Welp, time to ditch devRant

I don't mind green dots posting the same things over and over (and let's be honest, everyone had some of those complaints when we started coding), but what's been happening lately with spam and bots is just too much.

Thanks for the ride @dfox, it's been good while it lasted. Too bad I never got a dev duck tho, they were always out of stock :(

Just because it's popular, doesn't mean it's good.

An overengineered solution can usually be simplified without breaking anything important. An oversimplified solution can rarely be upgraded without major breaking changes.

Not everything needs to follow the "best practices" - if it's not a part of the core functionality, diminishing returns often kick in quite fast.

https://github.com/mozilla/pdf.js/...

Buffer *is* Uint8Array (there's literary "Buffer extends Uint8Array" in NodeJS lib/internal/buffer.js), why would there be a need to wrap it? But thanks to this bullshit error, I have to copy my buffer to a plain Uint8Array, quote, "which essentially means creating a copy of the data and thus increasing memory usage."

Gotta love it when everything works flawlessly with the test API endpoint and credentials, but when I try to go live, there's suddenly a ton of additional configuration to get the third-party APIs working.

Why the fuck do you even provide a testing environment, if it's completely different from the live one?

Whenever I go to some major Mastodon server, the explore page contains at least some of the following:
- a post about "rich" people bad
- a post labelling some group of people as "nazis"
- a post promoting some black / lgbt thing
- a post about "left-wing government good, right-wing government bad"

And at least 20% of the posts on the explore page are about how "we" are better than whatever the current negative topic in the media is.

Don't you just love it when an official Docker image suddenly switches from one base image to another, and they automatically update all existing tags? Oh you've had it locked to v1.2.3, guess what, v1.2.3 now behaves slightly differently because it's been compiled with OpenSSL 3. Yeah, we updated a legacy version of the software just to recompile it with the latest version of OpenSSL, even though the previous version of OpenSSL is still receiving security fixes.

I don't think it's the image maintainers or Docker's fault though. Docker images are expected to be self-contained, and updating the base image is necessary to get the latest security fixes. They had two options: to keep the old base image which has many outdated and vulnerable libraries, or to update the base image and recompile it with OpenSSL 3.

What really bothers me about the whole thing is that this is the exact fucking problem containers were supposed to solve. But even with all the work that goes into developing and maintaining container images, it still isn't possible to do anything about the fact that the entire Linux ecosystem gives exactly zero fucks about backwards compatibility or the ability to run legacy software.

The Google timeline:
- early 2000: "I use it because it's the best search engine out there"
- mid 2000: "I use it because it's a full ecosystem for mail and office and it's free"
- early 2010: "I use it because it integrates seamlessly with my phone"
- mid 2010: "I use it because it's at least better than the competition"
- now: "I'm willing to try literary anything that's not Google"

[Insert surprised Pikachu face]

https://bbc.com/news/...

Sure, languages with automatic conversion to truthy and falsy values can be a pain in the ass, but in languages without that feature you need to use foo != true to see whether foo is either false or null. How fucking ugly is that?

"You don't have to implement all that functionality, just X" - proceeds to describe how X entirely depends on *all that functionality*

Why do so many online resources still change quote characters in the code for the curly ones? It's 2023, how hard is it to add a fucking rule to skip conversion inside the <code> blocks?

The biggest problem I see with current state of AI is the feedback loop it creates in people.

For example, some (usually older people in higher positions) perceive long emails as a sign of courtesy, involvement, and hard work. As a result, others have started using AI to write longer emails for them, to get on "the good side" with their higher ups. And now that many use AI to generate longer emails, those same higher ups got used to it and started to perceive short, straight-to-the-point emails as "rude". So even more people are looking into using AI to generate longer emails as they don't want to seem rude. At that rate it's not long until those that rely on AI to write "better" (== longer) emails get promoted over some hard working person who simply doesn't care to write long emails.

Even though AI didn't do anything, it somehow still "trained" people to start using it and even rely on it, and it even indirectly rewards people who use it for completely meaningless and seemingly unrelated tasks. And in a few years, whatever comes out of this will be used to train the next generations of AI, creating even more of a feedback loop that people will be completely unaware of until it eventually crashes onto itself. Because that loop can't be observed in the AI itself, it has to be observed in the people.

Why doesn't Slack have an option to mute an entire workspace? It can only mute individual channels in the workspace, like sure, I want to manually mute every single fucking channel when I'm no vacation, and then unmute them when I come back. Who the fuck thought that was a good idea? For fucks sake, Discord can do it, but the most popular enterprise chat lacks such a basic feature.

I recently came across this article with some basic security advices, like use 2fa security key, encrypt your USB keys, don't use untrusted USB chargers / cables / ports (or use a data blocker cable if you need to charge your device). It made me think, how relevant are the USB-related threats and risks today? Do people really still use and carry so many wired USB devices, and just drop or plug them wherever?

