HackerTrans
TopNewTrendsCommentsPastAskShowJobs

oflor

no profile record

comments

oflor
·hace 4 años·discuss
Rewriting a module from one tech stack to another is not much harder when that module was a part of a monolith and not a separate service, except that you haven't paid the upfront cost of bootstrapping a new service, putting in RPC calls, etc. And in any case, starting a project as microservices is already a bad practice due to a number of reasons, the most important for me is that it's hard to change module boundaries, which you will most likely get wrong in a new project.
oflor
·hace 4 años·discuss
Tech zoo sometimes considered to be an anti-pattern in microservices. By introducing a different language into your organization, you decrease the mobility of developers between code bases and dilute technical knowledge.
oflor
·hace 4 años·discuss
> This references the "fuzzing" infrastructure hosted by the Reproducible Builds project, and doesn't show "true" reproduction of binaries. It's designed to help us figure out where impurites occur in builds.

I think the "fuzzing" approach is actually the correct one. The fact that build systems are static does not improve reproducibility on its own, as the idea is that the packages could be built on different systems and result in the same binaries. If I built some Arch PKGBUILDs from the official community repo, I should still get the same binary, despite the fact that my machine has a different setup from the Arch project's own infra.
oflor
·hace 4 años·discuss
You can always run Nix in Docker to build and run any software that uses it. Without Nix, however, I am forced to either install a bunch of bloat into my system such as Haskell compilers or libraries, or run Docker anyway.
oflor
·hace 4 años·discuss
And how does it recover incomplete tasks in case of sudden power outage? Microservices use persistent message brokers for that, which are not there in threads. Or are these monoliths all treated as pets with redundant power supply and network lines?
oflor
·hace 4 años·discuss
I'm sorry, I don't have a good answer for you. While PGP-like web of trust is accessible on native desktop and mobile applications, it's certainly harder to use in browser. I don't think that it should be an argument against supporting it.

One of the widespread solutions in the cryptocurrency world is browser extensions, which store in its private storage the private key and allow you to use it to sign some transactions in the same browser window. I reckon it's possible to implement the same approach for PGP and store the private key and trusted public keys in order to sign and validate messages.
oflor
·hace 4 años·discuss
It looks a lot like XMPP with some of its flaws – too much flexibility and no principled stance on privacy and security issues. For example, I couldn't find how ActivityPub supports signatures of sent content, while Mastodon (one of ActivityPub implementation/services) specifies and requires it. And it's really disappointing that they don't solve the identity theft problem, leaving it all in hands of instances' admins.
oflor
·hace 4 años·discuss
It's not difficult, but it's disrupting to your coding flow, which is bad in itself and even worse when prototyping.