Yes, you should use third party tools (just don't take credit for them, maybe even credit the tools used in the footer). In a real job, you would leverage third party libraries to work more efficiently, so you should do the same when showing off your skills.
About 10 years ago, I read a paper that suggested mitigating a rubber hose attack by priming your sys admins with subconscious biases. I think this may have been it: https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final25.pdf
Essentially you turn your user to be an LLM for a nonsense language. You train them by having them read nonsense text. You then test them by giving them a sequence of text to complete and record how quickly and accurately they respond. Repeat until the accuracy is at an acceptable level.
Even if an attacker kidnaps the user and sends in a body double, with your user's id, security key, and means of biometric identification, they will still not succeed. Your user cannot teach their doppelganger the pattern and if the attacker tries to get the user on a video call, the added lag of the user reading the prompt and dictating the response should introduce a detectable amount of lag.
The only remaining avenue the attacker has is, after dumping the body of the original user, kidnap the family of another user and force that user to carry out the attack. The paper does not bother to cover this scenario, since the mitigation is obvious: your user conditioning should include a second module teaching users to value the security of your corporate assets above the lives of their loved ones.
Python: You send someone else to rescue the princess on your behalf. That someone else is the C knight.
So you are suggesting forum software that supports single sign-on?
We are talking about an open source project, not a high school reunion. I don't want to hang out with people, I want to have a discussion about a focused topic.
I want to ask a question and get an answer. If the question is not one that anyone online can currently answer, I want to be able to tell at a glance if anyone has talked about my question. If I don't understand the answer, I want to ask a follow up question.
In the evening, I want to be able to take a look at new posts from that day, grouped by topic, to see if there is anything I find interesting or can weight in on.
With Discord (or any real time chat), it is hard to follow a single topic when more than one is being discussed. It is doubly hard to do so after the fact. I am aware that Discord has a forum feature. I have only seen one server ever enable it and no one posts anything to it.
If you have your tab width set on 8, that is on you. You will also set your IDE to insert 8 spaces when you press TAB and I will cry when I have to give you a code review.
When I indent my code, I am indicating that I am in a nested block. I don't care if, on your screen, that indent is 2, 3, or 4 characters.
If you are creating an alternative implementation and leaving the old one in place, you are not fixing a problem, you are just creating a new one (and a third one because you have duplication of logic).
Either refactor the old function so that it transparently calls the new logic or delete the old function and replace all the existing usage with usage of the new one. It does not need to happen as a single commit. You can check in the new function, tell everyone to use it, and clean up usage of the old one. If anyone tries to use the old implementation, call them out in a code review.
If removing or replacing the old implementation is not possible, at least mark it as deprecated so that anyone using it gets a warning.
I am well aware of learning, but people tend to learn by comprehension and understanding. Completing phrases without understanding the language (or the concept of language) is the realm of LLM and Scrabble players.
The early days of the Internet, there was a cottage industry to burn Linux ISOs to CDs and selling them.
But a floating point issue is the exact type of issue a LLM would make (it does not understand what a floating point number is and why you should treat them differently). To be fair, a junior developer would make the same type of mistake.
A junior developer is, hopefully, being mentored by more senior coworkers who are extra careful with code reviews and would spot the bug for the dev. Machine generated code needs an even higher level of scrutiny.
It is relatively easy to teach a junior developer to write code that is easy to read and conforms to the teams style guide.
- Encrypt the data at rest
- Encrypt the data in transit
Did you remember to plan for a zero downtime encryption key rotation?
- No shared accounts at any level of access
Did you know when account passwords expire? Have you thought about password rotation?
- Full logging of access and activity.
That sounds like a good practice until you have 20 (or even 2000) backend server requests per end user operation.
All of those are taken from my experience.
Security is like an invasive medical procedure: it is very painful in the short term but prevents dire complications in the long term.
All the time. Causes include:
We call those "flaky tests" and only fail a build if a given test cannot pass after 2 retries. (We also flag the test runs for manual review)
I have been an individual contributor at large corporations for more than 10 years. Every time I have had a colleague promoted to manager, they always planned to stay technical and keep coding. Every one of them, without fail, stopped coding because they were too busy.
Thinking back to my managers who left for other roles, only one quit to work in higher management, the rest all went back to working as developers.
I worked at giant, globally distributed companies (15-25k employees), so I imagine that my experience is not typical.
My favorite YOLO-Driven Development practice (from a former employer) was Customers as QA. We would write code, build the code, and ship it to the customer, then the customer would run the code, file bugs for what broke, and we would have a new build ready next week.
It provides many benefits:
One time a developer was caught writing automated tests (was not sure in the correctness of his code, a sign of a poor developer). Our manager took 15 minutes out of his busy day to yell at him about wasting company resources and putting release timelines in jeopardy.
I work in Java, Golang, Python, with Helm, CircleCI, bash scripts, Makefiles, Terraform, and Terragrunt for testing and deployment. There are other teams handling the C++ and SQL (plus whatever dark magic QA uses).
It looks like it targets JavaScript, the language that least needs it. What is the job security advantage of this tool over a minifier?
I knew basic CLI commands (such as cd and ls) for a while, but did not do learn much more. Some things have helped me grow my skills:
The immediate use for this that jumps out at me is batch processing: you take n inputs and return n outputs, where output[i] is the result of processing input[i]. You cannot throw since you still have to process all of the valid input.
