Comments by "" (@grokitall) on "Theo - t3․gg" channel.

  1. the problem here is not just them, but also you. by allowing them to merge broken code and then fixing it for them, repeatedly, you are enabling their bad behaviour. it is literally their job as a coder on a project with version control to get their code merged. if you take away their pain from merging broken code, you remove their need to do better. this is not to say that you should not train them how to do better when they don't know what they are doing wrong, only that you should do it for them.
    18
  2.  @drno87  nothing. this is how linus develops the linux kernel. he applies the pull, and if it breaks, he reverts it, and sends a message saying that it did not apply cleanly, please fix and send a new pull request. the problem is social, and to do with management buy in. testing only works if they all agree that breaking the tests for the stable api is a nono. distributed development only works if the same people accept that breaking the merge is as big a nono. but to enforce it you need someone high enough up the food chain or the community making sure that if you broke it, it is your problem.
    4
  3. ​ @echorises I would argue that while there is a component of tenure which is about generating new knowledge, if you are so dense that you cannot pass the surrounding context on to your students, you are not really competent to get tenure in the first place. it is also a well known and well documented fact that understanding a problem can be hard, but helping someone else understand it is even harder and more importantly a different skill set involved.
    3
  4. one point which everyone seems to be missing is that the test haters seem to conflate which level you test at (end to end, integration, or unit tests) with regression testing, and then say that because they implement their tests after coding when the code is already hard to test, that testing is bad. regression testing is a special type of testing which exists to tell you if you broke your public api before your users tell you that you broke your api. it is implemented with a combination of unit tests and a smaller number of integration tests, and the test suite exists tell the programmer that the code does what he intended it to do, and that later changes didn't break it. literally any other testing is not regression testing, but seems to be all that the test haters are complaining about.
    2
  5. if your refactoring is breaking lots of tests, your unit test are testing implementation and are therefore not regression tests, or you are breaking your public api, in which case breaking your tests is the least of your problems.
    2
  6. except that another commentator pointed out that writing a compiler was the keystone project for their cs degree, and how can you do that well without understanding and using version control, libraries and api's.
    2
  7. the main point i would pick you up on is your use of advanced cisc instructions vs single core risc, which is largely a straw man argument but useful as an illustration in some circumstances. the real battle now is between a small number of fast but power hungry cisc processors which need lots of cooling, and much higher core count risc processors which are cheaper to design, build, and run. this is why your average smartphone already has at least 10 cores, while your average desktop does not. yes, i know multithreading inflates the thread count, but the results are in, and the downsides are enough that it is starting to go away.
    2
  8. that is so wrong. the purpose of the tests is to guard against regressions. writing them first proves that they fail when you need them to. if you don't care if your code other people use breaks, then you don't need to keep the tests. otherwise, that is the entire point of having them, so that you feel the pain before you shop broken code yo your users.
    2
  9.  @nexovec  financially, absolutely, you just need to spot early when to abandon the sinking ship.
    2
  10. You can still do that. The thing theo was referring to was that not having known about the special case of 0.minor.patch having minor be both the api breaking and api non breaking, he now cannot go back and take advantage of it now he does know about it. If you want to continue maintaining version 2 code after moving to version 3, this is no problem, you just cannot add api breaking changes to it. And yes, global state variables having the default changed is an api change, it is just a very bad way of defining the api.
    2
  11. only if kernel level code is already compromised.
    2
  12.  @jose-lael  certainly the move to produce some chip designs which dump x86 support should help them reduce transistor counts a lot, which should reduce some of the risc chip advantage for multicore designs. a fundamental own goal by cisc chip companies is their systematic failure to work closely with compiler designers. if they worked to move some of the custom logic into external chips like we did in the 8bit days, and looked to find software improvements to replace the extra instructions, which could be released to compiler writers under something like a bsd licence, they could significantly reduce the amount of legacy stuff they had to support on chip, reducing transistor counts a lot and possibly having other advantages. as it is, instead we get legacy cruft in the processor design, the need for soft microcode updates to fix cpu bugs and other similar garbage.
    2
  13. the point here is that there are a set of core technologies which are essential for being able to work on code in a modern context, most of which can e taught the basics of in less than an afternoon. structured programming used to be controversial, so was version control, and so is continuous integration. i would argue that you should not be able to graduate without being able to submit code, which implies knowing a language, producing a program, checking it into version control, and having it pass continuous integration. all of that can be taught in an afternoon using fizbuzz and the idea that you can spend four years learning advanced techniques without learning the basics of working in a modern high end environment should not be acceptable.
