mspencer712
@mspencer712@programming.dev
- Comment on Advice needed for networking/architecting 1 month ago:
Are you going to be hosting things for public use? Does it feel like you’re trying to figure out how to emulate what a big company does when hosting services? If so, I’ve been struggling with the same thing. I was recently pointed at NIST 800-207 describing a Zero Trust Architecture. It’s around 50 pages and from August 2020.
Stuff like that, your security architecture, helps describe how you set everything up and what practices you make yourself follow.
- Comment on [rant] I want computers to become personal again 2 months ago:
s/celebs/weebs/
Fixed :-)
- Comment on [rant] I want computers to become personal again 2 months ago:
I’ve been ranting about this a lot lately, but as the owner of mspencer.net (completely useless personal domain, but is 199 days older than wikipedia.org for what it’s worth)…
There is sort of a way to do that, but it’s still labor intensive so not a lot of people do it. Movements to investigate are homelab and selfhosted. Homelab equipment is old (extra power-hungry for the capability you get) or expensive. Self hosting requires a bunch of work to stand things up the way you want it.
Biggest barriers to self hosting - or hosting through your nearest nerdy relative - are the following:
Free ad-supported offerings (with the privacy and terms and conditions impacts you describe) are better and easier, so they out compete DIY options. If a nerdy family member offers to host forums and chat for your community club or whatever, the common response isn’t gratitude, it’s “That’s stupid, I’ll just use Facebook.” Without that need and attention, volunteer projects get way fewer eyeballs and volunteers are way less motivated.
Security is difficult to figure out. Project volunteers have enough on their plate just helping users get their stuff working at all. Helping novice users secure their installations is so much extra work.
Many volunteers feel taken advantage of if they produce something that could help companies make money better, when they don’t share any of the money they make through donations or support arrangements. Similarly, many open source projects get taken over by for-profit companies who diminish efforts to make their open source offerings easier to use for free. (They want companies to buy support contracts, even if it means frustrating use by private individuals without kilobucks to spare.)
- Comment on Would you buy "self-hosted in a box" hardware? 2 months ago:
I’ve been struggling to wrap my head around a good security architecture for my mspencer.net replacement crap. Could I bug you for links?
I figured out a while ago to keep VM host management on a management VLAN, and I put each service VM on its own VLAN with heavy, service-specific firewalling and a private OS update repo mirror - but after hearing about ESXi jackpotting vulns and Broadcom shenanigans, I’ve gotten really disheartened. I’d love some safe defaults.
- Comment on Would you buy "self-hosted in a box" hardware? 2 months ago:
I think this needs to exist, but as a community supported system, not as a commercial product.
Pick a set of open technologies - but not the best, lightest weight, just pick something open.
Come up with a security architecture that’s reasonably safe and only adds a moderate amount of extra annoyance, and build out a really generic “self-hosted web hosting and VM company-like thingy” system people can rally around.
Biggest threat to this, I think, is that this isn’t the 90s and early 2000s any longer, and for a big project like this, most of the oxygen has been sucked out already by free commercial offerings like Facebook. The technical family friend offering to self-host email or forums or chat no longer gets gratitude and love, they get “why not Facebook?”
So… small group effort, resistant to bad actors joining the project to kill it, producing a good design with reasonably safe security architecture, that people can install step by step, and have fun using while they build and learn it.
- Comment on NAS / NAS + server? Unraid, Proxmox, Intel, AMD? Looking for guidance. 2 months ago:
Married, we both work from home, and we’re in an apartment.
First, all of my weird stuff is not between her work and living room pcs and the internet. Cable modem connects to normal consumer router (openwrt) with four lan ports. Two of those are directly connected to her machines (requiring a 150-ish foot cable for one), and two connect to my stuff. All of my stuff can be down and she still has internet.
Second, no rack mount servers with loud fans, mid tower cases only. Through command line tools I’ve found some of these are in fact capable of a lot of fan noise, but this never happens in normal operation so she’s fine with it.
Separately I’d say, have a plan for what she will need if something happens to you. Precious memories, backups, your utility and service accounts, etc. should remain accessible to her if you’re gone and everything is powered off - but not accessible to a burglar. Ideally label and structure things so a future internet installer can ignore your stuff and set her up with normal consumer internet after your business internet account is shut off.
Also keep in mind if you both switch over so every movie and show you watch only ever comes from Plex (which we both like), in an extended power outage situation all of your media will be inaccessible. It might be good to save a few emergency-entertainment shows to storage you can browse from your phone, usb or iXpand drive you can plug directly into your phone for example.
- Comment on What is DNC is working with RNC 4 months ago:
I think this was asked in good faith, but is unfortunately unlikely to produce useful discussion. The down-voters are right but the original poster shouldn’t feel bad for asking.
