Site/Off-Topic Discussion Thread

Episode IV: A New Boogaloo

Quote# 125041

Let's talk about the site and other things!

Post feedback, issues, random comments, death threats, etc. here like in all the other Site/Off-Topic discussion threads.

Site/Off-Topic Discussion Thread 4, Brought to you by The Power of Triangles 235 Comments [3/1/2017 4:11:18 PM]
Fundie Index: 0
Submitted By: shy
Username:
Comment:



1 2 3 4 5 10 | bottom

shy

@pyro, @Pharoah, @dxdydz: I'm getting to you guys now. Give me just a bit.

@pyro: You gotta use [pre] instead of [code] to preserve whitespace. [code] is actually an inline tag. I fixed it for you.

3/22/2017 11:48:03 AM



The International Castration Day quote #87815 still isn't showing up for me in the SSTDT archive. It should be in either July 2012 or June 2012 but I'm not seeing it.

3/22/2017 11:51:47 AM

shy

@2033867: I thought I saw it, but I see now that it was another quote mentioning it. I guess International Castration Day was one of her quotes that was deleted. :( Sorry.

I also noticed that somebody has been very busy moving quotes to SSTDT! Whichever modly minion you are, thank you!!

3/22/2017 11:58:43 AM

Uilleam

Aww, the International Castration Day quote was probably the best radfem quote ever. We need something to break up the dominance of incels and MRAs in that section.

3/22/2017 1:56:53 PM

pyro

You gotta use [pre] instead of [code] to preserve whitespace. [code] is actually an inline tag. I fixed it for you.


Wow. Thanks. What a brain fart.

3/22/2017 9:05:14 PM

shy

Sorry for the delay with my replies! Had a bit of a false alarm emergency with The Husband's father.

@ Pharoah: That's a defnite will-do.

@ dxdydyz: That's cool! I was going to go on a ramble about that before shit went down.

@ pyro: I already know this is gonna be the long reply. Yep, it's gonna be open source, and an issue tracker would be awesome. I'm not gonna be using GitHub, but implementing an issue tracker is easy. I think it might even be easy with the current codebase. Fucking wow.

Oh yeah, as soon as the semester was over and I was free for the summer, I was already going to invite you to be a member of the programming team regardless of whether it was open source. But consider this your invitation instead. Right now the team is Ravy, Mikey, and myself, but I'm the one doing 99% of the coding. That's also likely going to change when Ravy and Mikey become free for the summer, too -- Rav's a student, and Mikey's a professor like me except linguistics and a finished PhD. I'll probably still be the one doing most of the code unless you kick into overdrive because ZOMG FREE TIME WHAT IS THIS MANNER OF SORCERY.

I'm not gonna do the GitHub thing because I've already decided on using Mercurial instead of Git. Because you could use Final Cut Pro to edit a 12 second video of your cat to upload on YouTube, or you could buy your grandma a hexadeca-core Mac Pro with 32 GB RAM, a 5 TB SSD, and a 38" 16K high-DPI display so she can send her forwards to you, or you could use Git to manage the source code for a small project with < 5 people. Okay, I know I'm being a little too sardonic there, but I'm a big fan of the KISS principle. And if there weren't at least a little truth in my sardonicism, Mercurial wouldn't be a 4.7 MB download on Mac and Git a 43 MB download. I also have a really bad case of "not-hosted-here" syndrome, and Mercurial has a couple of really nice, lightweight web interfaces that I can set up so our adoring public can look and marvel at the brilliance of our source code right here on FSTDT from the comfort of their browser.

3/22/2017 9:23:04 PM

KingOfRhye

I'm just telling everyone online about this cus it's kinda amusing, I think. If you don't know, I work at Kroger, but in their gas station, detached from the main store. Anyway, last night, I went outside to empty the garbage cans, as usual. I then noticed I had a customer coming up to the kiosk. I told her "I'll be right there.". It was right about that time I realized, I don't have the keys. Oops, I just locked myself out. I called the store on my cellphone and got a guy to give me a spare key.

I felt like such a dumbass, but found the whole thing funny, too. So did the woman I called at the service desk about the key, apparently she found it hilarious. ;-)

3/23/2017 4:57:07 AM

shy

From the Java Virtual Machine specification:

Although the Java Virtual Machine defines a boolean type, it only provides very limited support for it. There are no Java Virtual Machine instructions solely dedicated to operations on boolean values.


