I'm so far down the yak-shaving hole

01:45Good morning. It's Thursday. This is Lobster's office hours. Let's leave a message in the chat. pushcx Welcome to Lobsters office hours, feel free to ask questions anytime.
Spell the name of the site, right? Can't type. Coffee's still kicking in.

02:09Alrighty. So this is Lobster's. It's a website about computing. mostly making stuff, not so much using, and... In case you're in Chicago, the best local coffee roaster is Metropolis. That is what... That is what I am sipping at right now. Found in your local Juul tea grocery store. So this is office hours. It's open time for anybody to ask questions about the site or the code base, which hopefully I get contributors to. And yeah, otherwise, when folks aren't here asking questions, I hack away at stuff. Speaking of open source, GitHub is having a maintainer month. And they have created a... I thought it was here. Maintainers. Now they have a maintainer community. It is a... Oh, I'm actually logged in there. But it is a... place for open source maintainers to talk about stuff with them. I just joined. We'll see how that goes. Mostly it's over in their discussion, so I didn't scroll past anything too exciting. But I don't know. Maybe we'll get some of those longstanding hassles addressed. I am politely reaching out about stuff. So speaking of maintenance, these I think these three are just inactive and the bot has kind of nudged them.

04:29Yeah. I think I honestly think this one was someone experimenting or maybe working on their own.

...46fork but either way and then this one is just stalled out and i don't know where hunter is with this one oh okay actually if hunter says it's good to go let's give it a review

05:33Oh, great. Looks like this is. Pretty minor stuff. And a minute since I looked at this PR. So let's give it another skim here, but.

...59Right. Oh, I remember there was an open question around if you use a recovery code and we disable 2FA,

06:31This is the thing that's hanging out. All right. Copy link.

...45These questions. Understand the design. I have multiple codes, if you can only ever use one.

07:13All right, so that's hanging out. Subgrid, I believe this is still a draft, but I'm going to peek at it because we had another issue reported overnight that was related to it. Yeah, this hasn't changed since the last the last stream, so I'm going to leave that. The issues, and if we fix the sort.

...52All right. I was taking a note in my little topic document that the OTB recovery still has some open questions and then it was going to look at issues. The edit comment page is another one that's off of the CSS grid stuff that's getting cleaned up by that pull request. This one about filtering slash comments is a follow up from the vibe coding tag introduction, which I made time for it on last Monday's stream, but was the last big meta discussion we've had on the site. If anybody has lingering questions on that one, we can definitely bring those up and chat more about it. I try and make time for that. I called it out in my little post on Blue Sky and Mastodon this morning about the stream, but it's a good point that You can ask me about why I made a moderation decision. I'm happy to elaborate on stuff. You can tell me I made a mistake. I am happy to address that possibility because I certainly have and certainly will again. Let's see. What else do we have? Yeah, this one I've already looked at. So this is the feature request that came out of the vibe coding discussion that If you filter out a tag, probably slash comments should just go ahead and act like hidden stories. And fingers crossed that this gets implemented promptly. So someone I don't recognize their username popped up to ask to have it assigned to them because, of course, we can't customize the workflow on GitHub to say that we don't do that. didn't actually ask to have it assigned to them they just asked if they could work on it but i don't know they deleted the revision i wonder what this used to look like this was a very odd comment like it was filed two days ago it's open yes yes it's still open i don't know what you could be asking for but that's that's github

10:32So before I got into story merging, there was a thing hanging out from last stream where I said I should investigate whether introducing link recently linked from comments reduced the percentage of merges. So let's go look at what that was. It's over in the story model. no is it over in the comment model it's in one of our god objects right it's in the link model it's in the link model so the link model is a behind the scenes kind of feature that i added to the site i don't know maybe a year ago now

11:33Now that's just all the log as opposed to this file.

