abucci
anthony.buc.ci
 (9w ago)

I am so so so sick of rich people in Silicon Valley driving what people think ā€œcomputer scienceā€ is. Which is exactly whatā€™s happening with ChatGPT, and is what happened with cryptocurrency, web3, ā€œdeep learningā€, ā€¦ā€¦ā€¦..

But I donā€™t know what, if anything, can be done about that. Many of my computer scientist colleagues contribute to this! Generally, weā€™re not organized to counter the bizarre claims that are pushed into the media by SV snake oil salesmen.

ā¤‹ Read More
abucci
anthony.buc.ci
 (9w ago)
In-reply-to » Salty.im Blob Storage - HedgeDoc -- Sanity check a design proposal I'm working with @xuu on? šŸ™ Basic idea is to have a secure blob store that clients can store arbitrary files/objects to, like ratchet state that is private to the client, as well as a place to upload arbitrary files to for sharing with other users in chat.

@prologic

  1. Crowdsource it. Everyone who uses salty or might use salty whoā€™d be willing to help can participate
  2. Reduce the lists. For example, Itā€™s almost surely unrealistic to expect salty to be secure against state actors. But also thatā€™s a design choice. It seems to me that, realistically, youā€™re unlikely to do what would be necessary to make salty secure against state actors, so why even try?
  3. Not all pieces of affected data can be affected by all the actors. Also, some of the combinations tend to be trivial. Finally, you can sometimes group threat actors together (ā€œwe donā€™t want anyone except the recipient of a message to be able to read the messageā€ instead of 7 distinct lines, one for each threat actor) and possibly group affected data together sometimes too. Itā€™s not usually an all vs. all matrix
  4. Focus on the high priority items first when constructing the matrix. Again thatā€™s partly a design choice
  5. If youā€™re clever, you can semi-automate the process of converting the matrix into code! (thatā€™s why I mentioned the casbin libraryā€“you can usually convert a threat model like this into casbin authorization policy files.

But, yeah, a thorough threat model will probably have a lot of rowsā€“thatā€™s kind of what it means to be serious about security instead of bolting it on. The matrix size is a feature. You only have to do it once, and then revise it through time, and you can probably reuse some of that work on other projects that have a security aspect.

ā¤‹ Read More
prologic
twtxt.net
 (9w ago)
In-reply-to » @prologic @movq this is the default behavior of pass on my machine:

@movq@www.uninformativ.de

Now, itā€™s up for debate if this kind of behavior is appropriate for a password manager. šŸ˜…

This is worth the debate for sure. As an aside, whenever I have to show the password on the terminal for some reason or another, I always make sure I clear the terminal buffer and history with ^L^R šŸ˜…

ā¤‹ Read More
abucci
anthony.buc.ci
 (14w ago)
In-reply-to » I've also found that, at least here, Computer Science or (Management of) Information Tecnologies are not related to creating or architecturing software, but on understanding and maintaining current ones.

@eaplmx Sure! You should be able to download the paper from ResearchGate. If that doesnā€™t work let me know and I can get it to you some other way. Note that the link is to a workshop proceedings so youā€™ll have to flip through that to find our paper (the other papers are interesting too!)

Reading over it again, Iā€™m realizing that my memory of what we included is pretty skewed, oops šŸ˜• We did survey some CS education literature to get a sense for how long it took to learn to program according to educators, but it looks like we left out that survey (for lack of space I think? but also because of the audience). The guesstimate about how long it takes to learn a natural language is sourced from the US Department of State. Iā€™ll have to dig through my notes to find where I got the corresponding guesstimate about learning to program.

I totally agree with you about diversity being a very important factor. I definitely have not paid this due attention in the writings Iā€™ve done about CS education. Two links that might be of interest to you that I stumbled on recently:

  • A blog post suggesting thereā€™s really no such thing as ā€œlearning to codeā€. People learn how to program in a specific domain, and a good fraction of what they learn is not transferable to another domain (the blog posts goes a bit into why that might be). So learning programming is a much more nuanced pursuit
  • Amy J. Ko, a CS education researcher at the University of Washington in the US whose interests and work includes the relationship between diversity issues and computing.