    2
  14. he specifically said that because git usage is endemic, not knowing it was a red flag, then went on to say that knowing a different vcs was ok, but not knowing any vcs and needing to be told everything not just about how to vcs, but also about why to vcs would basically push you to the bottom of the candidates list, with almost anyone else being better. a case can also be made that the same thing should be true for continuous integration.
    1
  15.  @silberwolfSR71  i wouldn't disagree in general, but it tends to coexist with lots of other red flags. for example, there are a large number of "qualified" programmers out there who not only cannot use any vcs, but also could not do fizzbuz without an ide, and have no idea if the build system generated by the ide can be used without the ide. i would suggest that a good programmer should be able to write a small program with only a text editor, create the automated build file, store it in a version control system, and then have the interviewer be able to check it out and build it on another machine. if the program was something small and simple like fizzbuz, this should only take about 15 minutes prior to the interview, and for most interviews you are waiting longer than that. think about the Israel passenger security vetting system as a comparison. anybody wanting to be able to go airside at any airport goes through security vetting. each level is designed to either determine you are not a risk, or moves you up another level for a more strict screening. by the time you are stopped at the airport for questioning you have already raised yourself to about level 15, and they are primarily asking to clear up points they could not dismiss without your active involvement. if you pass, you can then get on the plane. i had to help fill a post, and we got over 100 applicants, with full training given. most were completely unsuitable, but the top few still needed filtering, and things like attitude, and prior experience goes into that filtering. as theo said, if you get to that point and it is between an industry veteran with experience, and a new college grad with no knowledge of version control, you can guess who is higher up the list.
    1
  16.  @mikicerise6250  not quite, someone on the team need to know version control. if so they can become familiar enough with git in about an hour. most version control differences are under the hood, and mostly are not need to know, except after a major screw up, at which point you need an expert in whatever version control is used by your project. you cannot assume git, because some projects are old enough to be using something else.
    1
  17. the author of that video is an idiot. he claims being adware makes it a scam, when it was a common way to get funding from freely available software at the time. he claims being nagware to update to the full version makes it a scam. he uses his ignorance of the well known problems with the registry to claim it makes a registry cleaner a scam by definition. crud left behind leaves a raft of problems. he claims that a common shareware antivirus was a scam, just because it was adware. he admits that dave was running a shareware market place, but then says all of the shareware was by dave, and his previously misidentified scams make dave a scammer, despite that not being how a market place works. finally, dave got a nuisance lawsuit, and like most companies, it was cheaper to settle than to fight. but he claims that by settling dave admitted to everything in the claim, despite the settlement agreement which ended the lawsuit not saying that, and then claims that because of that when he says the lawsuit was mostly meritless in his autobiography, which agrees with the settlement agreement, he is trying to hide being a scammer. i am nit saying he could not be a scammer, but literally none of the claims in the video actually pass basic fact checking.
    1
  18. ​ @keithjohnson6510 it was a kernel bug, but if they had been testing against either linuses nightly build, or gkh's next kernel, they would have found it before it even shipped.
    1
  19. except that arm was developed at acorn in the 1980s, so its old is the wrong argument. actually, the idea behind cuda also goes back to the 1980s as well, as does the work on multicore processor systems.
    1
  20. you cannot recover from the initial crash, you can recover from the boot loop which kept all the machines down. as to the disclaimer, leonard french covered it on youtube, and it is invalid in the case of negligence, which this clearly is.
    1
  21. ​ @kayakMike1000 this is exactly what the rust maintainer who just quit suggested, with them doing the maintenance, but the c maintainer tried insisting that the code was not in his part of the kernel tree, hence suggesting getting others involved to resolve the impasse. You need consistent project wide rules saying what goes where, which we do not have yet for the kernel.
    1
  22. the reason this matters is that in modern synchronous designs, all of the instructions are slowed down to fit the time needed for the slowest part, which is slower on cisc. by dumping some of the slower instructions, risc gets a speedup for free. when the research was done on asynchronous arm chips in the 90s, an improvement was seen, but the funding went away and we never got to find out if synchronous clocks were fundamentally a bad idea, or just a simplification which was not expensive enough to dump.