...45Yeah, not quite a year ago, but when stories and comments are created, the site looks for URLs in them and then normalizes them and saves them to the database so that we can recognize things like when a comment is posted, or when someone goes to submit a new story specifically, was this just linked in the comments? In which case, let's direct them to go talk in the comments as opposed to spread the story out and make more stories that are just going to have to get merged. And it occurred to me that now that it's been at least a few months, we can see if it's been effective. So I was going to check on...

12:42Yeah, this commit.

...49So let's put that in here. NoGoodNick_ morning
Let's commit this. And so the date on this, let's find the exact date. October 10 of 24. All right.

13:10How do I want to do this? I guess I could look at these by week. Oh, hey, good morning, no good Nick.

...32I guess I wanna find the percentage of stories that get merged into another for and after. So let's say Let's select the. I think of what the base here is. I kind of want to make it month, but.

14:06Yes, I'm going to say.

...16I'm writing the correlated subquery in my head and I'm getting hung up on what order things should go in. So I want to say that...

...37Sorry, the cat is fighting a little toy off stream. And he's being very cute, very distracting. All right, so we want to. Let's just select. Count star from stories. Group by. I think I can just say year created at. Month. And then let's say, I can readline. If you hit, I think it's up or right or something on an unedited or unrun query, it just throws it away and it's gone forever. Not my favorite readline feature. So I can start from stories where, what has it been since october has been about seven months so we'll go about seven months beforehand so that's 2024 0301 group by

16:19Just got to repeat this because SQL is a little wordy. So let's see that. Good.

...35So the number of stories submitted is mostly growing. pushcx https://lobste.rs/stats
It's a noisy trend line, but it's roughly there. And the reason I say it's growing is It's not that I can eyeball that it's I can look at slash stats and I do look at slash stats and I can see that stories submitted per month has been on an upswing the last. What is that about three years.

17:17And what I really want is to divide out or just make a correlated story. So I said, as in stories.

...38This is definitely not going to be a performant way to do this. But I am okay writing really ugly one-off queries.

18:01Merge story ID, I saw it flicked by. Never remember the name of this column because the model calls it something slightly different.

...12All right. We'll call this stories merged is not null and SM dot. I guess I want to, yeah. And the year of SM created at equals the year of stories created at I see the typo back there. And since VI mode doesn't work properly, I can just lean on the arrow key. And month SM created at equals month stories created at. That might be right.

19:18What don't we like?

...28And there's an extra comma because SQL is very irregular. Really? Yeah. Really don't have the mode working.

...44OK, so if the number of stories over this time Increased, I don't know, 5% 2024, 10 is when I. introduced this so maybe this is a little lower like this is pretty noisy but actually as hideous as the query is this does seem like it worked where you know when you have like n of 10 n of 16 and a month size bucket. Having that, I feel like that's pretty reasonable signal. Good. All right. So let's just drop that in there in case anybody wants to see that without having to scroll through the video. Not bad. It's nice to see those things work out. That one I had really high confidence in because, oh man, I have added so many nudges to the story submission form over the years. And they generally work out. Giving people a little bit of instruction or a little bit of, hey, that's not how things work here, right at the time they're about to do something, works pretty well.

21:29Cool. So then otherwise, I was going to go back to, ah, yes, the big yak shave. I copied this from last time. So I've been working on story merging, which means I'm finally getting to making the headline model, which means I am introducing the type ID tokens that I have wanted for a while, which means I am cleaning up URL generation so that it is a little more reasonable before we take that stuff on so what branch am i on i am already on the routes branch great and the last thing i did was headlines and i have my little to-do list over here

