HackerTrans
TopNewTrendsCommentsPastAskShowJobs

janosd

no profile record

Submissions

Show HN: Mazelit - My wife and I released our first game

517 points·by janosd·vor 2 Jahren·155 comments

comments

janosd
·vor 2 Jahren·discuss
AFAIK it's not enough to write it in your privacy policy. Art 21 of the GDPR makes this explicit:

> (4) At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.

I am not a lawyer, but as far as I can tell, there is no legal way to collect PII (including IP address) or place tracking identifiers on the user's device without at least informing the user explicitly under the GDPR and the ePrivacy Directive.
janosd
·vor 2 Jahren·discuss
I'd say unlikely, games do a lot of work within graphics cards that are not as easily dumpable/restorable as memory.
janosd
·vor 2 Jahren·discuss
Precisely zero sites have a legal obligation to post a cookie notice under the GDPR/ePrivacy directive if all they do is use cookies for technically necessary purposes. If they want to track people on the other hand, that's a different story. Adobe should do a MUCH better job at clarifying their legalese and explaining what they can and cannot use data for. A blog post is not a legally binding agreement.

Also, if they want people to trust them with stuff under NDA, they should give people a simple switch that makes sure no Adobe employee or contractor gets to see sensitive documents or files. Or, as a matter of fact, a switch that lets people turn off online features completely. Adobe is not taking their customer's legal responsibilities seriously and this will lead to people needing to cancel subscriptions. (One example, not even NDA-related: transfering PII outside the EU under the GDPR needs special care.)

The icing on the cake is that when I tried a few weeks ago, you couldn't even log in to cancel your service without accepting the new terms.

Cheers: an ex-Adobe customer (please do better Adobe!)
janosd
·vor 2 Jahren·discuss
After having written probably over 100k lines of Go code, my impression is that Go is simple, but not easy. The language has very few features to learn, but that results in a lot of boilerplate code and there are more than a few footguns burried in the language itself. (My favorite [1])

I find it very hard to write expressive, easy to read code and more often than not I see people using massive switch-case statements and other, hard to maintain patterns instead of abstracting away things because it's so painful to create abstractions. (The Terraform/OpenTofu codebase is absolutely guilty of this btw, there is a reason why it's over 300k lines of code. There is a lot of procedural code in there with plenty of hidden global scope, so getting anything implemented that touches multiple parts typically requires a lot of contortions.)

It's not a bad language by any stretch, but there are things it is good at and things it is not really suited for.

[1]: [link redacted]
janosd
·vor 2 Jahren·discuss
If you do, you can use the application as a library and most of your code will also be easier to test.
janosd
·vor 2 Jahren·discuss
I'm torn because on the one hand, having a large gap after only 1.5 years of employment is a bit of a red flag. On the other hand, you do want to stand out. So let's put the first one aside for a moment. If I were looking at your CV I'd want to find something, anything interesting. A cool side project, your work in some community, something that makes me want to talk to you. If you have a GitHub, I would like to see something that catches my eye. What I don't want to see are a bunch of forked repos with minimal contributions in it or todo list apps. If you can show that you worked in more than one language to a substantial degree, that's also a plus because it shows you can learn. Also, maybe landing a conference talk would help.

When it comes to the interview part, I sadly often meet people who don't understand the fundamentals. Like if someone is asked to write a web app and doesn't understand HTTP. Specifically, things like not every request needing to have a content-length header. I'd love to see that you know what a race condition is and how to avoid it when writing code. Same for security, know your vulnerabilities and what coding methods to use to avoid them.

I know this is a lot to ask for. However, I wouldn't go and learn another JS stack, they come and go and I trust that if you have your basics in order, you'll learn a tech stack or even programming language in no time.

But then again, that's just me and I have a tendency to not hire juniors due to the small team sizes I work in and the relatively large overhead a junior tends to represent. In other words, I don't have a lot of experience hiring juniors. Another thing, you may want to try and apply above junior level, even if you'll get lots of rejections, if you're good you may land something that way.
janosd
·vor 3 Jahren·discuss
No. The cookie banners have nothing to do with cookies per se, they are a consent / information popup required if companies want to store and use personal data beyond what's required to serve you with the website content (GDPR) or they want to store non-essential identifiers on your device (ePrivacy directive).

In other words, you are seeing these because marketing departments need BS metrics that measure nothing and are based on some personal data. The internet can happily exist without them as proven by Github[1].

[1] https://github.blog/2020-12-17-no-cookie-for-you/
janosd
·vor 3 Jahren·discuss
There was a discussion on the BabylonJS forums back in August about this. [1] TL;DR the GPU may now be available, but having to download several gigabytes of assets to download and sit in your browser cache may be a bit problematic. Also, the expectations towards a web-based thing are different than a dedicated download.