Short answer: it’s ok to say “maybe, we have no way to know, moving on” when something is unknowable like this.
Longer answer / topic hijack: as voters there are many contradictions in our system, and important and necessary information is often hidden from us. Doing the best we can might take various forms:
-
choose government ran by the least-evil people possible and trust the imperfect system formed by the structured interactions of those people
-
choose government that follows policies that align the best with your values or your ethical understanding of the world
-
choose government that is best able to reduce harms and injustices, in a practical and realistic way that anticipates the acts of other factions
-
choose government led by people you hate the least — no, this one is toxic, lazy, easy to manipulate with lies. Manipulators know the longer they keep people hot with emotion the less time people spend learning.
Please do not reply to this with hatred or calls for strong emotion. Leaders at any level can be deliberately evil, sure, but it’s never helpful to dehumanize entire clusters or demographics.
-
- Comment on IBM says their latest AI-enhanced storage platform can identify ransomware in under a minute 8 months ago:
Yeah a bit. IBM QRadar is alright. I’m confident there’s something real (and real expensive) underneath the buzzword salad in that article.
- Comment on With AI looming, is there still space for new coders? 8 months ago:
And those jobs are critical to the process of making new developers.
An important part of my education - the part that grad school can’t teach you, you have to learn it on the job - was being new and terrible, grinding on a simple problem and feeling like a waste of money. Any of the experienced guys sitting behind me could have done this thing in a few hours but I’ve been working on it for a week. “What’s the point? Any minute now they’re going to tap me on the shoulder and tell me I’m done, it’s time to go find another job.”
But that never happened.
Those early problems weren’t fun. At home I would have never chosen to work on them. I’d leave them for someone else. “But now that I’m collecting a paycheck for it, this isn’t up to me. I have to work on it. I can’t give up. I can ask for help, but I need to show my peers that I belong. I can solve difficult problems. I can persevere.”
As a mediocre professional developer, I had to struggle to learn that. I wasn’t getting far on my own, without mentorship and motivation. Homework, pursuing degrees, wasn’t getting me there. (And even now, I seem to have about two weeks of attention span, for projects at home.)
- Comment on Reddit signs content licensing deal with AI company ahead of IPO, Bloomberg reports 8 months ago:
I think the most important thing we can do is shout about this from the rafters, so every potential IPO investor can hear. Most of the subject matter experts have fled. The best data is available for free elsewhere. (And none of us are too happy about having our collective knowledge shared without attribution or appreciation by an AI, but that’s not the point. Money is the point here.)
- Comment on With AI looming, is there still space for new coders? 8 months ago:
As a professional C# developer since 2012, I’d say a programmer needs four kinds of knowledge. As an organizational user of Github Copilot for a couple months, I’d say AI tools can help with one, maybe two of those.
Understanding language and syntax, so you can communicate the ideas in your head to the machine accurately: AI is fairly good at this, will certainly get a lot better.
Understanding algorithms and data structures, well enough to compare and contrast, and choose the most appropriate ones for each circumstance: AI can randomly select something, unless it’s a frequently solved problem. I don’t expect this to get better except for the most repetitive of coding tasks.
Understanding your execution environment and adapting your solutions to use it well: I don’t see the current generation of AI tools ever approaching this. I don’t think they have context for how a piece of code is used, when trying to learn from it. One size fits all is not a great approach.
Understanding your customer’s needs and specific problems, and creating products, not code. Problem domains and solutions are a business’s entire reason for existence. This is all kept confidential (and outside the reach of an AI training data set) for competitive reasons. As a human employee, you get to peek behind the curtain and learn these things yourself.
- Comment on Virginia sheriff's office says Tesla was running on Autopilot moments before tractor-trailer crash 11 months ago:
Agreed. They are deliberately taking advantage of the fact that people don’t understand how autopilot is actually used in aircraft.
Sure, the most pedantic of us will point out that, with autopilot enabled, the pilot-flying is still in command of the aircraft and still responsible for the safe conduct of the flight. Pilots don’t** engage autopilot and then leave the cockpit unattended. They prepare for the next phase of flight, monitor their surroundings, prepare for top-of-descent, and to stay mentally ahead of the rapid-fire events and requirements for a safe approach and landing. Good pilots let the autopilot free them up for other tasks, while always preparing for the very real possibility that the autopilot will malfunction in the most lethal way possible at the worst possible moment.
Do non-pilots understand that? No. The parent poster is absolutely correct: Tesla is taking advantage of peoples’ misunderstanding, and then hiding behind pedantic truth about what a real autopilot is actually for.
