Programming thread

[macrodegenerate]

Too many non-technical managers think: I can hire 10 pajeets for this project and save money over 10 actual programmers.

What they don't understand is they still need actual programmers to fix the shit the pajeets write, and if they simply omitted the pajeets they'd probably still save money and time by just a hiring a couple extra smart people.

Being half the cost per person doesn't save anything if it takes them twice as long and you need twice as many of them.

I think people sell Indians short a little bit sometimes. The majority I've worked with produce average code. A lack of consideration for the greater context of the application, has always been a consistent issue. The good ones are really good though
.

 

[Flabba Wabba Jabba]

I'm setting up a little project as an image repository (like a Booru), but I want to do everything manually, including self-hosting my own infra. Was wondering if anyone can poke holes/suggestions in the setup that I'm going for (would really appreciate). Also I'm expecting during surges at most 100 requests in a second. Alright here's the infra:

Hardware:
Dell XPS 13 9360 with an upgraded 1TB SSD, upgraded 8GB RAM (running Manjaro Linux or Ubuntu 22.04 LTS).
10Gbps router with a 1Gbps up/down fibre connection

Architecture:

• Self-hosted Supabase instance for backend (postgresql, image storage, auth, Phoenix LiveView for realtime
• Cloudflare for DynDNS, DoS protection, tunnelling etc. (ironic given what they did to us here)
  • If this proves to be problematic I'll probably self-host another machine to be a reverse proxy and make a micro VPS for Supabase
• Mail-in-a-Box as my email provider, thankfully this will work with my domain.
• Next.js 14 for the web app, either self-hosted or hosted on Vercel, depending on whether Cloudflare's CDN system is easy to setup.
• Backups run at 8pm AEST (2am LA and 5am NY) as a CRON job with pgdump and then the SQL file/zip for storage are stored in both Google Drive and Dropbox for redundancies

So yeah, I've never really done self-hosting properly before. Anything I need to look out for? Really appreciate any insight

 

[macrodegenerate]

I'm setting up a little project as an image repository (like a Booru), but I want to do everything manually, including self-hosting my own infra. Was wondering if anyone can poke holes/suggestions in the setup that I'm going for (would really appreciate). Also I'm expecting during surges at most 100 requests in a second. Alright here's the infra:

Hardware:
Dell XPS 13 9360 with an upgraded 1TB SSD, upgraded 8GB RAM (running Manjaro Linux or Ubuntu 22.04 LTS).
10Gbps router with a 1Gbps up/down fibre connection

Architecture:

• Self-hosted Supabase instance for backend (postgresql, image storage, auth, Phoenix LiveView for realtime
• Cloudflare for DynDNS, DoS protection, tunnelling etc. (ironic given what they did to us here)
  • If this proves to be problematic I'll probably self-host another machine to be a reverse proxy and make a micro VPS for Supabase
• Mail-in-a-Box as my email provider, thankfully this will work with my domain.
• Next.js 14 for the web app, either self-hosted or hosted on Vercel, depending on whether Cloudflare's CDN system is easy to setup.
• Backups run at 8pm AEST (2am LA and 5am NY) as a CRON job with pgdump and then the SQL file/zip for storage are stored in both Google Drive and Dropbox for redundancies

So yeah, I've never really done self-hosting properly before. Anything I need to look out for? Really appreciate any insight

For the server, Make sure UFW is configured correctly and use it. Switch off plain text auth for ssh sessions and use private keys. Alternatively disable ssh and only do work at the server. Install fail2ban.

Disable accessing your local data services(postgres/SOLR/MongoDb) from anywhere except localhost using ufw. Ensure all private keys/secrets are correctly permed.

If you are hosting on your local network and exposing it to the Internet, on the router, port forward the ports for the protocols you want exposed for example https/http ports(8080:80:667) to the server.

You should be able to assign local DHCP/DNS based on MAC addresses locally if you have a decent router. Make sure the DNS entries match the server hostname.

Set your modem to bridge or passthrough mode.

Edit: for UFW localhost is 127.0.0.1

 

[y a t s]

For the server, Make sure UFW is configured correctly and use it. Switch off plain text auth for ssh sessions and use private keys. Alternatively disable ssh and only do work at the server. Install fail2ban.

Disable accessing your local data services(postgres/SOLR/MongoDb) from anywhere except localhost using ufw. Ensure all private keys/secrets are correctly permed.

If you are hosting on your local network and exposing it to the Internet, on the router, port forward the ports for the protocols you want exposed for example https/http ports(8080:80:667) to the server.

You should be able to assign local DHCP/DNS based on MAC addresses locally if you have a decent router. Make sure the DNS entries match the server hostname.

Set your modem to bridge or passthrough mode.