    1
  23.  @jasonbuffalo6845  if it was just logically equivalent to having a firmware x86 / x86-64 to risc microcode jit, then i would agree with you, but even some of the cisc processor designers say that the larger instruction set increases complexity, which in turn increases transistor counts. that is before you consider the failure of these people to work with compiler writers to make some of these more complex instructions into compiler macros instead, reducing the need to keep them on the chip. this is also a problem for testing, which is historically why you can recognise which intel x86 cpu you are running on by spotting which hardware bugs need working around.
    1
  24.  @jasonbuffalo6845  not sure i agree with that. because the extra hardware does not report its presence, it is hard for the os to detect, and thus use automatically, which can cause all sorts of issues. i agree intel got complacent, they do that every so often.
    1
  25. because nobody implements any type of bad driver detection and isolation system in any os. and no, windows safe mode does not count. it just lets you boot up and then its your problem, but it does not work for locked down corporate machines.
    1
  26.  @h4ktbtw  agreed, but it matters a lot more on windows due to you having thousands of drivers written badly by untrusted third parties with varying levels of quality control and are hoping that none of those drivers have a cloudstrike level bug. mac is less affected due to them all being a preapproved all in one board with the drivers mainly written by apple. linux is less affected by the fact that most drivers go through the kernel development path before being shipped in the mail kernel, thereby getting lots of testing.
    1
  27. actually you are wrong. if the processors get much higher clock rates, you have to stop sending the signals down wires, and start sending them down plumbing, which is why they stopped chasing clock numbers and moved to something else. the main thing keeping the x86 & x86-64 alive is the wintel duopoly, which is slowly dying. data centers need cooler less power hungry processors, which they can move to now that linux is getting better risc support. the desktop is being eaten by smartphones and tablets on one end, and by web apps on the other, neither of which need windows. the windows market will get further punished due to the hardware requirements for 11 and 12 making it so that developing countries cannot even use pirated versions, as they cannot afford the hardware. the writing is on the wall for both windows and cisc, as cisc is only being kept alive due to windows. i hope they get a plan b before it is too late.
    1
  28.  @John_Smith__  i largely agree, but it is not just mobile where risc wins due to power, but the data center too. the issue here is that cisc uses a lot of power, and produces a lot of heat. moving to a larger number of slower processors which use less power overall, and do not produce anywhere near as much heat saves the data center a fortune. as most of these loads are platform neutral, and you can just recompile linux for arm on the server, it does not have the windows lock in. even worse, as more devices go risc, the software moves to apps and websites, further killing the need for windows. and of course for a lot of tasks, the linux desktop is already good enough, so you have a triple threat. i cannot wait to see the companies panic as they realise that people outside the west cannot upgrade to 11 and 12 due to costs being too high, and scramble to find some other solution.
    1
  29. yes, but your validator and driver both use code from the same library. the validator just puts a cli wrapper around it which lets it return true or false, so you can call it from a script or test runner.
    1
  30.  @ПётрБ-с2ц  i just said how we have known to do it for decades. given all the other basics they ignored, i agree they probably ignored this one as well, but it does not matter, as they wrote it to pass unless it recognised a fault, as opposed to failing unless it recognised correct code.
    1
  31. A lot of people are getting the law wrong here. First, copyright is created automatically for anything which does not fall under some very narrow restrictions as to what can be copyrighted. Second, the copyright automatically goes to the author unless you have a naff clause in your employment contract giving it to your boss, or you are allowed to sign a contributer license agreement and do so. Third, when you contribute to a project without a contributer license agreement, you retain your copyright, but license the project to distribute your code under the applicable license at the time you contributed. This cannot be changed without your consent. Fourth, this has been tested in court. In the usa it was found that the author and copyright holder retained copyright, and granted permission to use it under the applicable license. By rejecting the license by trying to change it, you are not complying with the license, and are distributing it without permssion, which is piracy. In a seperate case, it was found that when the company tried to enforce its copyright, and included code it did not own without an appropriate license grant, they had unclean hands, and therefore were not allowed to enforce their copyright until after they had cleaned up their own act. This leaves any company not complying with previous licenses with a serious problem unless all contributions are under a copyright licence agreement transfering the copyright to the company, and always has been unless they track down every contributer and get consent for the license chenge for every single contributer. If they cannot get that consent for any reason, then they have to remove the code of that contribute in order to distribute the software nder the new license.
    1
  32. he was referring to the way antivirus software signature files do not have time to go through driver certification, and the same applies even if the files can spot a lot more. this is the whole justification cloudstrike uses for live updating the files in the first place, so it is relevant. he also states he is a web developer, which should give him a little wiggle room for not getting some of the subtleties which were irrelevant to what caused the outage.
