I am so so so sick of rich people in Silicon Valley driving what people think “computer science” is. Which is exactly what’s happening with ChatGPT, and is what happened with cryptocurrency, web3, “deep learning”, ………..

But I don’t know what, if anything, can be done about that. Many of my computer scientist colleagues contribute to this! Generally, we’re not organized to counter the bizarre claims that are pushed into the media by SV snake oil salesmen.

⤋ Read More
In-reply-to » Salty.im Blob Storage - HedgeDoc -- Sanity check a design proposal I'm working with @xuu on? 🙏 Basic idea is to have a secure blob store that clients can store arbitrary files/objects to, like ratchet state that is private to the client, as well as a place to upload arbitrary files to for sharing with other users in chat.


  1. Crowdsource it. Everyone who uses salty or might use salty who’d be willing to help can participate
  2. Reduce the lists. For example, It’s almost surely unrealistic to expect salty to be secure against state actors. But also that’s a design choice. It seems to me that, realistically, you’re unlikely to do what would be necessary to make salty secure against state actors, so why even try?
  3. Not all pieces of affected data can be affected by all the actors. Also, some of the combinations tend to be trivial. Finally, you can sometimes group threat actors together (“we don’t want anyone except the recipient of a message to be able to read the message” instead of 7 distinct lines, one for each threat actor) and possibly group affected data together sometimes too. It’s not usually an all vs. all matrix
  4. Focus on the high priority items first when constructing the matrix. Again that’s partly a design choice
  5. If you’re clever, you can semi-automate the process of converting the matrix into code! (that’s why I mentioned the casbin library–you can usually convert a threat model like this into casbin authorization policy files.

But, yeah, a thorough threat model will probably have a lot of rows–that’s kind of what it means to be serious about security instead of bolting it on. The matrix size is a feature. You only have to do it once, and then revise it through time, and you can probably reuse some of that work on other projects that have a security aspect.

⤋ Read More
In-reply-to » @prologic @movq this is the default behavior of pass on my machine:


Now, it’s up for debate if this kind of behavior is appropriate for a password manager. 😅

This is worth the debate for sure. As an aside, whenever I have to show the password on the terminal for some reason or another, I always make sure I clear the terminal buffer and history with ^L^R 😅

⤋ Read More
In-reply-to » I've also found that, at least here, Computer Science or (Management of) Information Tecnologies are not related to creating or architecturing software, but on understanding and maintaining current ones.

@eaplmx Sure! You should be able to download the paper from ResearchGate. If that doesn’t work let me know and I can get it to you some other way. Note that the link is to a workshop proceedings so you’ll have to flip through that to find our paper (the other papers are interesting too!)

Reading over it again, I’m realizing that my memory of what we included is pretty skewed, oops 😕 We did survey some CS education literature to get a sense for how long it took to learn to program according to educators, but it looks like we left out that survey (for lack of space I think? but also because of the audience). The guesstimate about how long it takes to learn a natural language is sourced from the US Department of State. I’ll have to dig through my notes to find where I got the corresponding guesstimate about learning to program.

I totally agree with you about diversity being a very important factor. I definitely have not paid this due attention in the writings I’ve done about CS education. Two links that might be of interest to you that I stumbled on recently:

  • A blog post suggesting there’s really no such thing as “learning to code”. People learn how to program in a specific domain, and a good fraction of what they learn is not transferable to another domain (the blog posts goes a bit into why that might be). So learning programming is a much more nuanced pursuit
  • Amy J. Ko, a CS education researcher at the University of Washington in the US whose interests and work includes the relationship between diversity issues and computing.

Wish I had a better answer for you!

⤋ Read More

How I build web frontends in Go - Philipp Tanlak – Hmmm 🤔 Thinking about how I’ve been strutting my Go Web Applications, the Templates, the Backend handler(s) and so on… This guy’s approach is quite intriguing… – as it might help cleanup this massive “God object” of a Context that has grown over time in yarnd’s codebase… What do y’all think of this approach @lyse@lyse.isobeef.org / @xuu@txt.sour.is ? 🤔

⤋ Read More
In-reply-to » #randomQuestionsOfTheDay

@eaplmx Go. For the following reasons:

  • Go has a simple and easy learning curve with the right balance of “languages” features
  • Go is a statically compiled language with good performace
  • Go has a great standard library
  • Go has great tooling
  • Go’s packaging (whilst some argue against) is actually pretty good
  • Go has first-class concurrency
  • Go’s concurrency model (CSP) lets you model concurrent programs linearly making concurrent programs easier to read
  • Go has a focus on readability
  • Go compiles insanely fast (if you avoid using CGO)
  • Go doesn’t support silly things like classes which is fucking great!
  • Go supports actual good reuse with interfaces and interface types
  • Go supports functional programming (yes it does!)
  • Go is awesome!

⤋ Read More
In-reply-to » If I can get a proper static copy of MDN, I'll make a torrent and share a magnet link here. I know I'm not the only one who wants something like this. I don't think the file sizes will be so bad. My current "build" of the entire site is sitting at 1.36 GiB. (Only a little more than double the size of node_modules!) So, with browser compatibility data and such, I think it'll still be less than 2GiB.

2 in the morning is a great time to compare compression algorithms.

Ratio   File size   Filename            Command                     Algorithm
      1  1458553185 build/
  0.451   658022612 ../node-modules/
  0.322   469704387 build.tar.Z         compress -k build.tar       Lempel–Ziv–Welch (LZW) (oh, how far we've come)
  0.185   269780511 build.tar.gz        gzip -k9 build.tar          Deflate
  0.082   119839762 build.tar.bz2       bzip2 -zk9 build.tar        Burrows–Wheeler transform
  0.047    68258612 build.tar.br        brotli -kZ build.tar        Brotli
  0.047    67989604 build.tar.zst       zstd --ultra -22 build.tar  Zstandard
  0.046    67705992 build.tar.xz        xz -zk9e build.tar          Lempel–Ziv–Markov (LZMA)

0.046 is really mind-blowing. I don’t need a torrent, we’re approaching e-mail attachment file sizes here.

⤋ Read More
In-reply-to » Recent computer science education research strongly suggests that "computational thinking"--a way of logical/analytical thinking--is distinct from learning to code. Based in part on that research, my wife and I designed and taught a course for several years and wrote a number of articles about it. The latest was titled "Programming Without Code". While I'm not a "no code" evangelist, I strongly believe that pushing the "learn to code" message is pedagogically unsound and intellectually dangerous, and I wish it would stop.

One observation we note from prior research is that gaining fluency in a programming language takes roughly the same amount of time–730 hours, depending on lots of factors–as gaining fluency in a natural language. Most people don’t have 730 hours of free time to spend learning another language, and if they did have that free time there are lots of other things they’d probably need to do with it. Nevertheless, as we demonstrated over and over in our course, students with very limited prior background in STEM can learn a “no code” system for data analysis in a few weeks of class, lab, and homework time–at least an order of magnitude faster. When I say “learn”, I mean by the end of those few weeks they are capable of producing non-trivial data analysis programs on their own.

⤋ Read More