Edit: for UFW localhost is 127.0.0.1

All really good suggestions. SSH is definitely worth taking the time to set up well. Unfortunately, most people don't do that or get fucked over by FedHat's crypto-policies and end up using the NSA curves and deprecated algs. In case it helps even one person keep out the glowies, I always make a point of recommending the following:

Secure Secure Shell has a lot of good advice and is reasonably up-to-date. You can check the commit history at the bottom just in case. ssh-audit is great for checking your config for any oversights and is available on most distros or pip. Setting it all up well and using keys for authentication are basically all you need, but it doesn't hurt to change the default port to weed out the more poorly made bots. If you have IPv6, limiting SSH to only allow v6 connections takes care of a lot of botnets that use shitty third-world infrastructure.

All that aside, I have found keeping an Arch Live USB on my keychain immensely helpful for when it all goes tits up.

 

[Flabba Wabba Jabba]

For the server, Make sure UFW is configured correctly and use it. Switch off plain text auth for ssh sessions and use private keys. Alternatively disable ssh and only do work at the server. Install fail2ban.

Disable accessing your local data services(postgres/SOLR/MongoDb) from anywhere except localhost using ufw. Ensure all private keys/secrets are correctly permed.

If you are hosting on your local network and exposing it to the Internet, on the router, port forward the ports for the protocols you want exposed for example https/http ports(8080:80:667) to the server.

You should be able to assign local DHCP/DNS based on MAC addresses locally if you have a decent router. Make sure the DNS entries match the server hostname.

Set your modem to bridge or passthrough mode.

Edit: for UFW localhost is 127.0.0.1

Awesome thank you. Yes I was planning on setting up DHCP based on MAC addresses to my router, and setting up port forwarding.

With respect to fail2ban, Kong's gateway handles this automatically with a configurable exponential backoff, so I think I should be ok in that respect. However that is at the application layer, whereas it seems fail2ban is at the network level.

Thank you for the advice though, this has been plenty helpful!

 

[Jarry Seinfelt]

The dumb hiring practices were created to filter out absolute mouth-breathers while the FAANGs were growing at breakneck speed, but now that they're huge, they're entrenched in policy, and it's not like they're losing money, so it's not worth the trouble to change them.

On top of that, lots of companies just copy FAANG's interview style wholesale. Because if Google successful, then doing what Google does makes you successful .

 

[The Ugly One]

On top of that, lots of companies just copy FAANG's interview style wholesale. Because if Google successful, then doing what Google does makes you successful .

Yep. Google's model of hiring has three key components:

1. Monetize the entire Internet. (That's the part everyone else misses.)
2. Offer insanely high salaries so that everyone on the planet applies to open positions.
3. Use aggressively difficult screening processes to weed out the morons.

And over all, it works pretty well. When's the last time Gmail went down? However, it doesn't work for everything. I happen to know of a project at Google that had to be canceled because they couldn't hire people to work on it. The problem is, they needed specialized knowledge that isn't taught in CS courses, so none of the guys who had the skills they needed were able to pass the leetcode exam (from what I hear, leetcode tests look like 3rd and 4th year Stanford CS exams in data structures & algorithms). They had some top experts in the field applying, too. I happen to know one who told them bluntly that he was insulted by their interview questions and hung up.

I personally failed a FAANG interview. I'm very, very good at a very niche skill that this particular FAANG is struggling at (because, once again, it's not something taught in CS courses, especially not today). But I graduated college a very, very long time ago, and from what I know, guys my age have to practice leetcode daily for 6 months to a year to get through the first screen (my recruiter actually did warn me that if I hadn't been studying daily well in advance of applying, I was going to have a tough time). Well, she was right. But I'm done studying for exams, I get to do things I think are interesting, I'm certainly paid enough to enjoy life, and I avoid the hyper-wokeness of Silicon Valley.

 

[Jarry Seinfelt]

Yep. Google's model of hiring has three key components:

1. Monetize the entire Internet. (That's the part everyone else misses.)
2. Offer insanely high salaries so that everyone on the planet applies to open positions.
3. Use aggressively difficult screening processes to weed out the morons.

And over all, it works pretty well. When's the last time Gmail went down? However, it doesn't work for everything. I happen to know of a project at Google that had to be canceled because they couldn't hire people to work on it. The problem is, they needed specialized knowledge that isn't taught in CS courses, so none of the guys who had the skills they needed were able to pass the leetcode exam (from what I hear, leetcode tests look like 3rd and 4th year Stanford CS exams in data structures & algorithms). They had some top experts in the field applying, too. I happen to know one who told them bluntly that he was insulted by their interview questions and hung up.

