hot (bad?) take: using specific frameworks / libraries / languages just bc you (your team) like them without any rational justification is underrated. especially with small projects, you can't talk about premature optimizations and at the same time say people should only use certified good frameworks / shouldn't use any at all. if it scales relatively well, doesn't make your code unmaintainable, and users are happy (i. e. the technology in question isn't electron :p), then who cares?


i. e., "we will use kubernetes for microservices and react with one thousand component libraries for frontend bc we need to have a scalable architecture from day one" is most likely a bad approach

but "we will use kubernetes and react bc it's fun and our team likes it" isn't

@leip4Ier but is "we will use kubernetes and react bc it's fun and our team likes it despite it being totally unnecessary, and despite the fact that it'd be 10x quicker to do it without kubernetes or react" a bad approach?

@wolf480pl it won't be 10x quicker, but either way it's their choice (and time to waste), so i don't think we should judge them

@leip4Ier I think we should judge them in the sense that we should make an opinion on how good their choice was. And it really depends what the usecase was, and whether kubernetes+react was a decent fit for that usecase, even if not the best one.

Of corse if they only use the software internally, there's no harm in them shooting a fly with a canon, so no moral judgement here. But if they coerce others to use that software, we certainly can judge them for eg. electron

@leip4Ier oh, you already covered the electron case.
Well I still think react can make users unhappy as well, but yes, if users are happy, no moral judgement against those devs.

But we still can and should deliberate whether that kubernetes or whatever is doing anything usefum in their stack.

@wolf480pl js is insanely fast and if the application is small enough, react won't slow it down. and if it isn't, then you won't write it in vanilla js anyway.

it would however add around 40 kB (gzipped) to the bundle size

@wolf480pl i vaguely remember users complaining about how "this website is slow, it's all bc its developers used react!", but the website in question actually used angular, and i don't think it was the issue..

@wolf480pl but why should we?.. you can't say kubernetes isn't doing anything useful at all, having "infrastructure as code" is always good. and deciding whether the benefits are worth the added complexity is much more complicated than "useful / not useful".

also it looks like setting up kubernetes would often require less time than setting up nginx + app + db on a real server for an experienced operator, so uhh it becomes a question of what matters more to you personally

@leip4Ier well, I've never used kubernetes so I don't know exactly what problem it solves and how much effort it takes. But there are many other ways to have infrastructure as code, and not all of them require containers.

Not saing k18s is an example of this, but I sometimes hear of people use cluster- or cloud-grade solutions on a single server and it sounds pretty pointless to me. Not everyone is Google.

@wolf480pl yeah, i heard a lot about such setups a couple years ago, when everyone talked about hadoop for some reason. it did sound weird. but then they just stopped?

someone on fediverse talked about how science favors research about solutions suitable for large scales, bc large companies pay for that research. maybe that's the reason why cloud-grade tools become easier to use than everything else..

@leip4Ier @alcinnz @wolf480pl I setup kubernetes in the past, distributed over several bare metal servers, including ceph storage and routing of a dedicated /23 subnet. Setting up nginx, database, whatever is pretty simple compared to that.
Did I do something wrong?

@sankakujin @alcinnz @wolf480pl those are different tasks of different complexity. i meant more like, would setting up nginx, some app and db be easier with or without kubernetes?

i don't know too much about it, so i might well be wrong. but i had a broken pre-made k8s setup i had to fix and deploy, and judging by what i learned while doing that, it seems like some tasks are easier to do with k8s even if they don't require it. especially if you use someone else's cloud..

@leip4Ier @alcinnz @wolf480pl a simple misunderstanding then, you did not actually setup kubernetes, but deployed to kubernetes. Sure, that is actually pretty fun, when someone else manages it. But kubernetes is a pretty complex tool, if all you want is deploying a small app.
The complexity might be justified when deploying stuff at a huge scale like Google does, but I am not Google and maybe neither are you.
The complexity might be hidden from you, but it exists and is a waste of resources.

@sankakujin @alcinnz @wolf480pl oh. yep, i didn't mean setting up a cluster itself, i guess i'm not good with terminology. but for a company like one i work for, it doesn't make too much of a difference, either way we don't work with real hardware.

but in a simple setup that abstraction doesn't leak, it's likely that i'll never have to face that complexity directly. so why not use the tool?

@leip4Ier @alcinnz @wolf480pl @sankakujin Please note, that my opinion stems from actually managing kubernetes on bare metal servers. Using kubernetes, when it was running was, as I said, was very nice and I can totally understand, that one might like that.
GitLab, which is another complex tool has a pretty good integration with kubernetes and just pushing to a git repository and watching the magic, while containers are started, hostnames generated and certificates automatically fetched is great

@sankakujin @leip4Ier @alcinnz

In my first year of university, someone asked the teacher if we can use Wolfram to calculate the integrals. The teacher replied that we will be allowed to use Wolfram after we learn how to calculate the integrals by hand, and pass the relevant exams.

Should people be allowed to eat a sausage if they don't know what goes into the sausage?