22:44NoGoodNick_ I’m hoping that new AIs can be used to improve such nudging – not necessarily on your site but in general
Sort of suspect that URL foreign link too. Yeah, the nudging, we have a nudge feature open that I think would actually be really powerful because like the LLM tools are pretty useful for summarization and topic extraction, but they're really big tools and Didn't I? Oh, I thought I put an issue in, but one of the things I said was I wanted TF IDF to improve the story submission process for years to highlight stories for submitters to merge theirs into rather than leaving a mod chore. pushcx https://en.wikipedia.org/wiki/T…
But basically, I think I must have shown it on stream if it's here in my history. tfidf is a really simple algorithm called term frequency inverse document frequency that's just let's look at the most popular words in this document and then compare them to inverse document frequency which is let's look at what are the most popular terms in our whole corpus, which could be, say, the last year of submitted stories. And if you compare against that inverse, that allows you to throw away really common words like if, the, and, and not just stop words, but like programming, compiler, right? Like those kinds of terms that would be really interesting and unique in a general let's look at the stream of all blue sky posts compiler is going to be an uncommon word compiler is not going to be an uncommon word in posts on lobsters so we can throw that out but if we get into more specific terms like malloc well then if you see something that is contextually rare at story submission in the link someone wants to submit we know real quick that they are probably submitting a story that is related to something that was just submitted. And so, it's a real easy way for us to figure out if we are seeing something related. And so, I guess long story short, haha, failed at that, but There are lots of very straightforward things we can do that, especially because Lobster's is not a huge traffic site with incredibly complex needs, where pretty simple and straightforward approaches produce really clear results like that approach that I just double checked in the database of Has the actual link that someone is putting in the submission form shown up in a comment? If so, send them to talk in that comment thread. That's not a lot of code. It's very, very simple. This kind of thing. We don't have to drag in a whole LLM and put a graphics card in the server to be able to run a local LLM or API keys or all that other kind of stuff. We can do these very simple, very, what is this like 50 years old? Yeah, 1972. I don't know. I'm a big fan of let's find tools that are 50 years old and very reliable, very well understood and use those as opposed to let's use the new hotness that changes every week. Because I mean, you can tell right here, If we have 153 open issues, we are not great at fixing bugs in the new hotness. And I tease myself a little bit, but the bugs that are open are mostly smaller UI things rather than serious issues. I try and strongly prioritize anything that might lose a story submission or a comment submission. Like someone's work that they did graphical bugs or feature requests are welcome to hang out for a while all right ah yes so I was gonna go do the message model next no I was gonna run the test next because that's how I ended the last stream and I joked I I predicted that there would be 30 test failures and there were 33. So let's go ahead and fix some of those, get the build back to green, and then I'll pick back up with message. I remember where I was. And for the scale of our tests, 30 is probably just one or two call sites.

28:14No implicit conversion of story symbol into integer. in story as json okay we touched that because we had this hash oh wait at this point it's an array oh yeah so this is this is happening in the wrong place which let's fix this. Cause I saw H, there's a lot of places where there's like a C style name your things with single letter variables. And I got misled by that. And I was like, H, oh, that's hash. Yeah. So we'll just say, let's expand these names.

29:20Because this is the thing that bit me, so we'll fix the actual. So then this makes it clear this wants to be JSON, that wants to be JSON.

...43Why does it have to say?

...50Maybe this one.

...56Oh, this one is

30:08Oh, it's doing this thing that I didn't recognize it was doing. So this can go back to up here, because what's happening is it's saying, look, if it's just a scalar value, use that as the method to call. If it's a hash, use the key of the hash as the symbol. But it's not even... Yeah, we kind of invented our own API there.

...41And also, we assume they're all one as opposed to just looping.

...59I know this is going to be a lot of churn in the diff, but this is maybe more clever than it needs to be.

31:14Key is a hash.

...20What is this if for? If. Oh, it's so that if the value, it's just for this one.

...42Come here. Let's do this like this.

...50Do I want to refactor this whole thing right now? I'm so far down the yak shaving hole. All right. That was quite a mixed metaphor.

32:09So I make Silly Things the title for the stream archives in case anyone's wondering what that is. You can see that in the link under the video on Twitch. Let's satisfy myself with naming these things so at least I don't keep breaking this.

...37What spec was this? Spec request or URL spec. Let's just run this one. And if this is green, I'll run the whole build. Good. Let's see how many are left. Actually, I probably have the exact same bug in comment. Yep. So this one should be this. Stop. Stop. I know it's the same bug. Do I want to rename stuff here? Yes, I do.

