Stefan Wasilewski

@mipsytipsy I’m convinced, but where are the specifics? Is there, for instance, an example go microservice instrumented in an observabilty 2 best practices manner? Still using opentelemetry ?

More on the o11y 1.0 -> 2.0 landscape here, honeycomb.io/blog/time-to-v… Or these slides from my recent CTO Craft Con keynote, speakerdeck.com/charity/cto-cr…

Our friend @monkchips puts his finger on one of the most significant shifts in the landscape. Observability 1.0 was about how you operate your code -- bugs, errors, crashes, MTTR/MTTD. Observability 2.0 is about how you *develop* your code. redmonk.com/jgovernor/2024…

@kelseyhightower The US has traditionally been against a universal federal ID because it’s a slippery slope towards “papers, please”. In many European countries, you are required to provide ID to law enforcement at any time.

@kelseyhightower @michael_c_law Give yourself an hour or two to try elixir/phoenix w/liveview. Surprising how good it feels for frontend.

We're bringing back good ol server side rendering.

who called it the reporter carrying on a May/December romance with a roadkill enthusiast and not Herald and Mauled

@matthew_d_green Might consider putting the answer in the headline?

Apropos Pavel Durov’s arrest, I wrote a short post about whether Telegram is an “encrypted messaging app”. blog.cryptographyengineering.com/2024/08/25/tel…

@Jyotinder_Singh Can you easily get to n:m threaded/evented concurrency too? No colored functions?

While Go is popular for its intuitive concurrency primitives, most people are unaware how powerful modern C++'s concurrency model is ✨ In fact you can implement channels and select loops in C++ from scratch! That's exactly what I cover in the latest issue of my newsletter! 🚀

@jessfraz This is why I think products like Jetbrains Teamcity that explicitly try to understand the output of individual tests are such a huge advantage compared to the modern “only care about the exit value” ci runners.

We started saving GitHub actions logs to our logs storage and being able to chart specific failures by the string of the failure over time is life changing. oh you’ve seen a test be flakey with X error, let’s chart it over the last 30 days, yup it is, but it started on this day.

@alexxubyte You really want to create a unique random salt for each password, not fetch from db. That way an attacker with your db will have to put in the same work to crack each password.

How to store passwords safely in the database and how to validate a password? Let’s take a look. 𝐓𝐡𝐢𝐧𝐠𝐬 𝐍𝐎𝐓 𝐭𝐨 𝐝𝐨 🔹 Storing passwords in plain text is not a good idea because anyone with internal access can see them. 🔹 Storing password hashes directly is not sufficient because it is pruned to precomputation attacks, such as rainbow tables. 🔹 To mitigate precomputation attacks, we salt the passwords. 𝐖𝐡𝐚𝐭 𝐢𝐬 𝐬𝐚𝐥𝐭? According to OWASP guidelines, “a salt is a unique, randomly generated string that is added to each password as part of the hashing process”. 𝐇𝐨𝐰 𝐭𝐨 𝐬𝐭𝐨𝐫𝐞 𝐚 𝐩𝐚𝐬𝐬𝐰𝐨𝐫𝐝 𝐚𝐧𝐝 𝐬𝐚𝐥𝐭? 1️⃣ A salt is not meant to be secret and it can be stored in plain text in the database. It is used to ensure the hash result is unique to each password. 2️⃣ The password can be stored in the database using the following format: 𝘩𝘢𝘴𝘩( 𝘱𝘢𝘴𝘴𝘸𝘰𝘳𝘥 + 𝘴𝘢𝘭𝘵). 𝐇𝐨𝐰 𝐭𝐨 𝐯𝐚𝐥𝐢𝐝𝐚𝐭𝐞 𝐚 𝐩𝐚𝐬𝐬𝐰𝐨𝐫𝐝? To validate a password, it can go through the following process: 1️⃣ A client enters the password. 2️⃣ The system fetches the corresponding salt from the database. 3️⃣ The system appends the salt to the password and hashes it. Let’s call the hashed value H1. 4️⃣ The system compares H1 and H2, where H2 is the hash stored in the database. If they are the same, the password is valid. Over to you: what other mechanisms can we use to ensure password safety? – Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): bit.ly/3KCnWXq

@DNAutics Not really true: man7.org/linux/man-page…

Kind of wild that fork/exec is still the only way to start a new os process

This is fucked up. Changes the landscape of jungle warfare

@kelseyhightower Are you suggesting that every service-service connection should go through an ingress?

@dcuthbert @ValeryMarchive Tailscale

@ValeryMarchive This market is an interesting one. Yes we need a better solution but I’ve yet to see one I actually go “oh shit, yeah this is proper”

Been shouting this for years “VPN appliances "all appear to have been constructed with the code equivalent of string, stamped with the word ‘secure’ and then just left to decay for 20 years..."

@ChShersh Preemptive n x m concurrency

Following my previous post, below are fundamental programming language features that are enough to be productive: 0. Expression-based syntax 1. Functions 2. Types 3. Higher-Order Functions (HOFs) 4. Algebraic data types (ADTs) 5. Pattern matching 6. Parametric polymorphism 7. Ad-hoc polymorphism through globally coherent type classes 8. Extensible records 9. Polymorphic variants 10. Exports and imports 11. Immutability by default 12. Easy syntax for mutability 13. Type inference 14. Garbage Collector 15. Records with dot-accessed fields 16. Anonymous functions What’s missing here for you? And what would you remove?

@patio11 Hey, what’s the best way to do this for six figures a year for a small business? Any idea what a “good” spread is?

*20 minutes later* Me: I will need about 15 minutes of your time in March to call your currency desk and get a quote on yen. Banker: Wat. Me: I will owe taxes in Japan. As you know, if I just put the wire through the app, the bank will not give me the best price available.

Banker: Would you say you are a business owner? Me: Yes. Banker: What is it you do? Me: Uhhh it’s complicated. First half of it: Have you heard of Substack? Banker: No. Me: Alright in that case does your form allow specifying an NAICS code? Banker: Can you use regular words?

@adastroworld Hardware key authenticates the site it’s talking to as well as allowing the site to authenticate you. This makes it not vulnerable to phishing attacks, unlike apps where you enter a code, and attacking site will just enter the same code on real site.

@eatonphil dang is very thorough fixing those if you let him know.

I'm pro-HN (if you aren't, no need to tell me). But one thing that's bugged me recently is blatant recap articles of posts getting to the front page, like this infoq one about Uber right now. So when you see good posts, give a glance that you're rewarding original authors! :)

@headius I think you can do some reasonable testing with Parallels on an arm Mac.

The Java Native Runtime, fastest way to call native code from Java w/o JNI or Panama, now supports Windows-AArch64 and RISCV64! We'll roll this into the JRuby 9.4.4 release. If anyone has a Windows-AArch64 machine to donate for testing, we'd appreciate it! buff.ly/465ABu5

@nathanhammond Ok. You win :)

@nathanhammond How many passports do you need, Nathan?!

America is on the brink, so of course the media doesn't get it. Last week, the disconnect between rising GOP fascism - on a debate stage, in Trump's arrest posturing - and journalists covering 'a normal election' was really jarring Now what? My new column inquirer.com/opinion/commen…