@wolf480pl @sankakujin @alcinnz in the case that you describe, it makes sense, bc if i understand correctly, the whole point of the course is to teach students to calculate the integrals. so doing it in wolfram alpha would mean wasted time and energy with absolutely no gain. but in real life it doesn't work that way. should people be allowed to phone others if they don't know the details of how volte and cdma work and how voice codecs compress their speech?

@leip4Ier @sankakujin @alcinnz
If you look closely, it appears that the whole point of the course was to teach us calculus. But if you take a step away and look at why the course was there, and why it was obligatory for physics students, you'll find out that it was because physicists will need to calculate integrals as a part of their job.
But if Wolfram Alpha/Mathematica exists, couldn't the calculus be removed from the curriculum?

@leip4Ier @sankakujin @alcinnz
Couldn't you train physicists who have never calculated an integral by hand, and always used off-the-shelf software to do it for them?

@wolf480pl @sankakujin @alcinnz would they do their work as well as those who know how to calculate integrals?

also at high school i thought that we learn all this weird stuff most people don't need, but maybe it's supposed to also serve to help students choose what they wanna learn next. but i guess that isn't applicable to higher education..

@leip4Ier @sankakujin @alcinnz
> would they do their work as well as those who know how to calculate integrals?

I don't know.

(I gave up on physics after 3 semesters of studying it in parallel with CompSci)

If they would, it meas calculus is there just because of elitism / attachment to tradition.

If they wouldn't, I want to understand why.

You may be onto something with weird bugs.

@leip4Ier @sankakujin @alcinnz

You said about solving task efficiently, and low chances of weird bugs happening.

I've recently seen an abstract of an ACM talk titled something like "resilience vs efficiency". The point was that if you only optimize for efficiency, you sacrifice resilience.

Weird bugs will happen. It may take a long time before they do happen, but they will happen eventually. I think it is therefore more resilient to know your tools deep enough to deal with weird bugs.

@leip4Ier @sankakujin @alcinnz
Moreover, can you know if your solution without-knowing-how-tools-work is efficient if you don't know how tools work? Wouldn't that require comparing your solution with a solution you could come up with if you knew how your tools work?

@wolf480pl @sankakujin @alcinnz reasons i can think of (generic, not specific to science):
- weird bugs
- rebuilding civilization after collapse / jumping to the lower-level niche if there's a need / more job opportunities
- knowing basics could help to understand why higher-level stuff was built the way it was, bc actually understanding things works better than just remembering them
- knowing basics helps choose a suitable high-level tool?

@leip4Ier @sankakujin @alcinnz
This is perfect, thank you.
I couldn't've come up with a better set of reasons.

Show more

@leip4Ier @wolf480pl @sankakujin This reminds me of why I enjoy auditing my OS & learning about computer hardware! Why are things the way they are?

P.S. I really like Ben Eater's videos for the latter...

@leip4Ier @wolf480pl @sankakujin Oh, another reason: Never assume the way things are done now is ideal. There might be innovation to be had!

Show more

@wolf480pl @sankakujin @alcinnz i mean, if you need to solve a task, and you can solve it efficiently without knowing how your tools work, and chances that you stumble upon a weird bug you won't know how to fix are low, then imo there's no practical gain from learning the details. the higher the probability of bumping into a bug is, the more important it is to know how things work.

(uh, i hope yours was an invitation to discussion and not just a rhetorical question serving as an illustration)

@leip4Ier @sankakujin @alcinnz
(It was an invitation to discussion. I do believe people should try to understand their tools beyond the bare minimum required to use them, but I don't know why it's the case, or when it's the case, and I'd like to know that)

@wolf480pl @sankakujin @leip4Ier @alcinnz
Presumably the Computer Science students weren't allowed to use a compiler until they had learned how to assemble machine code by hand and enter and run it as hex bytes.

@mathew @sankakujin @leip4Ier @alcinnz
I sometimes wish that was the case. But no.

IIRC they did learn about the stack, registers and heap though.

@mathew @wolf480pl @leip4Ier @alcinnz I actually had a class, where we wrote assembler on paper, converted it to the hexadecimal representation by looking up a table with opcodes and then we edited the memory on a 8086 Dev board byte by byte and ran the program. It was a lot of fun and very educational. I wonder, if this class still exists, the teacher was excellent.

@mathew @wolf480pl @leip4Ier @alcinnz @sankakujin
We had one guy who wrote the shortest code for the assignment in the history of this class. He had the genius idea to reuse some of his opcodes by jumping back into the middle of an instruction, which made it possible to use the same bytes for different instructions.
I still admire that idea.

@wolf480pl @mathew @leip4Ier @alcinnz This must have been somewhere between 2005 and 2007.
I do not think, that he is connected to that. But I know little about him, apart from him being very good at math and assembly.

@wolf480pl @sankakujin @leip4Ier @alcinnz This is a great question. But I think a better metaphor might be:

Should people be allowed to _make and sell_ sausage if they are not familiar with the supply chain and some basics of the machinery, agriculture, nuitrition, biology, law, finance, etc?

