It’s best to have a local copy of package repos with whitelisted libraries, or so I’ve heard. But containers are fine, too. Especially with VSCode .devcointainers, it’s super easy to setup and distribute with the repo, there’s really no reason not to do that.

The biggest issue here that a lot people don’t realize is Bing AI, it’s insanely easy to poison it’s results, since it summarizes search results. It’s only a matter of time before someone convinces it to start using or adding a typosquatted/malicious library to answers to a common programming question, and it will be a fun times ahead.

it’s also important to keep in mind that the cybersecurity field has adbanced tremendously, with cloidfare, EDRs, and in general it is now way harder to do anything anonymously without getting caught, quickly. This also males the field of hacking way more difficult to get in, which combined with reduced attention span of younger generations probably means there’s not that many bored teens willing to put the time in, and as an adult you have way much more to loose, so for hose who had the skills it would be a lot greater risk.

As someone who works in gamedev, I’m sure that some of the people there are passionate about it and it is gutwrenching to see your work fail so hard. I’m sad for every project that launches after years of work and fails to get any attention or sales, and I’m definitely sure there’s someone losing sleep due to that.

I never worked in super-large projects, but I did work for a AAA studio and even there, you got people invested into the project.

From how I’ve seen it, you wouldn’t work in gamedev unless you are passionate about it, because you can get drastically better pay for the same job in other, more business focused, industries. So, if all you cared about is money, you have better options.

How I understand it is that the admired language is one of those “I’ll start learning it tommorow” languages, that you however already talk about how great it is wherever you can, i.e see Rust on Lemmy.

I also find it funny (and relatable) how neovim is the most admired IDE. I totally relate to that, I’ve been telling myself “I’ll learn and switch to Helix tommorrow” for the past two years.

76% of all respondents are using or are planning to use AI tools in their development process this year, an increase from last year (70%). Many more developers are currently using AI tools this year, too (62% vs. 44%).

What the fuck. That’s horrifying. I also though that every sensible workplace bans the use of AI.

A friend was telling me about a discussion between CTO’s at a conference, where they were talking about whether it’s even worth it to hire junior developers anymore, since there’s a high risk of them just being “AI-raised”, without much (or any) experience of coding without AI. And, this survey result… I can see where they are coming from. The future of programming looks pretty bleak - our job will not be replaced. It will just get worse, with good developers being more of a rarity.

And the amount of people who use vim or neovim as their IDE is surprisingly high. Is it skewed by sysadmins?

That’s a good question, and I never through about it like that. I think that the lack of documentation isn’t that much of a problem, rather that the code stands out in the project in that it is complex to understand and requires some more though, effort and imagination to grasp, since it’s generic with lot of interfaces and polymorphism.

Now, that usually wouldn’t be much of an issue, however - the project is a game we’ve been actively working on in our spare time in a team of 2 programmers for the last 6 years, and we are all fed up with it and just want it to end. Most of the (pretty large by now) codebase is kind of simple - it’s a game code, after all, and since we started it when we were 20, there aren’t many overenginered ideas or systems, but everything is mostly written in the ugly, but simple and direct way, so if we had wanted to change something, we may have had to rewrite a part of it, but it never really needed much effort to understand what’s going on.

But now I need to change this code, which is one of the only parts that requires some kind of imagination and actually sitting down and trying to understand it, and since my motivation about the project is so low, it’s a pretty large hurdle to cross. One that is also unnecessary, since most of the generalism isn’t needed and will never be used. But since the code is written in such extensible way, it’s hard to just hack up a simple and ugly solution somewhere into it and be done with it, without really figuring out what the hell is going on.

A documentation wouldn’t help with that - it would still take the same amount of mental effort to be able to work with that code, which we generally lack in the project. I think that if I actually took the time to properly look through the code, figuring out what’s going on wouldn’t be too hard - the naming convention is pretty ok and it’s not that difficult, it just requires some mental effort.

I’m not trying to make excuses, the code very probably has problems, I’m just trying to better sort my thoughts about why I have so much problems working on it. It probably has more to do with my motivation, rather than the code in itself, and the fact that the complexity here wasn’t required, and is now a needless hurdle that actually hinders progress. Not due to it’s quality, but do to unrelated motivation issues and us having to basically force ourselves to work on and finish the damn project.

There’s a piece of code in our hobby game project that I’ve written after attending classes in college about how to write clean and SOLID code. It’s the most overengineered piece of shit I’ve ever written. I’m not saying it’s the fault of the lectures, of course it’s on me being a little bit over zealous, but it does check all the boxes - It’s a simple “show selectable list of stuff”, follows MVC, it’s extensible without rewriting to adittional data-types and formats, extensible view that can show any part of data you need, generic, and in general it could be used anywhere we need, for any kind of data.