This style also works for an actor model: loosely coupled operations which take an input message and emit an output message for the next actor in the chain. If you want to be able to throw an exception or terminate prematurely, you would have to configure an error sink shared by all of the actors and to get the result of an operation, you so have to watch for messages on both the final actor and the error sink.
We tried to ask our interview question of ChatGPT. After some manual syntax fixes, it performed about as well as a mediocre junior developer, i.e. writing mutithreaded code without any synchronization.
Don't misunderstand, it is an amazing technical achievement that it could output (mostly) correct code to solve a problem, but it is nowhere good enough for me to use. I would have to carefully analyze any code generated for errors, rewrite bits to improve readability (rename variables to match our terminology, add comments, etc), and who knows what else. I am not sure it will save me much time and I am sure it will not be as good as my own code. I could see using an AI to generate sophisticated boiler plate code (code that is long, but logically trivial).
As someone who was a web developer since the mid-2000's (and not more recently), an HTML first approach speaks to me. I am still of the belief that your contents should be in HTML and not pulled in via JavaScript.
The article is a bit self contradictory. It encourages specifying style and behavior inline and not using external styles and scripts but also discourages using a website build pipeline or dynamically generated HTML. So how can you maintain a consistent look and feel between pages? Copy and paste?
The point of using a cache is to have data in memory and not on disk. From what I can tell, Postge Unlogged tables are still written to (and read from) disk. It is just that the write is done in an unsafe way.
The article explains how one would go about benchmarking performance but forgets to actually include performance metrics. Luckily they link to another write up that does. Using an Unlogged table vs. a regular table reduces write times about 45% and gives you about 3 times as many transactions per second. It is not nothing but it is probably not worth the code complexity vs. writing directly to a persistent table.
Even the "no persistence" behavior of a cache is not strictly true: an unlogged table is only truncated if Postgre is shut down unexpectedly (by kill -9 the process or by killing the VM). If you restart if you shut down the process in a controlled manner, the unlogged table is properly persisted and still has data when it starts.
I also exclusively use the git CLI. I have tried to use a graphical client and could never figure out what it was doing and what was going on. I probably picked it up so easily because when I learned git, I was already used to using a CLI version control client. At the time, I was working at a company that heavily used Perforce and had a custom wrapper around the p4 cli that injected a bunch of custom configuration.
In my opinion, Python is still missing one key feature: the removal of the Global Interpreter Lock, which is finally starting in Python 3.13.
C++ is unique in that it is wildly dominant in its niche. I am sure that any developer who has worked with another object oriented, manually memory managed, systems programming language (are there any other popular ones out there?) should have no trouble picking up C++.
Also, when you find a script try to understand what commands they are using and with what flags.
I have not done much GoLang development, but I am working on automating some dependency updates for our kubernetes operator. The language may be good, but the ecosystem still feels immature.
Too many key libraries are on version 0.X with an unstable API. Yes, semantic versioning does say that you can have breaking changes in minor (and patch) releases as long as the major version is still 0, but that should be for pre-release libraries, not libraries ment for production use.
That is a bit dismissive of Java developers around the world. There are several of us still left and we are in key positions of power.
How is this group feature different from the existing group feature (https://github.blog/changelog/2023-06-30-grouped-version-updates-for-dependabot-public-beta/)? Just that it is no longer a beta feature (i.e. they have settled on the configuration syntax and are re-announcing it)?
I have used Kotlin a bit for a hobby project and it felt like they were 95% done with a 1.0 version. I love the promise of a single code base that can run on the JVM and browser, but it is not all there. Until recently, the API was not guaranteed to be stable. Every one in a while, I hit a feature that is JVM only or does work right in JavaScript. The JS compiler will "helpfully" remove uncalled public functions unless you explicitly mark them with JsExport.
Also, from what I can tell, only InteliJ is the only supported IDE (which makes sense, since they are the language developers). There is an official Eclipse Plugin, but the last time I tried it, it did not work and tried to take the entire IDE down with it.
Having said that, it was very close to complete and I have not worked on that project for a few months, so it could all be perfect now.
Kotlin jvm is extremely stable
I don't want to use Kotlin on (just) JVM. The reason I am working with Kotlin is Kotlin Multiplatform (so JVM and JavaScript). The JavaScript side is where all of my frustrations have come from.
Out of curiosity, any idea what automerger they use? I have always been on the lookout for one for hobby projects.
It is better to find a developer that has experience with the language features you use rather than one that is experienced in the exact language you use. For example, I work on distributed systems in Java/GoLang/Python. We want candidates that understand how to write concurrent logic and stay away from people who are just Java web developers.
The big issue is doing a coding interview with candidates. We have a standard straightforward problem that candidates need to solve by filling in a stubbed out method. We have it in Java and have ported it to GoLang. If we have to interview a candidate who does not know either of those languages, we would need to find a language that the candidate knows and we know well enough to port the problem to. We would also have some difficulty digging in to design specifics like choice of concurrency primitives.
I know, but this thread is about projects that don't want to use GitHub as the center of discussion and use Discord instead. The Discussion tab need to be enabled.
GUIs are easier to learn, but they are not always available. Many services only have a CLI client. If you are connecting to a remote server or, especially, a container to debug it, it may not have a window manager installed. If you know how to do something via the CLI, you can automate it with a shell script.
Senior developer tip: squash the evidence.