[1] https://forum.babylonjs.com/t/why-havent-3d-web-games-reache...
janosd
·vor 3 Jahren·discuss
Corrupt politicians win elections in non-GDPR countries a whole lot too, unfortunately. I'm no political scientist, but I think it has a lot to do with people being unwilling to learn about and engage with the political system, among others. I live in Austria and when it comes to more complicated topics soch as politics, or IT for example, people are outright proud to claim ignorance. Most people actually don't know that they can and should write their EU MEPs. I have, and I have gotten into very fruitful conversations with them. However, instead of asking our kids to know institution names by heart, maybe asking them to engage with the system would be a good start.

Also, if I were into social studies, I'd look at social media and how they drive outrage, and a good way to show kids how such an influence operation works so they don't fall for it. My wife and I have been a little active in this area, but way too little to make any meaningful difference, unfortunately.
janosd
·vor 3 Jahren·discuss
Which would be covered by point 3 in my post. Also, the GDPR is not the only law that can have international ramifications.
janosd
·vor 3 Jahren·discuss
The page is broken in several places in Firefox Mobile.

One more point to add: if you sre collecting the details of EU residents, read up on and obey the GDPR, otherwise it may get very expensive. This goes way beyond just not sending spam, you need to have a compliant privacy policy, use data only for the purposes you collected them for, publish full contact details, etc.
janosd
·vor 3 Jahren·discuss
Even if you can justify something with legitimate interest, which is a huge if, the data subject must be informed and have the option to object.
janosd
·vor 3 Jahren·discuss
Obligatory warning: check your local laws regarding dashcams. They are not legal everywhere and some countries impose very severe fines on using them.
janosd
·vor 3 Jahren·discuss
My wife and I started learning game development a year ago after 15-ish years in the software industry. UE is one of our main drivers. It is probably the hardest to learn when compared to Unity or Godot, but you also have some insane capabilities. Taking Godot detours definitely helped our understanding of how games work, and we should have embraced blueprints a lot more instead of trying to solve everything in C++.

TL;DR: yes, it's possible, but it has a learning curve.
janosd
·vor 3 Jahren·discuss
I got banned directly after signup. I got an email 1 second after signing up that I violated the community guidelines. The algorithm didn't like my Firefox/uBlock Origin combo I guess. Now my phone number is tainted and I can't make an account anymore. Oh well, no Discord for me I guess. (They really are very trigger-happy.)
janosd
·vor 3 Jahren·discuss
A bunch of this stuff you have to do anyway if you want to be GDPR compliant. It's unfortunately not as easy to launch a new service these days as it used to be. But maybe that's not a bad thing given how much data we are being asked to share nowadays.
janosd
·vor 3 Jahren·discuss
I assume you are interested in the Letsencrypt part. Basically, I'm running an Ansible script on my computer, which creates an account key, the server key and requests a certificate. The server key and the certificate are then distributed to the servers that need them, leaving the original account key only on my machine. The Letsencrypt verification happens via my DNS provider, which happens to have an Ansible module.

Here's the source code: [link redacted]
janosd
·vor 3 Jahren·discuss
I find it really sad that these efforts always stop at working in language X, but no formal specification exists that would make it possible to create an interoperable version in a different language. I love TypeScript, but for various reasons one may need a different backend language on the server side. Yes, OpenAPI is a thing, but I have yet to see an OpenAPI spec + code generator that works out of the box and doesn't need a whole lot of fiddling and workarounds. I also understand that it's hard to create something truly interoperable, my previous job was building a usecase-specific typing system, but adding yet more single-language ?RPC implementations isn't really helping. Obligatory XKCD reference: https://xkcd.com/927/
janosd
·vor 3 Jahren·discuss
Go is a weird mix. It doesn't even let you create an unused variables, but happily lets you ignore errors or return variables. That makes no sense and is on Go, not on the admittedly quite excellent tooling provided by people who are not the Go dev team (third party). An IDE is just as much third party to the language as golangci-lint is.
janosd
·vor 3 Jahren·discuss
Go's error handling is a horrible mess:

1. It's easy to ignore returned errors without any compiler warnings. You have to rely on third party tools such as golangci-lint to report missing error handling.

2. Errors don't carry stack traces with them, you have to rely on third party libraries or custom errors to get that functionality and you will only get it for your own code, not in other libraries you are using.

3. It's unclear who should add context to error messages is it the caller or callee? Usually it gets skipped, leading to useless error messages.

4. Errors are untyped. If you want to decide based on error types, you have to use errors.Is or errors.As, which, surprise, is roughly as expensive computationally as panic-recover. (Source: I did a performance tests on this with Go 1.18) Go might as well add a simpler way to create exceptions. (I wrote a prototype library to that effect a while ago: https://github.com/APItalist/lang )

5. Error messages are too terse and hard to read when using the recommended semantic of "message (cause(cause(cause)))". I'd rather see stack traces, that's much more useful.

6. Most loggers are globally scoped and cannot be injected into code, leading to an all-or-nothing approach. It is not uncommon that you have 3-4 logging libraries as dependencies, which you need to configure separately (if you even can). Also, good luck securing this mess.