    1
  33.  @Xehlwan  the truth has now come out as to what happened. they created a file with a proprietary binary format. they ran it through a validator designed to pass and only to fail known bad versions, then when it passed, immediately pushed it to everyone with no further testing. what should have happened it this: create a readable file in a text format which can be version controlled, test it, and commit it to version control. generate the binary file from the text file, with a text header at the start (like everyone has been doing since windows 3.11), and immediately create a signature file to go with it. have the validator compiled as a command line front end around the code used in the driver, designed to fail unless it is known to be good. this checks the signature, then looks for the text header (like in a gif file), then uses that header to decide which tests to run on the file, only passing it if all,of the tests pass. run the validator as part of your continuous integration system. this tells you the signature matches, the file is good, and all,other tests of the file and the driver passed, so it is ready for more testing. build the deliverable, and sign it. this pair of files is what gets sent to the customer. check the signature again, as part of continuous delivery, which deploys it to some test machines, which report back a successful full windows start. if it does not report back, it is not releasable. then do a release to your own machines. if it screw up there, you find out before your customers see it and you stop the release. finally, after it passes all tests, release it. when installing on a new machine, ask if it can be hot fixed by local staff. use the answer to split your deployment into two groups. when updating only let the fixable machines install it. the updater should again check the signature file. then it should phone home. if any of the machines don't phone home, stop the release. only when enough machines have phoned home does the unfixable list get added, as it is more important they stay up than that they get the update a few minutes earlier. if any of this had happened, we would not have even heard about it.
    1
  34. one of the reasons git won was due to tools like git-svn and the cvs equivalent, which made those horrible tools usable for doing merges, and providing git mirroring. this made the git ui standard, and made migrating to git as the vcs easy.
    1
  35. ​ @BenLewisE i am sure someone will make that argument, but the real tradeoff today is between more, faster cache, and more cores. due to the relatively huge die sizes for cisc, they have to optimise for cache, whereas risc designs also get the option of having more cores and less cache. as this option is only available on risc, we need to wait and see which will be better in practice, but risc has a lot of other advantages, so in the long term, risc is going to win, the same way x86-64 beat x86.
    1
  36. ​ @CodingAbroad tdd indeed does test first, for the simple reason that if you don't do regression testing that way, you don't know that your test will fail. then when you write your code, you know that the test will pass, so the test has been validated for both cases. you also know that the code you wrote was testable, which is way more important. then when you refactor you test that it is actually a regression rest. if it breaks, you are testing implementation, not the stable public api, so it is not a regression test. as to code coverage, you can get near 100% when testing api's as long as you write testable code. the purpose of the regression tests is so that you spot you broke the api before its users do, which is why it matters.
    1
  37. ​ @nosbig98 i actually remember when you got the nightly dev zip file, created your patches, submitted them by email, and reviewed them using either mailing lists or irc. i also remember version control using rcs, before cvs came out. things are much easier now.
    1
  38. we already have them, and they are called end to end tests. they are particularly prone to being used by ui developers, but are also generally disliked by all testers, as they often depend on hidden implementation details in code that was never designed with testing in mind, and thus are both hard to do, and prone to breaking. this is why the testing pyramid was developed, regression tests lower down the pyramid depend on fewer hidden implementation details, and thus don't break as often. tdd was then developed on top of regression testing to get people to write testable code.
    1
  39. actually it was getting 2 cores to work right, then getting os support for it which took forever. it only really took off when they started hitting clock speed limits, so going dual core was the only option.
    1
  40. end to end tests are not usually integration tests, but are instead acceptance tests, which serve a different purpose. unit tests and integration tests are used by continuous integration to regression test your public api. they tell you if you built what you intended to build. acceptance tests are done after continuous integration is done, and tell you if what you intended to build is what the customer wanted. as most typical projects have 60% of the requirements being unknowable until you start building it, knowing this difference matters. i tend not to see many tests which have high utility which are end to end or ui tests. they are needed for regression testing, but tend to be both slow and fragile.
    1
  41. the issue here is that the public domain has a very specific meaning. it says that the author allows you to do literally a anything with it, and renounces their copyright to it. proprietary software like windows has the owner say "it is mine, and i will control how it is used". they then produce a license with those terms. lots of cases especially for open source have tried to claim open code is public domain, and then ignore the license, but every case i know of has ended up saying "you refused the license, and did not get a different agreement, so you cannot use it. pay up". all licensed software falls back to the default of proprietary code if you either don't include a license, or the user does not accept it, legally speaking, and this understanding is embedded in lots of international treaties for intellectual property.