33:49How the heck is that? Key.keys.first. Oh, right, because it might be a... All right, let's put back that one. Because who knows what k is? AnakimLuke !lurk OhMyDog
Not us. All right, I'm going to run this one more time. What did we get to? Oh, hey, Anika.

34:24All right, these are probably legit failures. A number of arguments. So I was kind of skimming to see if anything else looked like it was JSON related or if I can leave these functions alone.

35:04This one, I'm missing the argument, so that's pretty straightforward. Extras route, no. Is this the RSS builder? I was just looking at that.

...36Let's see. So where did I call story title? There it is. That means the story. And that was a test of the RSS, which is in spec request stories here. Let's just run that one again.

36:15Oh no, it was this one. I want to see the actual one that I think I fixed run. Then I'm just going to go one at a time. Syntax error. What is my syntax error?

...44Unexpected local variable. Did I accidentally delete the closed parenthesis or something? Or is it just ERB being string soup? All right. All right. So there's that. Good. Now let's do that next failure. This one, adding a spec for the RSS. was just a simple smoke test I added because I accidentally blew up the RSS once and drowned in 500s because that gets pulled a lot.

37:39So let's see now. We expected a path and we got a URL.

...54And this was this might actually be JSON. Yeah.

38:11Wait, so the field was called comments URL, but we gave the comments path.

...30I think it's actually fine if we give the full url because otherwise it's not a url it's a path so i'm going to update the spec it's not lost on me that i am changing an api but we don't promise we have an api

39:32Did I typo? No, we got the right story ID, but the wrong title. That's a strange one.

...49Why did we get the wrong?

40:05These are using title as URL, which is a new thing. So let's go check it. Right, so that's this function which didn't change.

41:06check url dupe was echoing back the title the user gave as opposed to the title that's actually on the story

...39called title as url did it somehow change to use the object the story retrieved from the database instead of the which one of these is going to be check url dupe who knows

42:17So we're at line what? 350 ish.

...44So instead of saying short ID path.

...56We said the title path. No, this is the wrong, wrong function. There weren't any changes to check URL dupe according to this, because it goes into the link.

43:22So that maps the stories to JSON. This is the thing we're testing. This function kind of does two very different things depending on whether you're giving HTML or JSON, which is not great, but okay.

44:25OK, so in similar stories, we had somebody with story title one. How is this test ever correct?

...49Because the similar story, excuse me,

...59The similar story is the one that comes out of the database. It never had the some other title. So it should never have had that in its URL unless it was getting instantiated in a weird way that overwrote that. Yeah, I guess this test was just wrong.

45:35What was it, title, story title on?

...44Where does it create the, I hate these, that I've made so many of these with shared data.

46:07You know, it's not title as URL, it's title as slug. That one might actually be worth renaming.

47:06All right. See how we're doing on failures. Whenever that block is, that's going to be one thing.

...33Given one expected two, oh, and it's in comment. So that's gonna be a real, that's gonna be like half or all of these. So what line are we on?

...51Where's the actual line in comment that raised this error? Comments controller 186, that doesn't seem right.

48:08Yeah, no, it's failing in the, in the view, but it's not, oh, it's in the how long link.

...32What did I change? Line one 70.

...43Did I change anything here?

...53No.

49:12So here's a call to it with a time. These are the only calls to it. So let's run just this one and let's see if I can get rid of the exception by deleting the call to how long ago link. Cause I don't know that I trust this trace back much. Okay. It's just how long ago link. So now we've got a green spec. Yeah.

50:06Wrong number of arguments given one, expected two. Except I sure see two arguments.

...23Unless you were passing that to the inner function. That'll be it. Okay. Anybody else in here? all right that might be enough to get a green build because we render comments all over the place closer it's probably going to be a similar oh no actually didn't solve many undefined method url renew some stuff in Link failing stuff in comment spec.

51:14OK, let's do comment.

...31I'm specifically unhappy about undefined method story for class routes.