There’s only one place where we need and use such list in our game.

I needed to rewrite a part of it, since the UI changed drastically, to not need this kind of list, while also adding events into the process. I haven’t seen the code for almost 4 years, and it’s attrocious. Super hard to understand what’s going on, since it’s too generic, interfaces and classes all over the place, and while it probably would be possible to rewrite the views for the new features we need, it’s just so complex that I don’t have the mental capacity to again figure out how it was supposed to work and properly wire it up again.

I’m not saying it’s fault of the classes, or SOLID. It’s entirely my fault, because the classes inspired and hyped me with ideas about what a clean code should look like, that I didn’t stop and think whether it’s really needed here, and went over-the-top and overengineered the solution. That’s what I’d say is the danger of such Clean Code books and classes - it’s easy to feel clever for making something that passes SOLID to the letter, but extensibility usually comes at a complexity, and it’s super important to stop and think - do I really need it?

One night when returning from a party at work, I’ve decided to stay a while longer in the tram to escort my co-workers to the tram central hub (which was like half an hour of tram ride), instead of getting out at my home, which was only 5 minutes from our workplace.

When I got into the tram back home, there was an older guy with a carboard robot costume, who was talking to someone about his work in the theater. Because I find people like that interesting, I decided to move closer and sit next to them, so I can listen to their pretty interesting conversation. I’ve tripped and basically literally fell into their conversation, and the other guy left, so we started talking. It turned out he does a prop-guy on movies and for theater, and we hit it off pretty well. He also lived literally 3 minutes from my place, and we have decided to go have a few more beers at his home, which was basically a storage lot full of random stuff without much furniture - just random props, one bed, and a lot of beer.

I’ve messaged my GF that I’ll be late, since I’m drinking with this pretty cool old guy, and send her a picture of the place. Her reponse was “Wait, isn’t that ?”. Turns out, he was a prop guy on a movie they were filming a lot of years ago at their old family house when she was young, and not only he was the most fun guy to be around there, always sneaking out to drink with them, but also briefly dated her (late) mother, so he’s basically her step-dad. Since he’s pretty old-school, no social networks, internet and barely a phone, we did exchange contacts and since then have seen him a few times, and it was always a treat, like getting us to the backstage of theater production. But the way we have met is so, so random and the odds of something like that happening are mind blowing. I usually don’t follow random people home, but here we have hit it off so well that we wanted to keep talking and it didn’t even felt weird.

I really hope that CS will come up with recipes and emails where the board specificly “strongly recommended” that they reduce operation costs or denied internal investments. It probably won’t happen, because such pressure from investors is usually pretty vague, i.e they don’t literally tell you to cut corners, but they strongly suggest that if you won’t somehow increase revenue, you (the management) will have problems. Of course, it’s up to you how you do it, but to meet their often unrealistic demands, just doing a better job while also investing into internal failsafes is often simply not possible. It’s a loss-loss situation for CS, but I really hope they won’t loose this legal battle.

I’m sure there’s a lot of CS employees that would disagree with that, unfortunately there’s probably not much they can do about it.

I was just a few days ago giving my two weeks notice exactly for that reason. I’m getting so fed up with capitalism and companies working for the vultures who give zero fucks about what you do or whether you do it well or not, prioritizing profits over actually doing your job well. I don’t care about money, I worked in cybersec out of principle, to help people with their security. I don’t really care about money, as long as there’s job to be done for someone, I don’t really care if the project I’m working on is super profitable for me, as long as it at least breaks even. But no, we had to cut corners, basically scam our customers by selling products we had no qualified people for who barely scraped by enough results for the customer to not notice it. Non-existent R&D or training, because several milions of anuall profit are not enough. Fuck all of them, if I’m ever going to work again in cybersec, it will be a non-profit.

This OP’s article infuriates me, the nerves they have to demand more money for what’s entirely their failure, which they also directly cause in every company they touch. I’m sure that the fact that the failure was so devastating for most companies is also by large margin fault of their investors, some of which are probably also part of this lawsuit, that blocked investment into disaster recovery plans or backups, because their millions of profit per year felt low.

I feel like I’m getting pretty radicalized recently, ugh.