The JVM is so bad that booleans are far-out, mind-breaking next-level shit for it. And here I thought not its supporting unsigned integers was bad. I'll probably share some more technical lulz from this as I keep trainwrecking through it.

JFC the PCode machine I made in my second-semester undergrad Compiler Design & Data Analysis class was superior than the JVM in several ways. Superior to that POS in one way is already way too much for a legitimate product that takes itself seriously. Someone needs to be smacked upside the head with the classics like Niklaus Wirth's Algorithms + Data Structures = Programs. Shit's from the 70s and still on-point. The whole reason I know this book exists is that we actually used it in aforesaid class. I wound up reading the whole thing cover to cover on my own time.

Also, it still baffles me why low-level assembly / bytecode developers still insist on 2–4 letter mnemonics for opcodes instead of something at least a little more descriptive than ivkv. Somehow Java somehow actually manages to do something unusually reasonable and mostly avert this, no matter how bad ivkv (invoke virtual) is.

3/23/2017 2:54:11 PM



I made a mistake submitting. Quote #125668 is supposed to be in FSTDT but I apparently submitted it to CTSTDT accidentally instead. Mea culpa.

3/23/2017 2:58:17 PM

shy

@2034390: Fixed. Thanks for telling me!

3/23/2017 3:15:05 PM

pyro

I don't care very much which VCS and hosting solution we use, but please, let's not self-host the code repo. I've done it before. It's just one more thing you need to maintain, and there aren't very many of us to do that work. In a similar metaphor, I'd rather rent a U-Haul truck than buy one.

I was going to recommend Bitbucket, but they've changed everything since I last looked at it. I'm looking through https://www.mercurial-scm.org/wiki/MercurialHosting

And if you do self-host, use a package like Gogs (Gogs is really nice, since it's just a statically-linked blob that you just run, instead of several separate Java apps that need to link together like *cough* Atlassian Trash). I know Gogs is Git; is there a decent developer-server-in-a-box for Mercurial? This is why I'd rather use Git; all the tooling you typically want for a simple project already exists.

Mercurial does have a better user-interface, I'll give it that.

3/23/2017 5:08:43 PM

shy

@pyro: No hosting a repo plz. Mercurial is distributed. To use the web interface / multi-user repositories, this is how it works. I'll set all of that up. All you'll need to do is have an SSH key, and I can even generate one of those for you and send it to you. (You won't actually be using ssh directly. Mercurial will.)

(Edit: It has a mercurial-server plugin I didn't know about. That's actually simpler than the 'normal' way of handling shared repositories. See link.)

There's also an extra-quick and extra-dirty but good enough way to do it that would make security experts pimp slap you into the next galaxy: do things the the 'normal' way, but instead of setting up users and passwords on the server, use a private network interface and nginx reverse proxy server to host the central repository on http://[random-password-string].fstdt.net:[random-port]/ and only allow it to accept connections from the IP-address ranges of the contributors. I already have the sever set up to use an nginx reverse proxy server, anyway. All the committers have to do know is that URL and push changes to it. Then, to do a publicly accessible, read-only central repository, setup nginx to also host the repository on port 80 of a public subdomain, e.g. http://source.fstdt.net:80/, but to drop everything sent to it that isn't an HTTP GET, HEAD, or TRACE method (those last two so just so it behaves like a normal HTTP server).

Also, it should be pretty obvious that VCSes and repos are not part of my repertoire of technical skills and knowledge, nor do I particularly care to learn much about them. That's why I like Mercurial. (Subversion was the big thing back when I did Web development for a living, so I know the basics of it, too.) But I'm very familiar with how to use and configure nginx.

3/24/2017 9:52:42 AM

pyro

A fresh SSH key, just for you:

(Admin edit: Saved and removed the SSH key just because it wasn't wrapping. Horizontal scrollbars are evil. Also, you shouldn't tell 'em it's a public key and what that means. Just let idiots who try to be 1337 hax0rs with it be idiots. If they're not too much of an idiot, it might eventually dawn on them that they can't actually do anything with it. –shy)

As shy already knows, this is a public key. You can use it to identify whether an SSH connection is coming from me. You cannot use it to impersonate me. Doing that would require my id_rsa file, which is never going to leave the computer and thumbdrive it's backed up on.

3/24/2017 11:01:39 AM

shy

I typo 'shy' as 'sgt' so much I'm tempted to start letting people call me 'sarge' as an admin the same way LR and I called Distind 'bossman'.