...44That implies it's over here.

...53So on the comment target path, yeah, we called should be comment.story. And then that might get that to green. Good.

52:15Let's do read story spec and then link. Ah, got that one. Let me just see the exception.

...29Yeah, it was the same thing as the previous. Great.

...43Undefined method URL for nil. Okay.

...53What line were we on? Let's take 67. Okay, so we're not finding links.

53:17So I changed this generation of links

...45So it did generate a link. I look at the marked down.

54:00It did generate an actual a tag, so that part is all fine. Oh, I bet it's. I bet it's that the previous one was automatically generating a link to. lobsters regardless of the environment that's going to be it like this guy is saying starts with rails application domain all right i'm gonna step away for a second while i think about that one Run to the restroom. I think that's just either change that back so it always uses the production URL or... Hmm. Or recognize both. Because in dev mode, you can have a different URL. All right, one sec.

56:30All righty, so. Turn off the little message, come here.

...56It's sort of funny by using the rails routes helper more We ended up in this hassle.

57:18I think if I asked the routes.

...25AnakimLuke I'm looking through lobsters' 'good first issue' tags 👀
Yeah, I can just... Oh yeah, there's lots of stuff available under that tag. Good first issue. I tried to tag anything that doesn't touch on really clever moderation or user influence design or stuff you have to have been on the site for a while to get as good first issue. So some of them, that's a typo. Decatur.

58:19So some of them require fairly deep Rails knowledge. Some of them really don't. Some of them are feature requests. Some of them are design. Some of them are just little code things. I've tried on a bunch of these to describe how to fix them. AnakimLuke I'm looking to contribute to rails projects as a way of making my resume look better. do you think lobsters is a good option?
If there's any of them that you look at and you're not sure even where to start, but the general idea of it is interesting, let me know. AnakimLuke currently I'm not experienced in rails
And I am happy to talk through like where you could start from. Why, yes, I think everyone's resume would look better with Lobster's open source contributions on it. AnakimLuke I had been trying my hand at contributing to gitlab
To answer less self serving Lee I do generally think saying that you've contributed to an open source code base is a pretty good way of demonstrating that you know something about those tools. And if you. would like a. email to somebody saying, like acting as a reference saying, Anna Kim Luke has helped me with X, Y, and Z. I am happy to write those kinds of emails. I've written them for students. Ah, yeah. I wonder If GitLab is such a big app that that could be difficult. AnakimLuke it was diffiult! a lot to learn coming from zero ruby and rails
One of the nice things about lobsters is we're not huge. Rail stat says we're 14,329 lines of code. AnakimLuke chaelcodes helped me get started!
It's not so bad. Yeah, coming from zero, that's a lot. And one of the things I've tried to do with lobsters over the years is get closer to... Ah, neat to see a familiar name. Get closer to standard Rails style and replace more and more of our custom stuff with standard Rails things. So... One of the things that is open is a good first issue. Speaking of that, is... migrating cron scripts to jobs some of these are like these first two are very mechanical and the rest of them are we had to handle stuff with a cron script but the modern way to do it is just to use one of the many rails job queues and they didn't really exist when lobsters got started so pushcx https://guides.rubyonrails.org/…
changing to use this sort of thing is these tasks look mostly like, especially the first couple, look mostly like the active job basics guide. And it makes the site a lot easier to understand for other people coming into the code base.

01:02:03So that might be a really good fit if you're looking for a first place.

...33I'm going to have to think about port, aren't I? Is there a way for me to ask

01:03:01didn't start in Rails console.

...14Now, why did it say root URL is lobsters instead of

...42because it's a custom.

...51And now we're back into this hassle from last stream. I'm not going down that path.

01:05:03but half of these are localhost and half of these are lobsters. Well, undefined method story short ID URL.

...22Yeah, I changed that name to say story title URL, didn't I?

...44Anakim, did you get a chance to take a look at the job thing? Does that look interesting? Of course, it needs the routes on the front.

01:06:58What are we mad about?