@wolf480pl @sankakujin @leip4Ier @alcinnz Another question: Should people be allowed to make and sell sausage if they have outsourced critical parts of the production to the Wolfram Corporation who keeps their techniques secret?

And is it a good idea to train physicists to be dependent on a particular product from a particular corporation? Especially when this product has subsumed and limited a kind of general purpose idea that could be done a dozen different ways and otherwise, creatively embedded into scientific processes.

@leip4Ier @wolf480pl I'm sceptical about generalising js to be fast. A bad dev or a bunch of bloat will make any page slow. It's a programming language, you can make it fast or slow for the user, it all depends on you. I see a lot of people frustrated at the bloat that seems linked to the rise in popularity of js. I often come across web pages where just the js files are 10x bigger than the actual content.

@nezhac @leip4Ier
what about RAM consuption? I often need to refresh mastoFe because it consumes too much RAM - is it framework's fault or app's fault?

Anyway, maybe you're right and it's not react that's slow, it's the type of things devs use react for that are slow. So if react and angular didn't exist, maybe those devs wouldn't make such apps? Maybe they'd make something simpler instead?

@wolf480pl @nezhac a lot of elements on the webpage, plus cache, plus networking? i don't think the framework plays a significant role.

they'd do it in jquery and introduce even more memory leaks. or maybe they'd invent something else. i'm not sure there could be an alternative timeline where native apps would be as complicated to write as in ours, but react wouldn't exist.

@nezhac @wolf480pl js itself is fast and few scripting languages can compare. but dom is slow and nodejs ecosystem is terrible, these factors often offset the speed of js engines. so making slow websites is easy..

i don't think it could be attributed to the rise in popularity of js, it's more about interactive webpages as a concept. servers written in js are fast, though in my experience, ram consumption does leave a lot to be desired.

@leip4Ier @nezhac
speaking of interactive websites - any idea why devs prefer to make GUI with web frontend frameworks utilizing DOM instead of things like Qt or JavaFX?

@wolf480pl @leip4Ier @nezhac I have seen three reasons:

1) The developers have already built a web site and they want to reuse their work

2) They want to build something that will run on both Android and Iphone as well

3) The developers don't know anything else so they don't know the benefits of real UI development

Note how in none of these examples is quality of the final product even considered.

@loke @wolf480pl @nezhac a lot of end users (well, in my experience) prefer web apps over native, so i wouldn't be so sure about quality not being considered

(same users will however happily install mobile apps when prompted..)

@leip4Ier @wolf480pl @nezhac I'd fully understand the argument if you had said they accept web applications, rather that prefer.

Or (now that I'm thinking about it) perhaps I am misunderstanding. Is the point that there are people who would prefer to, say, use some service via a website rather than downloading a dedicated application?

@loke @leip4Ier @nezhac
my guess would be the preference order is something like:

already installed native app > webapp > installing new native app

@wolf480pl @leip4Ier @nezhac Fair enough, but what if you added a distinction between Electron and real application?

@loke @leip4Ier @nezhac
that'd require a user to know what electron is and how it sucks before installing the application

@wolf480pl @loke @nezhac well, many realize how bad the individual app is soon after installing the app

@wolf480pl @nezhac i think it's easier in many ways. you only need to test in two browsers, you don't need to cross-compile (for qt), you get superior development tools. for companies, you get replaceable developers. and java-based UIs are terrible and i don't know anyone who'd prefer a java ui over web.

@wolf480pl @nezhac i think that besides a good gui framework, you also need a sound security model. windows didn't care about security, sysadmins and scary warnings taught people to never ever run native executables unless they absolutely have to. and web apps are a much simpler and safer experience, so they're easier to market as well. consider how much better mobile platforms have it.

@leip4Ier @wolf480pl @nezhac the dom is also just really easy to abuse to make things that look nice. They almost necessarily have weird interactional flaws or antipatterns because if you reinvent all of HCI every time you make a new program you're not going to get it right, but people don't care. HTML/CSS is an insanely powerful and intuitive creative outlet once you stew in it long enough for it to make sense, but unfortunately it still isnt designed in a way that leads to good outcomes

@leip4Ier @wolf480pl @nezhac (imo this is why people use stuff like CEF specifically, you already covered the electron case. It's powerful (too powerful), a lot of people have fluency with it, and it doesn't apply a lot of constraint or make you think about your design patterns)

@syntacticsugarglider @wolf480pl @nezhac yeah, and i think that educational resources are way better. like. now thinking, that's the reason why i'm writing js and not c right now. the promise of it being possible to create a website using only notepad, it's still there :) and you have all these websites like and a repl directly in the program you use the most.

@syntacticsugarglider @wolf480pl @nezhac i remembered this post: computers don't boot to basic anymore, but they're one keypress away from a js repl.

@leip4Ier @syntacticsugarglider @wolf480pl @nezhac I should have emacs start at boot, so I am 0 keypresses away from a lisp machine. (Being 0 only if all the passwords are not counted.)

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.