At Microsoft, I think the two-track approach was introduced in the ’90s, possibly earlier. The IC track ends with Partner, Distinguished Engineer, and Technical Fellow. A TF is the same level as a Corporate Vice President and is invited to the senior leadership team retreats and things but does not (normally) have any people-management responsibilities. As I understand it, the only level above CVP is Executive Vice President (and CEO) and those are somewhat intrinsically management roles.
It definitely depends on the company, and the size of the company. All the companies you name are behemoths, and I’m not surprised they all have a good two-track system.
My previous employer was a startup that grew quickly and took a very long time to even have formal managers. 10 years later they still don’t really have any real track for ICs, as I mentioned, and from what I’ve seen this is relatively common amongst tech companies that are still relatively immature and don’t take an early decision to create a good career path.
I understand your skepticism, but as usual it’s all about context and experience. My current role is the first job I’ve had in my 20 years of working that actually has a good career path.
I’m more skeptical of the book than the idea but my experience is somewhat tarnished by having recently had to do a load of manager training that got very excited about ideas that I’d read in books published in the ’70s and ’80s as if they were previously unheard of.
It’s hard for very small companies to have this kind of separation, but it’s something that you can introduce as soon as you have a management track and it’s something that pretty much everything that I’ve ever read about managing engineers tells you to do. If a company doesn’t do it then I have to wonder what they’re doing in terms of expectations for managers.
I was at HPE within the past decade. My first manager was an individual contributor who was promoted into management so that the team did not collapse, and incidentally they were also the person who built the product initially. My second manager was an external hire who did not know how to code. It looks to me like the book has a reasonable grasp of the situation.
What does “level” mean in practise, at this point? Is it just about compensation, parking spaces, corner offices and generous travel allowances? Or is there some sort of implicit authority that comes with a higher level? (And what then does it mean to manage someone at a higher level?)
Seniority along their respective tracks. This normally comes with increased compensation and so on. Authority is contextual, but someone at a higher level on the management track would be expected to be able to manager higher-stakes and larger teams than a more junior person. Similarly, someone at a higher level on the engineering track would be expected to be able to solve more difficult engineering problems (for example, design the architecture for larger systems, implement things with more constraints on resources, and so on).
Managing a senior engineer does not intrinsically require a more senior manager (often the reverse, since a more senior engineer may be more able to articulate their requirements and more able to accurately predict schedules) and that was something that their model reflected.
I see. It sounds to me like the contextuality of the levels makes it hard to compare an engineering level to a management level, aside from compensation and similar.
I would strongly disagree with this. Unless the script is very simple - only single commands, few variables - shell scripts can have many pitfalls that many people don’t realise until things go wrong. Pipelines and subshells and their side effects are not widely understood, for example.
c.f. https://lobste.rs/s/5ldmtp/pipefail_how_missing_shell_option_slowed -> https://lobste.rs/s/wl6kem/simple_script_is_still_someone_s_bad_day
Don’t get me wrong, shell scripts do have their place, but for anything even vaguely complex they’re generally the wrong choice. Use the right tool for the job.
Oh and lastly:
As a BSD user, this is not true. :-)
You can do a lot of useful stuff with simple bash scripts. I probably write one per week. Lets look at an example:
https://github.com/no-gravity/git-retroamend
4 lines of code. Saves me a lot of hassle every time I need it.
They can even be indeterministic:
https://www.gibney.org/the_output_of_linux_pipes_can_be_indeter
I’m not disputing that. I’ve been writing shell scripts for a very long time, and I use them where they’re appropriate. What I am disputing is your statement that the maintenance cost of shell scripts is lower compared to other languages. If you’re only ever writing simple scripts this is often true; but if you’re comparing shell to other languages there was probably a need to use the other language in the cases they were used.
Indeed. You’re kind of making my argument for me. :-)
With “maintenance cost” I do not mean the cost to change the functionality. I mean that from time to time you have to change your script because the language changes. I expect Bash to have less of these breaking changes than most other languages.
What? I mean, there was python 2 to 3 and Ruby 1.8 to 1.9, but I don’t think breaking language changes are common?
Python in my opinion is an example for high maintenance cost. They sometimes do backwards-incompatible changes within a major version. For example Python 3.7 introduced “async” as a reserved keyword, breaking code that used “async” as a variable name.
If you follow each version update of Python, you will probably recognize all breaking changes as deprecations in earlier versions. But if I would just write a script, leave it alone for 10 years and then try to run it with the latest Python version, I would not bet on it running without errors. Whereas for bash scripts I would assume they still work.
But for bash scripts it totally depends on which programs you call.
The needless breaking changes are my least favorite parts of Python and Node.
You can put this directly in your
.gitconfig. I have the following in mine:Also NixOS.
I do something similar, but in a more generic way. I have two “search engines” defined in Chrome, one called Jira and the other called JQL.
Jira is defined as
https://company.atlassian.net/secure/QuickSearch.jspa?searchString=%sJQL is defined ashttps://company.atlassian.net/issues/?jql=%sThe Jira one means I can do
jira<space>project foowhich activates Jira’s “smart” search and, ifprojectis a valid Jira project, searches forfooin that project, or otherwise does a more generic text search forproject foo; andjira<space>project-1234also takes you right to ticketPROJECT-1234as in this blog post.For those that use Alfred on macOS you can also create a similar search there, using
{query}instead of%sYes, Alfred is what I use and it’s extremely useful for this. My shortcut is
jiraand putting in a ticket number will go straight to it. I also created a workflow to take the full URL of a Jira ticket from my clipboard and replace it with just the ticket. All this saves a great deal of tedium.If you’re on macOS I can’t recommend it enough. https://www.alfredapp.com
Yes the
QuickSearchone is great, and that’s what I havejaliased to in Firefox. You can type in a ticket ID or a search term or whatever.One really frustrating thing is that Jira then redirects you to a combination search/ticket view and puts the first result’s ID in the URL bar. This makes it that much harder for people to reverse-engineer the search URL!
Mine are very similar, I have
jifor ‘JIRA issue’ andjsfor ‘JIRA search’.