I personally failed a FAANG interview. I'm very, very good at a very niche skill that this particular FAANG is struggling at (because, once again, it's not something taught in CS courses, especially not today). But I graduated college a very, very long time ago, and from what I know, guys my age have to practice leetcode daily for 6 months to a year to get through the first screen (my recruiter actually did warn me that if I hadn't been studying daily well in advance of applying, I was going to have a tough time). Well, she was right. But I'm done studying for exams, I get to do things I think are interesting, I'm certainly paid enough to enjoy life, and I avoid the hyper-wokeness of Silicon Valley.

Yeah, those interviews aren't terrible...if you have the time and autistic focus to grind for them hours a day for weeks leading up to the interview, and you take notes on those problems, and you also brush up on system design stuff ahead of time. Having another monitor so you can put those notes on it and discreetly reference them (if it's remote) helps.

I am being very intentional with that phrasing. On one hand it's fine to place hurdles on a job you can do without leaving the house or getting dressed, and make a retarded amount of money by doing, but it's also gay artificial bullshit. My metric for people I interview is essentially: "can you code a bit, speak about your code intelligently and do you also seem like you're not going to be a freak towards the women in the office?"-so like, a softball coding problem followed by some discussion on it.

Automated platforms for them also fucking suck because they take the nuance out of discussing edge cases. I hate Leetcode specifically because once you've done the trivial problems, the remaining ones either have that aren't elucidated at all or the problem is described in Pajeet English that isn't comprehensible to anyone else aside sundarpradeep71. Real "gotcha" bullshit. Leetcode style interviews are still gay, but if someone gives you a Leetcode-style problem, and they're not the sort of turboautist who has multiple PhDs but can barely communicate with another human being in any language at all, you can chat with them about the edge cases, where this code would live in a hypothetical full product, how you'd test and deploy it, shit like that. Those sorts of things are the type of stuff I like to talk about. If they're young and inexperienced, it's fine if they don't know shit there, but if someone is applying for a senior/senior+ role, nerves don't count as an excuse.

My experience is that really early-stage startups are the worst with them. Either you talk with the guy for 5 minutes and they send you a suspiciously detailed take-home, or you get interviewed by some ex-Amazon (dunno why but it's almost always Amazon, the other big tech companies rightfully place value on being able to talk to another fucking human being) sperg who cannot speak English. I don't care about your mission, fuck you pay me. If you're paying me I'll bust my ass to a degree commensurate with the pay and respect I'm getting, but otherwise? You're gonna change the world? That's nice. If wishes were fishes, nigga.

Big enterprise companies also suck, because of how autistic they are about qualifications. You put that you have 15 years of Python experience but you didn't specify which version of Django you used for something, and some boomer 3 levels above whoever your manager will be, will autoreject your application. If you get a referral your chances are better, but no matter who puts your name in, if someone higher than the referrer (and there's 20 of them) decides they want to hire their nephew or go with a vendor, they will ghost you for 14 months until someone in HR clicks to close the posting. Generally I've found that scale-up type companies are the fairest, because they have to make a profit and aren't too bureaucratic yet.

 

[Kosher Dill]

Use aggressively difficult screening processes to weed out the morons.

What I find is that the sort of artificial difficulty you can spring on someone in an hourlong interview doesn't tell you anything useful. The most laughable one I ever saw was a series of like 20 true/false questions about obscure corner cases in C++. "Can you have a protected virtual friend member on a templated class? Y/N"
Very good at filtering and producing a ranking, useless at telling you whether someone would be good at any job.

It's like trying to hire writers by running a spelling bee. The winners are just going to be pajeets who memorized the dictionary, and all your press releases are going to be filled with nonsense about doing the needful and not redeeming.

 

[DavidS877]

Very good at filtering and producing a ranking, useless at telling you whether someone would be good at any job.

Over the years I've standardized on a pretty simple method of asking questions. I hate "Stump the chump", I learn nothing if I ask you a question you can't answer at all. So, I ask open ended questions. I also don't often interview programmers, but the idea is the same

Example: You open your web browser and type in a URL. Tell me what happens on the network.
This gives them enough rope. But they can include: ARP, Routers, DNS UDP or TCP, TCP/3 way handshake for http/https, the actual HTTP headers, SSL/TLS.

If they mention any of these things then I can drill down and see what they know.

The only problem is when they know nothing. Then I don't feel bad about tossing their resume in the bin.

 

[Kosher Dill]

Example: You open your web browser and type in a URL. Tell me what happens on the network.

"Well, the system tries to do a DNS lookup for the .st domain I typed, but the root nameservers are being DDOSed by rapist trannies..."

 

[khaine]

Over the years I've standardized on a pretty simple method of asking questions. I hate "Stump the chump", I learn nothing if I ask you a question you can't answer at all. So, I ask open ended questions. I also don't often interview programmers, but the idea is the same

Example: You open your web browser and type in a URL. Tell me what happens on the network.
This gives them enough rope. But they can include: ARP, Routers, DNS UDP or TCP, TCP/3 way handshake for http/https, the actual HTTP headers, SSL/TLS.