While I’m all for holding CS accountable for what happened, thisis not the way how to do it and to whom they should be accountable. If there’s any lawsuit, it should come from the customers who have been affected by the outage, not some fucking investors and shareholders that probably kept pressuring CS for the last several years to reduce costs and increase revenue, that are now scrambling to avoid consequences of their endless greed ruining companies they don’t care about by forcing endless growth at all costs and doing as much as they can to prevent internal investments, because that’s not what makes the line go up.

Fuck them. I hope they loose and have to eat their losses + expensive lawsuit. If CS would be able to actually invest their revenue internally, instead of it feeding pockets of greedy investors who give literaly zero fucks about the product or the service, this may not have happened.

I saw that happen at the cybersecurity company I was working at, when we got acquired by investors. Several milion of profit after costs suddenly wasn’t enough, and we had to reduce already non-existent internal projects or investments, that we have already been lacking to be able to do our job properly.

One important thing about CS was that it’s also marked as a boot-start driver. That flag tells the OS that it can’t boot without it no matter what happens, aside from safe mode, and iirc if your driver doesn’t have that flag, which drivers probably shouldnt have, from how I understand it if such a boot loop would happen due to a faulty non-boot-start driver, the system will recognize that and simply disable it.

What stops you from tampering with the game folder, and changing the function that sends the hash, to send a pre-calculated and valid value, instead of calculating it from real files you are running?

Ever since I played watchdogs and shadowrun, I wanted to work in cybersecurity, especially as a Red Teamer, which is literally Shadowrun - you run complex ops that have to break in, and steal stuff from largre banks without anyone but the management knowing about the test, with almost nothing being off-limits, as long as it doesn’t cause some kind of damage.

Five years later, I do work as a Red Team Lead. Hpwever, our company was just scrambling to start doing RT since thats the buzzword now, and while we did have amazing pentesters, unfortunately pentesting and Red Teaming requires vastly different skills. Ypu never need to avoid EDRs, write malware with obscure low-level winapi, or even know what kind of IoC ajd detections will a command you run create, when you are doing a pentest.

But since no one knew better, and I love learning and researching new stuff, while also having Red Teaming romabticized, my interrest in it eventually led to me getting a Lead position for the barely scrambling team.

Mind you, I was barely out of being a junipr, with only three years of part time pentesting experience. It was NOT a good idea.

I quickly found out that RT is waaay harder and requires the best of the best from cybersec and maleare development. We didnt have that. Also, turns out that I love to learn now stuff and take on a challenge, but being a Lead also means you are drowning in paperwork and discussions with client, while also everyone from the team doesn’t know what to do and turns to me about what should we do. Which I didn’t know, and barely managed to keep learning it on my own. Our conpany didnt want to give us much time for learning outside of delivery, I was only working parttime, and I was slowly realizing that we don’t have almost any of the skills we need.

We were doing kind of a good job, most of our engagement turned out pretty well, but it was atrocious.

Turns out, I’m not good at managing and planning projects, or leading people. I’m better just as a line member.

I’d like to mention one exception, because it took me ages to properly debug.

If your endpoint is serving mirrors for APT, don’t redirect to HTTPS.

APT packages are signed and validated, so there is no need to use TLS. Lot of docker images (such as Kali) do not have root certificates by default, so they can’t use the TLS, because cert validation fails. You also can’t install the certificates, because they install through APT. If your local mirror redirects to https by default, it will break it for people who choose the mirror, which IIRC happens automatically based on what’s closest to you. I think this issue is still there for Czech Kali package mirror, and it took me so long to figure out (because it’s also not an issue for most of the users, since they have different mirrors), so I like mentioning this when talking http/s. It’s an edge case, but one that I find interresting - mostly because it would never occur to me that this can be an issue, when setting up a mirror.

But that was more than a year ago, it may be better now.

Btw, choco (and maybe even winget?) already has a gsudo tool, which implements sudo. It is super handy, and having a native version is definitely better, but before its available, I recommend gsudo.

I’m starting to think that “good code” is simply a myth. They’ve drilled a lot of “best practices” into me during my masters, yet no matter how mich you try, you will eventually end up with something overengineered, or a new feature or a bug that’s really difficult to squeeze into whatever you’ve chosen.

But, ok, that doesn’t proove anything, maybe I’m just a vad programmer.

What made me sceptical however isn’t that I never managed to do it right in any of my projects, but the last two years of experience working on porting games, some of them well-known and larger games, to consoles.

I’ve already seen several codebases, each one with different take on how to make the core game architecture, and each one inevitably had some horrible issues that turned up during bugfixing. Making changes was hard, it was either overengineersled and almost impenetrable, or we had to resort tonugly hacks since there simply wasn’t a way how to do it properly without rewriting a huge chunk.