** Occasionally pilots do, and many times something goes horribly wrong unexpectedly and they die. Smart, responsible pilots don’t. Further, sometimes pilots fail to manage their autopilot correctly, or use it without understanding how it can behave when something goes wrong. (RIP to aviation Youtuber TNFlygirl who had a fatal accident six days ago, suspected to be due to mismanagement of an unfamiliar autopilot system.)
- Comment on Ethernet is Still Going Strong After 50 Years 11 months ago:
Hmm I’ve got an old Compaq 575e with a PCNet32 nic, and an old 3com 3c509 ISA adapter in a closet with 10base2 and AUI ports.
Use a modem router or managed switch to get down to 100baseT, give this box a Linux distro, enable Ethernet bridging in the kernel, and slaps case this baby can drop almost 20k packets a second, no sweat!
- Comment on Ethernet is Still Going Strong After 50 Years 11 months ago:
Ok now I’m curious what I’m missing out on. Can anyone recommend a good PCIe token ring adapter and concentrator?
- Comment on Weaknesses of agile and Scrum 1 year ago:
Do you keep a shopping list? A personal to-do or reminders list? You should stop because that’s a ritual and rituals are clearly bad.
I mean, no, you should keep the rituals that help you work better and discard the rest. Which is what successful agile teams are already doing.
- Comment on [deleted] 1 year ago:
I’d love to see this become something greater. Consider this challenging problem:
Suppose you have an instance with a community (“C”) that likes to promote subtle but wrong things.
Suppose there’s a community of fact checkers (“F”) who wants to promote actual, verifiable/falsifiable facts by responding to lies with compelling and relevant references. They want to help by directly replying to posts or applying tags in community C, but they are not permitted to contribute by that instance. The community C seems to want their lies to remain unchallenged.
And then suppose there’s some opted-in users (“U”) who want to receive help understanding when posts in community C are not factual. They would like to receive posts or tags from fact checkers, because people they trust have recommended they listen to these fact checkers.
I’d love to see a tagging system that can help “U” and “F” connect, even if the owners of “C” don’t want them to, when browsing content in “C”. Ideally in an extensible way that lets some future implementer come up with novel ways to organize and maintain the fact-checking side of things in response to new threats.
I probably explained this badly, and the letters are probably more pretentious than helpful. But I hope someone smarter can pick this up and run with it, because it’s something the world desperately needs.
- Comment on Help identifying job title 1 year ago:
That’s right. I know I was thrown off by large projects earlier in my career. The more you learn the stronger you get at understanding and packaging/setting-aside larger and larger pieces of a project. Bigger projects stress this ability in new ways. I think I lost a job in 2016 because I couldn’t stretch my brain around something bigger, at a small business with maybe 14 devs.
This might be a bad way to communicate this, and I think I’m taking this in a weird direction, but: I’ll use the Mozilla project as an example of a large project, though I’ve never looked at its source.
Suppose you were in an interview, and due to the specifics you are expected to be fast and fluent with the same technologies used in the Mozilla project, though you’ve never looked at the source before. Given a machine with the source already checked out and open in an IDE, you have one hour to read through the source and familiarize yourself with it, so you can answer questions about how you would approach adding features or test coverage.
What I want to know is: how high does your heart rate go? Does it go up just a little, as expected for a high stakes situation? Or does it go up a lot, because you honestly have no idea how much another dev in your situation would be expected to accomplish, so you have no clue what “good enough” looks like?
This is a crappy example because no interviewer could ever actually use this metric. But I’d say if it goes up a lot, for the reason I gave, you might not be ready for senior. And by this metric, it might not ever be possible to grow to “senior” without working at a company with large multi-team projects. But I think that’s accurate.
- Comment on Help identifying job title 1 year ago:
It sounds like you’ve got enough familiarity with the whole development lifecycle, as applied to a smaller single-dev-sized project, that you’d be great as an SDE 2 at a larger company, ready within a few years to step up to Senior. There are companies with hundreds of developers who only rarely hire straight out of college, where your level of experience is exactly what they want.
(There are also companies with hundreds of developers who do hire straight out of college, and I’m not trying to disillusion recent grads.)
- Comment on I know 69 languages 1 year ago:
When I last had to job hunt (2016) - I just jinxed it didn’t I? - I was complimented by interviewers for separately listing “Classroom experience” and “Professional experience”
I think you get a lot of points for a resume that says “I may or may not be the best fit for you, and that’s ok. Here’s accurate information, so you can make that determination for yourself. I trust you.”
- Comment on join us 1 year ago:
I can’t tell if the downvoters just didn’t recognize your Ohm’s Law joke, or if they did recognize it but are too fatigued by actual COVID misinformation posts to find it funny.
Maybe thE=IR sense of humor needs a bodge wire?