Wish I had a better answer for you!

ā¤‹ Read More
prologic
twtxt.net
 (14w ago)

How I build web frontends in Go - Philipp Tanlak ā€“ Hmmm šŸ¤” Thinking about how Iā€™ve been strutting my Go Web Applications, the Templates, the Backend handler(s) and so onā€¦ This guyā€™s approach is quite intriguingā€¦ ā€“ as it might help cleanup this massive ā€œGod objectā€ of a Context that has grown over time in yarndā€™s codebaseā€¦ What do yā€™all think of this approach @lyse@lyse.isobeef.org / @xuu@txt.sour.is ? šŸ¤”

ā¤‹ Read More
prologic
twtxt.net
 (21w ago)
In-reply-to » #randomQuestionsOfTheDay

@eaplmx Go. For the following reasons:

  • Go has a simple and easy learning curve with the right balance of ā€œlanguagesā€ features
  • Go is a statically compiled language with good performace
  • Go has a great standard library
  • Go has great tooling
  • Goā€™s packaging (whilst some argue against) is actually pretty good
  • Go has first-class concurrency
  • Goā€™s concurrency model (CSP) lets you model concurrent programs linearly making concurrent programs easier to read
  • Go has a focus on readability
  • Go compiles insanely fast (if you avoid using CGO)
  • Go doesnā€™t support silly things like classes which is fucking great!
  • Go supports actual good reuse with interfaces and interface types
  • Go supports functional programming (yes it does!)
  • Go is awesome!

ā¤‹ Read More
mckinley
twtxt.net
 (22w ago)
In-reply-to » If I can get a proper static copy of MDN, I'll make a torrent and share a magnet link here. I know I'm not the only one who wants something like this. I don't think the file sizes will be so bad. My current "build" of the entire site is sitting at 1.36 GiB. (Only a little more than double the size of node_modules!) So, with browser compatibility data and such, I think it'll still be less than 2GiB.

2 in the morning is a great time to compare compression algorithms.

Ratio   File size   Filename            Command                     Algorithm
      1  1458553185 build/
  0.451   658022612 ../node-modules/
  0.322   469704387 build.tar.Z         compress -k build.tar       Lempelā€“Zivā€“Welch (LZW) (oh, how far we've come)
  0.185   269780511 build.tar.gz        gzip -k9 build.tar          Deflate
  0.082   119839762 build.tar.bz2       bzip2 -zk9 build.tar        Burrowsā€“Wheeler transform
  0.047    68258612 build.tar.br        brotli -kZ build.tar        Brotli
  0.047    67989604 build.tar.zst       zstd --ultra -22 build.tar  Zstandard
  0.046    67705992 build.tar.xz        xz -zk9e build.tar          Lempelā€“Zivā€“Markov (LZMA)

0.046 is really mind-blowing. I donā€™t need a torrent, weā€™re approaching e-mail attachment file sizes here.

ā¤‹ Read More
abucci
anthony.buc.ci
 (23w ago)
In-reply-to » Recent computer science education research strongly suggests that "computational thinking"--a way of logical/analytical thinking--is distinct from learning to code. Based in part on that research, my wife and I designed and taught a course for several years and wrote a number of articles about it. The latest was titled "Programming Without Code". While I'm not a "no code" evangelist, I strongly believe that pushing the "learn to code" message is pedagogically unsound and intellectually dangerous, and I wish it would stop.

One observation we note from prior research is that gaining fluency in a programming language takes roughly the same amount of timeā€“730 hours, depending on lots of factorsā€“as gaining fluency in a natural language. Most people donā€™t have 730 hours of free time to spend learning another language, and if they did have that free time there are lots of other things theyā€™d probably need to do with it. Nevertheless, as we demonstrated over and over in our course, students with very limited prior background in STEM can learn a ā€œno codeā€ system for data analysis in a few weeks of class, lab, and homework timeā€“at least an order of magnitude faster. When I say ā€œlearnā€, I mean by the end of those few weeks they are capable of producing non-trivial data analysis programs on their own.

ā¤‹ Read More