The last time I used an USB device to transfer some important data was probably over 10 years ago, and for the love of god I don't know anyone who still carries an USB key with sensitive data with them on a daily basis, much less actively uses it. Besides, whoever still does that probably puts their USB key on the same keychain as their ID / access tag and a bunch of other keys (including a 2fa device if they use one) - they're not going to lose just some sensitive data, they're going to lose authentication and physical access devices as well, and that could turn a small data leak into a full-scale incident, with or without an encrypted USB device.

I'm also not sure about untrusted USB cables and ports, from what I've seen the USB outlets and cables are pretty much non-existent in public places, most places offer wireless charging pads instead (usually built into a hand rest or table surface).

As I keep saying, we should spend less time developing "better, safer" tools and practices and more time making sure the developers that use them know what they're doing. The bugs caused by lack of memory safety are rare (although often more critical) compared to the bugs caused by developers not paying proper attention to what their code does in the first place.

https://theregister.com/2023/01/...

Holy shit did Google become fucking useless

Today I spent a good hour looking to buy replacement / low-light lenses for my googles, and all I got were stores from US, or small stores that don't deliver across the Europe. When I gave up and opened Bing, the first result was the exact product I was looking for, from the brand's official EU store. I'm seriously considering switching to Bing now...

!dev

For a long time, I thought that the most annoying people on the ski slope are kids overestimating their abilities on a difficult piste or speeding down the slope ignoring others. Boy was I wrong; those kids are nothing compared to all the fucking morons who think that buying the most expensive gear at a local sports store makes them better at skiing.

For the love of god, if you ever consider skiing, just buy some reasonably cheap all-mountain gear, and if you think you need something better, do proper research or find a fucking expert. I'm not talking about those "experts" they have at your local sports store, I'm talking someone who provides gear and support for actual ski clubs and teams, or at least someone working at a dedicated outdoors store who actually owns some of the gear they're selling.

"Oh, but I'm an advanced skier" - right, then why don't you tell me what turning radius, width profile, and flex would best fit you? Thought so.

Look, it's clear just by looking at your $1000 "racing" skis that they have a way shorter turning radius than any competition-level skis, and if you were really going as fast as you think you are, you'd probably spin out on every other turn with such a short radius. Your curved skiing poles aren't fooling anyone either; professionals only use those in super-g and downhill because you need to go insanely fast to notice any advantage over regular poles. And people who race that fast use way more protection than I can see on you.

Okay, it's your gear, it's your body; if you're going to buy overpriced stuff that doesn't make sense or neglect protection, that's up to you. Do you know what's not up to you? Being a fucking moron and ruining skiing for everyone else. Just because you got the most expensive "expert-level" gear, you can't just use it for powder, park, or moguls when you feel like it because you don't fucking know how to ride any of these, even if your gear claims to be good for all types of skiing. And let me tell you, that expensive gear you have is much less forgiving than some entry-level gear if you decide to try other styles of skiing.

I'm fucking tired of people like that. If I go to the resort with lots of powder, I want to ride the powder, not spend most of my time avoiding groups of morons who clearly don't have the right gear and skills for the powder. If I go to the resort with a huge park, I want to ride the park, and I can't do anything if the place is covered by dipshits speeding past the objects and braking in front of the jumps. And if I want to race down the piste, I want to race, I don't want to have a bunch of morons constantly switching side in front of me to avoid "rough" parts they can't ride on.

This new trend of platforms spamming with content discovery fucking suck. Nobody wants to follow multiple profiles with the exact same fucking content, especially when most of them are just people jumping on the bandwagon with more generic content and nothing to make it distinguishable. Also if 10 million people saw something on your platform, the it's pretty fucking sure already been posted and shared on every single platform out there, why the fuck would you still keep recommending it weeks or even months later?

I know spamming users with random (statistically more engaging) content leads to improved customer engagement as people sooner or later click these thing out of curiosity or boredom, but eventually they get tired of it altogether and leave for good. What happened to Netflix will also happen to YouTube, Instagram, and all other platforms unless they significantly improve the balance between content discovery and content continuity (i.e. the content each user follows and is coming back for).

Today on "How the Fuck is Python a Real Language?": Lambda functions and other dumb Python syntax.

Lambda functions are generally passed as callbacks, e.g. "myFunc(a, b, lambda c, d: c + d)". Note that the comma between c and d is somehow on a completely different level than the comma between a and b, even though they're both within the same brackets, because instead of using something like, say, universally agreed-upon grouping symbols to visually group the lambda function arguments together, Python groups them using a reserved keyword on one end, and two little dots on the other end. Like yeah, that's easy to notice among 10 other variable and argument names. But Python couldn't really do any better, because "myFunc(a, b, (c, d): c + d)" would be even less readable and prone to typos given how fucked up Python's use of brackets already is.

