HackerTrans
TopNewTrendsCommentsPastAskShowJobs

butisaidsudo

no profile record

comments

butisaidsudo
·vor 6 Monaten·discuss
That book has been on my list since I heard him on this podcast: https://hiddenforces.io/podcasts/chinas-quest-to-engineer-th...
butisaidsudo
·vor 2 Jahren·discuss
If it's brown, lay down. If it's black, fight back. If it's white, good night.
butisaidsudo
·vor 3 Jahren·discuss
I read so many docs when I was trying to implement OAuth and got more and more confused. This video was a huge help though for explaining all of the concepts:

https://www.youtube.com/watch?v=996OiexHze0
butisaidsudo
·vor 4 Jahren·discuss
We use poetry just for development, but run Docker containers in prod. When the image gets built we just create a requirements.txt (poetry export --format requirements.txt --output requirements.txt), copy that into the image, and pip install. Because this is built using the poetry lock file, it'll always be exactly the same unless we specifically update something with poetry.

I used to work at a place that was just using requirements.txt files that only included our direct dependencies. There was a project that needed updating after not being touched for a couple of years. The requirements.txt didn't change, but when we built the project again, some of the transitive dependencies used a newer version, and a bug was introduced from one of those updates. A bunch of time was wasted tracking down the issue, pinning the old version of the transitive dependency, and figuring out the damage caused by the bug.

As a result, the requirements.txt was changed to also include transitive dependencies. We had vulnerability scanning on our code, and it found a severe issue with one of the transitive dependencies, but there wasn't a version of that library with the issue fixed yet. Time was spent looking into this to see how we could be impacted. As it turns out, it was a transitive dependency for a library that we no longer used and removed from the project months ago. When you create your requirements.txt by running pip freeze > requirements.txt, you don't have an easy way of knowing which library requires which transitive dependency.

There's ways you can fix this using multiple requirements.txt files, but at that point it's a lot easier to use poetry, especially if you want to keep your development dependencies separate.
butisaidsudo
·vor 5 Jahren·discuss
This is a great article on this, with a bunch of thought experiments on what makes you, you: https://waitbutwhy.com/2014/12/what-makes-you-you.html