01:07:25AnakimLuke do I need a beefy pc to run lobsters for development? that's an issue I found with gitlab
So these first two are it saving test comments. This next one.

...48Oh, I bet it's.

...54But it's recognized path.

01:08:23OK, wait, it did recognize.

...32And it should have set the right values if it ends with a comment anchor.

01:09:18So that's all correct. Why didn't it create the object?

...49So the association is just stale and it got cached somehow. It's reload bang in the terminal and it's reload no bang So why did the link not get saved?

01:10:48grayhatter_ AnakimLuke why were you running gitlab? asking because I'm writing a git source sharing thing, so I'm interested in other uses
URL is not valid. You wanna be specific about that?

01:11:08Unless it matches. Oh, I bet the... I bet it's the port. yeah oh no it should allow a port all right hang on all right so This URL, what part of this is failing to match? Oh boy, debugging a regular expression. So let's grab the URL.

01:12:41should also say false. Okay. So what are we mad about the protocol? No. It's mad about two things. This is going to take forever.

01:13:03I really suspect it's port. So if I said HTTP

...26not a port it's the lack of a dot you can't submit it's the domain so this this is fine it's it's the fact that it's just localhost And the domain requires that you have at least one dot because we didn't want people submitting URLs to internal server kind of names.

01:14:38grayhatter_ uhhh
grayhatter_ I don't think that prevents that
Gray Hatter, I think Anna Kim Luke was looking at running GitLab to find a real site that they could submit to or they could contribute code to. And no, to answer your question, lobsters does not require a BPPC at all. It's a small site, and I've tried to keep the dependencies small and simple. AnakimLuke yep that's it
I'm trying to simplify further, but we'll see how it goes. So Gray Hatter, a thing with chat being really asynchronous is when you say that prevents that, I don't know what either of those are referring to. grayhatter_ localhost.gr.ht has a dot but resolves to your localnetwork
I'm guessing you mean the regular expression doesn't prohibit single word domains. But it's saying the domain... Ah, you're saying that the comment is wrong. Yeah.

01:16:04AnakimLuke @grayhatter_ do you have a public source code yet?
Yeah, there is a... grayhatter_ 127.0.0.1 also has a dot :D
a separate bit in our code to prevent clever things like that.

...19grayhatter_ AnakimLuke https://srctree.gr.ht/repo/srct…
Is it sponge?

...31grayhatter_ it's also on github too :)
yeah so we have an internal thing that we call bad nets where we refuse to connect to any ip with these kinds of ranges these are all the or at least most of the reserved ranges should probably add doesn't

...57So I'm thinking about tail scale, which uses the 100 dot section. Is that reserved?

01:17:24private IP service IP called quad 100 huh 164.0.0.10 well that should be blocked from our bad IP range all right let's I'm going to file that as an issue well thanks gray hat are you prompted minor security investigation.

01:18:27grayhatter_ people seeing my name often results in security investigations :D
grayhatter_ sure
grayhatter_ no underscore
Gray Hatter, would you like me to credit you by name here on GitHub? And if so, what's your username?

...38grayhatter_ exactly
Are you Gray Hatter? No underscore?

...49Good.

...59I can't type.

01:20:32AnakimLuke fun fact: 127.1 should(might?) resolve to 127.0.0.1
for this issue you must reveal it to see if there are any other ranges ranges we need to AnakimLuke on some places
So this is a bug oh, this is the thing I don't want come here just my labels all right bug good first issue I don't have a security label all right. yeah there's also. What was the example, you can say. like 10.0.513 and that will turn into 10.0.127 dot something else there are weird formats in ip addresses we i believe have the way this works is we take the dns that's given and we resolve it and then grayhatter_ numbers in many parser treat leading zeros as octal
only from our trusted tool we look at the network that comes back rather than doing a string match against the ip address because you can get into a lot of trouble trying to string match because there are actually yeah leading zeros other stuff so we only take the ip that we resolve ourselves

01:22:28Well, Anna Kim, if you want to contribute to a Rails code base, here's something you could do right now that doesn't require any special knowledge of Rails.