3/24/2017 11:16:23 AM

shy

Tested out the quick and dirty way on my private server on the local domain I use in the HOSTS file. I am sorely tempted to do it just on account of how easy it is, or am I being a complete idiot? Is there any reason this would be less secure than regular password protection? If nobody shared the subdomain name and port, is there really any way somebody could find and navigate to something like https://qm5dkilkvpcw34d32pngyu3iz582dv4f.fstdt.net:28541/? Is copying and pasting it when pushing and pulling really too much work? There's no way someone could just 'guess' or brute-force find that URL. I keep backups anyway.

Edit: DNSRecon'd all three fstdt domains looking for a couple "private" subdomains already here that are also random strings, just shorter ones. Doesn't find a thing. I was almost certain it wouldn't, but just making sure. If you want to go looking for them, tell me if you find 'em. One is to a test build of FSTDT that is currently not working (so you should see an error page), and the other is to the VPS that will host FSTDT but isn't turned on right now. Neither of them are super-secret things I don't want people to find. Only put 'em out of view because they're not ready for the public yet. (There's also the subdomain that directs to the forums, but that's obviously public and DNSRecon still fails to find it.)

3/24/2017 5:53:19 PM

dxdydz


3/24/2017 9:04:04 PM

pyro

nginx has BASIC Authentication module that's about equally difficult as setting up a vhost. They're both vulnerable to Firesheep-style attacks, but at least HTTP BASIC Auth isn't logged at practically every network hop (I guarantee that the DNS server in your favorite coffee shop logs every domain name that's looked up there).

I haven't managed to find the DNS for your two secret domains, so there's that, I guess. Designing a system that you can't figure out how to break is easy, though.

3/24/2017 10:07:54 PM

shy

@pyro: I actually just tried using htaccess on the off chance it would work. It did! I genuinely did not know that nginx supported Apache-style htaccess authentication. Also, I figured hg would just be like "lolwut." Even if you just use http://hg.fstdt.net/ instead of http://user:password@hg.fstdt.net/, hg is smart enough to prompt you for the credentials.

I think it's enough to set up the reverse proxy to use htaccess, https, a bizarre port, and allow HTTP methods other than GET, HEAD, and TRACE from only the IP ranges of the devs. Nobody is going to be that interested in trashing the repo. If they were, I do backups. Daily backups. I also already expect everyone to have a PGP keypair, include something vaguely enlightening in their commit descriptions, and sign one of them when doing a commit.

Edit: I am normally paranoid when it comes to security, but I'm trying to give not being paranoid a try. How difficult (well, not difficult so much as tedious) it is to set up Mercurial to work with ssh plus my unfamiliarity with using it to host shared repositories is giving me incentive. I honestly thought doing it the Properly Paranoid way would be less work. The pull is still strong, though.

3/25/2017 12:34:22 AM

mikeytron

can i be super annoying put all the source code files i change in a tarball and sign that :333

3/25/2017 1:32:46 AM

shy

Yes, if you want me to delete it.

3/25/2017 1:39:07 AM

Yossarian Lives

[Void]

3/25/2017 10:17:28 AM

dxdydz

I figured out the RAM issue, now I just have to find the jumping issue.

Edit: And I just found out what was causing the jumping issues! I'll probably post some of the programs I write for it here later and I can post the machines documentation if anyone wants to try writing code for it.

3/26/2017 7:23:28 AM



This isn't really that big of a deal but the latest comment's page for SSTDT still has "Latest DSTDT Comments" for its title.

3/28/2017 3:28:28 PM

shy

Why is iptables so awful? I think I'd rather have a root canal without anesthetic than set up an iptables firewall. A built-in kernel-level firewall that is not batshit insane — actually three, take your pick and add it to rc.conf — is one of the many reasons we will be flying FreeBSD come new host time.

@Previous: Oversight on my part. Thanks for pointing it out! I'll do a recompile to fix it tomorrow.

3/28/2017 3:29:26 PM

pyro

Because it wants to be able to do anything, and it expects you to be interacting with it through a frontend like firewalld.

Also, the Linux APIs have to maintain backwards compatibility, which influences initial designs and hampers their ability to evolve. Not to mention the organization structure suffers badly from the Promotion Paradox, and has a large hierarchy and an even huger number of stakeholders.

3/28/2017 6:27:41 PM

1 2 3 4 5 10 | top: comments page