Right now, my whole prpgramming knowledge about game aechitecture is a list of “this desn’t work in the long run”, and if I were to start a new project, I’d be really at loss about what the fuck should i choose. It’s a hopeless battle, every aproach I’ve seen or tried still ran into problems.

And I think this may be authors problem - ot’s really easy to see that something doesn’t work. " I’d have done it diferently" or “There has to be a better way” is something that you notice very quickly. But I’m certain that watever would he propose, it’d just lead to a different set of problems. And I suspect that’s what may ve happening with his leads not letting him stick his nose into stuff. They have probably seen that before, at it rarely helps.

I had the same issue with gamedev industry, but thankfully Ive very quickly realized that’s how work works, and you usually have a choice - either earn a good living being a code monkey, or find a job in a small company that has passion, but they won’t be able to afford paying you well, or do it in your free time as a hobby. Capitalism and passion doesn’t work together.

So I went to work part-time in cybersecurity, where the money is enough to reasonably sustain me, and use the free time to work on games in my free time. Recently, Ive picked up an amazing second part time job in a small local indie studio that is exactly the kind of environment I was looking for, with passion behind their projects - but they simply can’t afford to pay a competitive wage. But I’m not there for the money, so Ibdon’t mind and am happy to help them. Since there are no investors whose pocket you fill, but the company is owned by a bunch of my friends, I have no issue with being underpaid.

But it’s important to realize this as soon as possible, before trying to make a living with something you’re passionate about will burn you out. A job has one purpose - earn you a living. Companies will exploit every single penny they can out of you, so fuck them, don’t give them anything more than a bare minimum, and keep your energy for your own projects.

And be carefull with trying to earn a living on your own - because whatever you do, no matter how passionate are you, if it’s your only income and your life depends on it, you will eventually have to make compromises to get by. It’s better to keep money separate from whatever you like doing, and just keep your passion pure.

EDIT: Oh, I forgot to mention one important thing - I’m fortunate to not have children, share living costs with a partner, and live in a city with good public transport, so no need for a car, and free healthcare. I suppose that makes it a lot more easier to get by with just a part time.

that got me thinking, is there any kind of statistic for average maintainer age for major FOSS projects and libraries? Is the influx of new maintainers still going strong, or should we expect a really huge problem in the next few decades?

Also, what are some good resources if you want to start with maintaining or collaborating on something, if you have zero experience with the dev side of FOSS ecosystem?

I’d recommend going for the app dev. I always knew I will be workig in gamedev, but choose my bachelors degree in general software engineering, and only went for Masters in gamedev.

I’ve been out of school for around 5 years now, and I’m really glad I chose SWE instead of anything more specialized - because it has given me the broadest outlook on IT as possible, from documentation best practices, through UMLs, to various obscure languages from Smalltalk through Lisp, assembly and Prolog to C, Java and C#, while also having some optional classes focused on cybersecurity or AI.

Most of what I’ve learned, I don’t really remmeber or use daily - but, the information has somewhat stuck with me, and I can quickly recall the general concept every time I enounter a similar problem, which makes research a lot faster. If I need to write something in a language that’s not my main focus, I can be certain that no matter how unknown, I’ve already worked in something with similar concepts. And that makes it so much easier to quickly understand syntax and start writing code.

I can’t imagine how difficult it would be for me to grasp how the hell is something like Prolog supposed to work, but having to sit through classes on it that I barely remember has left me with a vague recollection of what’s the purpose, so if I encounter anything similar, I can just pick it up almost immediately. And this goes for most of styles of languages or problems - I’ve already dealt with something similar.

Not to mention that while UML diagrams and general documentation practices may sound pretty boring (and they are), I’ve already encountered situations where the diagram was integral to understanding what are the docs going for - and I was able to get it instead of having to figure it out by myself, because I’ve already worked with them at school.

Also, having options is nice - After the school, I went to work in Cybersec, even though I had only like one optional class on the topic, and I can see how much it has helped me having a borad overview in comparison to colleagues who didn’t have it. I can write scripts in whatever we encounter, I have a deeper understanding of how other developers write code, what could be wrong, and have a better educated quess at how exactly does the stack we’re black-box testing works. And looking up the more specialized cybersec knowledge is way easier, than researching a stack of technologies I’ve never seen or work with in my life. And that’s where the broader degree has helped me the most with.

Also, you can probably enroll into optional classes that are outside of your field of study, which I really recommend - I was doing that a lot during my studies, and it were the most memorable and usefull lectures I’ve had.