...49So popping the conversation stack a little. I'm just going to fix this by grayhatter_ I love google's about 010.010.010.010 in response to 1.1.1.1
Well, how do I want to?

01:23:10grayhatter_ google's troll*
Don't want to fix it by generating production URLs all the time.

...19That's cute.

01:24:07grayhatter_ I also think bare names resolve, don't they?
When you say bear names, I'm not sure what you mean in this context.

...18grayhatter_ sorry, should have said bare zones
grayhatter_ `drill goog`
Because like... Yeah, so there are several layers of security control, bear zones, yeah. No, I wasn't trying to nitpick you about DNS terminology because I'm not a super expert. Drill? grayhatter_ drill is the new version of dig
What is drill? Besides the... Yeah, I don't have that tool.

...52Oh. Well, then I probably want that.

01:25:01grayhatter_ dns-utils?
grayhatter_ that sounds right
Is it in a package called DNS or called LDNS? Hmm. DNS utils? I'm on Arch for what it's worth. grayhatter_ same, also alpine
AnakimLuke @grayhatter_ the interface is pretty snappy! and I like the simple theming! :)
Yeah, I don't have one called DNS utils. Maybe that's the Ubuntu name. I look up These things rarely enough that I just ended up using web tools.

...47grayhatter_ it's in `ldns` on arch
Oh, okay. So it's not a nicer interface. It's just the exact same dig interface.

...58grayhatter_ lol, sadly that's correct
Yeah. Where's this?

01:26:20grayhatter_ it's noticeably faster for some usecases
Yeah, I saw another one called like dog or doggo and it sort of worked for me, but then I uninstalled it and then I keep reaching for it because it sort of worked. grayhatter_ wait for a few months, I'm writing a dnsd and dnsc, that will be a pretty version of dig/drill
don't know i i have tried to avoid becoming a dns expert because that way lies madness so either i can relax url re

01:27:04You're writing a lot of software. First a GitForge, second a DNS.

...19grayhatter_ lol
grayhatter_ about that
I thought I was ambitious wanting to write my own web framework.

...51grayhatter_ https://srctree.gr.ht/repo/vers…
grayhatter_ <3
grayhatter_ thanks
we have hey you've also written your own web framework okay well good luck with this i don't use zig i would probably write in Ruby or Lua, but we'll see. I may never get to that. grayhatter_ I wanted something as easy to use as Flask for zig
I don't want to save. invalid things.

01:29:10Yeah, for my daydreams about writing a web framework, I'm going the exact opposite direction of Flask or Sinatra, which are very stripped down, no nonsense. And I want a batteries included everything kind of framework, which is a lot more ambitious. Or at least a lot more work.

01:30:18chamlis_ if you're going the opposite of no-nonsense you should call it Lear
So many layers. So the opposite of nonsense, you should call it Lear, like King Lear. I'm not getting that one. chamlis_ edward lear
My Shakespeare references aren't quite tight enough, I guess. And anyways, good to see you again, Chambliss. Edward Lear. Who is Edward Lear?

01:31:07I don't know this guy.

...27All right. Was he was he big nonsense then? lots of Baroque writing.

...50Let's

01:32:14chamlis_ nonsense like lewis carroll nonsense, yeah
So it's just sort of getting nonsense like Lewis Carroll. Ah, okay. Yeah, I have not gotten as far as daydreaming a name for my web framework.

...40So what's happening here is this test was calling methods that even in development mode. generated production URLs and then the code is written to only recognize and accept production URLs and so, if I use the rails routing more it generates non production URLs, which is a hassle.