If they mention any of these things then I can drill down and see what they know.

The only problem is when they know nothing. Then I don't feel bad about tossing their resume in the bin.

That's literally one of my interview questions. As you say, its great to see how much knowledge they have over the OSI stack, and you can deep dive, and them probe their knowledge. I like to ask questions like what port does ICMP run over, or what are the states in HTTP, to see how much they actually know about those layers.

 

[Fcret]

The dumb hiring practices were created to filter out absolute mouth-breathers while the FAANGs were growing at breakneck speed, but now that they're huge, they're entrenched in policy, and it's not like they're losing money, so it's not worth the trouble to change them.

Bingo. It'd be fine if the practices had stayed at FAANG but as FAANG started to sink, all the rats jumped ship and set up shop in normal companies, so now Statefarm wants to give you the leetcode gauntlet for a job where you're writing boilerplate .NET CRUD apps for $60k/year.

tbh if you're not already in development, I wouldn't bother getting into it. It's not some super cushy do-nothing email job like it was being sold as in the last boom cycle. If you have to ask how to get into programming as a pretense for getting a job, you're probably not going to make it. The ones who do make it usually have an innate interest and curiosity that got them into programming before they realized they could make money doing it.

 

[TyrasGuard]

I want to learn Python and I have been experimenting with some basic shit like a YT downloader. I guess the problem I'm trying to figure out is how does ("Me + Python = Job") happen. Whenever I look at job applications I can't understand half of the shit they are asking for.

I'm trying to practice by coding things I'd use in the first place (Or things that sound useful, even if they already exist) but I'm not sure how much I'll learn that way.

 

[wtfNeedSignUp]

I gotta say AI makes writing code just so much convenient, especially as Google is completely useless these days. Even just stopping and writing a query can work as a rubber duck.

 

[sixfold-clunky-legume]

I want to learn Python and I have been experimenting with some basic shit like a YT downloader. I guess the problem I'm trying to figure out is how does ("Me + Python = Job") happen. Whenever I look at job applications I can't understand half of the shit they are asking for.

I'm trying to practice by coding things I'd use in the first place (Or things that sound useful, even if they already exist) but I'm not sure how much I'll learn that way.

You will either need years of coding to actually land a decent job, even more so in Python since the market of developers is the biggest, or practice coding your own little business like using Django or some sort of framework to integrate Stripe and stuff to make some bucks and at the same time get practice managing users, services, architecture, design patterns and so on.

Building your own little apps is good and adds to the portfolio but in the end you need a "story to tell" and how you solve problems, is able to increase revenue etc

 

[Jonah Hill poster]

https://cacm.acm.org/news/279084-computer-science-pioneer-niklaus-wirth-passes-away/fulltext

God bless one of the men that managed to get into computer science when I was much younger. For those that don‘t know, it was a few years back when I was trying to find old computer programming literature to study and research over, and his PASCAL code was one of the first to catch my mind.

Between him and Donald Knuth, I give thanks for making me realize that C, C++ and Python were not the only programming languages to learn about that changed the way today’s computer programmers and scientists alike write code as we know it.

Right now, this is making me want to brush up on my (satisfactory) code again.

 

[Fcret]

View attachment 5615015

https://cacm.acm.org/news/279084-computer-science-pioneer-niklaus-wirth-passes-away/fulltext

God bless one of the men that managed to get into computer science when I was much younger. For those that don‘t know, it was a few years back when I was trying to find old computer programming literature to study and research over, and his PASCAL code was one of the first to catch my mind.

Between him and Donald Knuth, I give thanks for making me realize that C, C++ and Python were not the only programming languages to learn about that changed the way today’s computer programmers and scientists alike write code as we know it.

Right now, this is making me want to brush up on my (satisfactory) code again.

One thing I always found funny about Pascal was how a language ostensibly designed to be the homegrown patriotic European language of the future ended up having a far bigger impact in the US (with things like Ada, Delphi, the entire Macintosh programming scene pre-OSX, etc.). Meanwhile C and C++, languages developed in the US, seem to be far more popular in Europe than they are in the US these days.

 

[Catboy Ranch Dressing]

Anyone have any resources they recommend for someone trying to learn to make a 2D/3D game engine using C++ and OpenGL?

 

[Whatevermancer]

Anyone have any resources they recommend for someone trying to learn to make a 2D/3D game engine using C++ and OpenGL?

Already checked these ones out? They're mainly about opengl and are largely interchangable.

https://open.gl/

https://learnopengl.com/

https://www.opengl-tutorial.org/