And while I'm on the topic of dumb Python syntax, let's look at the switch, um, match statements. For a long time, people behind Python argued that a bunch of elif statements with the same fucking conditions (e.g. x == 1, x == 2, x == 3, ...) are more readable than a standard switch statement, but then in Python 3.10 (released only 1 year ago), they finally came to their senses and added match and case keywords to implement pattern matching. Except they managed to fuck up yet again; instead of a normal "default:" statement, the default statement is denoted by "case _:". Because somehow, everywhere else in the code _ behaves as a normal variable name, but in match statement it instead means "ignore the value in this place". For example, "match myVar:" and "case [first, *rest]:" will behave exactly like "[first, *rest] = myVar" as long as myVar is a list with one or more elements, but "case [_, *rest]:" won't assign the first element from the list to anything, even though "[_, *rest] = myVar" will assign it to _. Because fuck consistency, that's why.

And why the fuck is there no fallthrough? Wouldn't it make perfect sense to write

case ('rgb', r, g, b):
case ('argb', _, r, g, b):
case ('rgba', r, g, b, _):
case ('bgr', b, g, r):
case ('abgr', _, b, g, r):
case ('bgra', b, g, r, _):

and then, you know, handle r, g, and b values in the same fucking block of code? Pretty sure that would be more readable than having to write "handeRGB(r, g, b)" 6 fucking times depending on the input format. Oh, and never mind that Python already has a "break" keyword.

Speaking of the "break" keyword, if you try to use it outside of a loop, you get an error "'break' outside loop". However, there's also the "continue" keyword, and if you try to use it outside of a loop, you get an error "'continue' not properly in loop". Why the fuck are there two completely different error messages for that? Does it mean there exists some weird improper syntax to use "continue" inside of a loop? Or is it just another inconsistent Python bullshit where until Python 3.8 you couldn't use "continue" inside the "finally:" block (but you could always use "break", even though it does essentially the same thing, just branching to a different point).

How the fuck is Firebase still a thing? I just spent hours debugging a random "not authorised" error, only to find out you need to enable a deprecated API even if you're only using the new (recommended) one. Do they tell you about it? Fuck no, they keep it disabled by default, they tell you to only use the new API, and they make it pretty much impossible to find the deprecated API you need to enable without a direct link.

And why the fuck does the official SDK send image URL as { "imageUrl": "http://..." }, when the endpoint expects it to be { "image": "http://..." }? Why the fuck does the documentation mention both options interchangeably, while only the latter one actually works?

Idiots. Idiots everywhere. The next big trend in software engineering is to take a whole bunch of idiots, give them the basic knowledge to write code, and then dedicate a whole lot of competent developers' time to either fixing errors made by those idiots, or attempting to make "safer" tools so those idiots don't screw up as easily.

It's sad how easy it is to fool people by switching between absolute and relative values.

3 million people did this, 3 million people own that, 3 million people agree on those things, it all seems significant - but 1% of US population sounds completely marginal and irrelevant...

What's with so many developers using shitty hardware? It's literary the one tool you need for your profession, there should be absolutely no objection to having the best one available. Stop bitching about some software using 50% of your CPU when you're on the bare entry-level HW ffs! And don't give me that "can't afford it" bullshit. If you take your car to the repair shop, you're also paying for the tools needed for the job; the same way, your customers need to pay for the tools you need as a developer. If you can't afford that, there's clearly not enough demand for the work you do, so go find a different job.

Well fuck me sideways and call me Suse

So apparently jupyter / ipython adds the current workdir to kernel library path, and it crashes if you happen to have a file named something like "tokenize.py" in your workdir because it gets prioritised over ipython's builtin module with the same name. What a great design for something which is specifically made to run isolated chunks of code, that it can't even properly isolate itself from the workdir.

Not entirely dev related, but...

I'm getting tired of (electrical, mechanical) engineers complaining about HW limitations like "oh this board only has 12 KB of flash memory" or "I can't make this thing move smoother because my CPU is only 16 MHz" Bitch, you can spend $500 on 3 servo motors, but you can't afford to pay extra $5 to get a board with better specs to control them?

"note that the package name is different from the importable name"

God I hate Python dependency management

Being rejected as "unprofessional" for explaining that I don't want to rush a decision 2 days before Christmas. By the guy who, I kid you not, showed their EKS credentials on screen during a recorded online interview. Kinda glad I dodged that one now that I'm looking back...

A customer specialising in identification and security solutions called today, claiming "they" found malware on their website. Then they provided a weird link to some shady malware scanner, and the "malware" turned to be a <noscript> tag which adds ?noscript to the page url, so we can serve no-JS optimised content. As a bonus, the scanner only detected it on two URLs, even though every single page on the site contains that same line of code.

Joke's on them, have fun paying for priority support outside of the business hours for nothing.

Follow-up on https://devrant.com/rants/5001553/...

How the fuck are Jupyter notebooks so popular in research? Like some dude had an idea to take perfectly good markdown and python code, add a whole lot of transitional properties to make version control impossible, encode it as JSON on the assumption that a human could somehow look at it and make sense of countless escaped characters and base64 encoded data, create dedicated software people need to install in order to read what used to be simple plain text, and think "This. This is what 99% of data researchers will use from now on." And somehow, overwhelming majority of researchers agreed that this extremely inefficient data format is the best there is and they should develop all their tools around it.