    1
  42.  @h7hj59fh3f  you are just wrong about this, the following link even explains how to do it. https://en.m.wikipedia.org/wiki/Wikipedia:Granting_work_into_the_public_domain
    1
  43.  @h7hj59fh3f  upon doing a little more research, the us and uk maintain your position, but many other countries don't. so putting the grant of public domain statement makes it public domain in all countries which recognise it, and including the cc0 license grants the closest equivalent in those countries which don't. intellectual property rules are country specific, and follow a pattern in how they are introduced. first, they don't exist, as the country has no domestic industries which need them, this allows domestic industries to form, copying the ip from other countries. the most obvious example of this is book publishing, where foreign books are copied on an industrial scale to develop a local consumer base for the ip. second, local ip starts being produced, so rules get introduced to protect the creator and licensee from other local (and later foreign) companies from continuing to do what has been standard practice, as the local market needs enough revenue to help the local creators to be able to continue to create. third, they want to sell and license to foreign companies, so they have to sign up to international treaties providing either mutual recognition of each others rules, or a standard set of working practices. the first is way better for too many reasons to go into right now. fourth, at some point in this ip recognition process, 2 things happen as the country realises that ip protection needs to be time limited. the idea of public domain ip is accepted, with recognition upon what terms cause it to expire, providing massive bonuses to the public from company abuses of old ip content, and they realise that different industries and different forms of ip have different timescales for return on investment for ip, and need different expiry rules, after which it returns to the public domain. this pr9tects the companies from other companies. 5rade dress (does it look like a mcdonalds) needs instant protection, for the duration of existence of the company to prevent anyone else from pretending to be them. drug manufacturing can take 20 years and a lot of money to get to market, with a lot of products failing before it gets here, so it needs relatively long timescales for exclusivity to recoup those expenses. books on the other hand make most of their income in the first few years, and almost never get a second round of popularity after their initial release, so much smaller timescales should be involved.. and of course, sometimes creators create something for the public good, and want to put it straight into the public domain. due to the american political system being particularly vulnerable to lobbying, they are still not very far along with the public protection side of this, while being very aggressive with the company protecti9n side. however these two sides need to balance for the good of everyone. some other countries are further along or better balanced than others, due to local circumstances. this difference in speed of evolution of the rules is just the most obvious reason why mutual recognition is better than forcing standard rules, but there are many others.
    1
  44. no they were not. the information was clear. the initial proposal was to make every other vendor of antivirus except microsoft have to use a different procedure, giving microsoft an unfair advantage in that market. the eu said no, then microsoft chose to remove the method instead of using it themselves. it was entirely up to microsoft how they resolved the issue.
    1
  45.  @TreeLuvBurdpu  windows defender is not an alternative to crowdstrike, it does a lot less. it is more of an alternative to norton or mcafee. as to the eu, they said you cannot have one set of rules for everyone else, and a better set for you, especially when we are already having issues with your monopoly abuse. microsoft could have made windows defender use the same apis as everyone else, but instead chose to rip out the entire subsystem and keep everyone in kernel space. that was Microsofts choice, not the eus.
    1
  46.  @TreeLuvBurdpu  sorry, but apple did not try and implement a 2 tier system to get an unfair advantage over their partners, so were not blocked. the regulations in this case exist to protect against the abuse of unfair power structures being abused, which is why apple is being investigated for taking a 30% cut of the sales price from all partners in the app store while also blocking the use of side loading and alternative payment methods. note: i am not saying that the regulations are good, only that they said you can't do that, and microsoft made a free choice of what to do instead. they could even have said that they were making their proposed api available at launch, but not mandatory until service pack 1, at which time defender would also use it, but they chose not to.
    1
  47. their own report says that they only ran the validator, and one it passed, immediately pushed to everyone. this bypassed all the other testing they do when they update the driver.
    1
  48. No cognitive load, except for the fact that it stripes all the information contained in the semantic versioning.
    1
  49. ​ @havokgames8297 not sure i would agree. the purpose of the higher level tests is to make a stable public api, after which you can change anything underneath even to the extent of keeping the header file and throwing everything else away. you can also test your private code, but it should already be covered by the high level tests, or be dead code which is never used.
    1
  50. ​ @keithjohnson6510 the ceo said that all at once was company policy.
    1