01:33:08DeadEgos Hello
DeadEgos did you create lobste.rs?
so either i change the test back to produce production urls again but then the development ones fail an insecurity check well fail a security check as insecure and i don't want to weaken that check hi dead egos welcome yeah so i want to just let's just hard code these URLs and move on with life. Except it's going to depend on the

01:34:11pushcx https://lobste.rs/about
Hey, dead eagles. So no, I didn't create lobsters, but I do run it. So if you look at the about page here in the first paragraph, I had to swap this sentence around because people kept messaging Joshua if his username was first and he would forward them to me. And then like after a year or two, I think he was getting a little testy about still getting messages about being the moderator or the admin. So I run the site. but it was created by Joshua Stein in 2012. And then in October of 2017, I became the admin. DeadEgos Oh snap. I've used the site, so thank you
DeadEgos even if just hosting
A lot of people assume I created the site because that's sort of the usual story is that somebody starts a passion project and then runs it forever. have corrected that a lot well thanks you're welcome even if just hosting yeah it's it's a lot more stuff it's like this exciting coding of fixing stuff forever all right so

01:35:47This is going to break for anybody else, any other site. Yeah.

01:36:03If I said routes.rooturl. Can I pass a host option to override that? I can. Okay. All right. Let's put this back then. Let's just use production URLs in the specs. Except my custom methods don't. Oh, there's so many layers to a Rails app.

...50Why did they do routing this way?

01:37:14So all of these would have to change to pass along options.

...36I feel like I'm missing an obvious fix because a bunch of my brain power is taken up by trying to keep the patter going on the stream. I know it takes a chunk off of my coding ability to keep up patter. So I write worse code, but now I'm missing something obvious. grayhatter_ oh, it's impossible to write high quality code while also entertaining chat
What would be really nice is if I could call this top level class with an argument to overwrite the host. Yeah, well, so Gray Hatter, if you want to be a channel VIP, you can catch the bug or catch the design issue here and suggest a fix. grayhatter_ problem statement?
Viewers often catch that kind of stuff better than I do because they can just kind of mute me for a minute and look at the code, I assume. The problem statement is we're cleaning up this URL generation and in development mode, Rails generates URLs that look like localhost colon 3000. grayhatter_ oh
grayhatter_ there's a reason localhost.gr.ht exists
And we only wanna recognize these links with, well, the code as written only recognizes these links with the production domain name in there. And, I don't want to relax the security control that is blocking localhost.

01:39:55grayhatter_ add `development.lobste.rs` to 127.0.0.1 and use that?
Yeah, and I know people do localhost.localdomain,

01:40:05grayhatter_ imo ^ this is the correct way
This is configured. That would work. Probably. Brick a lot of muscle memory for me. I don't know, I don't really like having production domains that do clever things like resolve to non-writable IPs because it feels like it opens opportunity for bad stuff with cookies. grayhatter_ it's not that clever... but, you can set that in your hosts too
So then if someone like if I'm running with a production looking URL like that, someone could have the local lobsters development grab a cookie from the production lobsters domain. Yeah.

01:41:16grayhatter_ uh... no?
Frici localhost.localdomain or domain.local and similar are the same issue as the production url. there is a convention to not route them but not an explicit spec last i recall
grayhatter_ srctree.gr.ht doesn't share cookies with gr.ht
I guess what I'm saying another way is if I'm gonna have something that looks more like a fully qualified domain, I want it to be Frici also ahoy
chamlis_ ahoy
grayhatter_ oh, good point, let me check
separate where instead of being on the production domain of like lobsters it's on localhost.local domain or domain.local yeah like fritchie is saying well gray header it's the other direction i'm concerned about where yeah and welcome nice to see you

01:42:05And Grey Hatter, I know there are options for on cookies, you can say, oh, well, I only want it to be served on this path and only on this domain. But that would require us to already have been serving that lockdown. I don't know. It's one of those things where I don't like being that clever because I assume there are corner cases I haven't heard about and It sounds like you have more experience and knowledge in this area. grayhatter_ to me it feels unimportant
And so to you, it feels like, well, you use this one option and it closes that security hole and that's the only potential thing there. But since I'm not confident about it, I just want to avoid the whole neighborhood. grayhatter_ in the world where localhost is compromised... there's no mitagation for that
That's fair.

01:43:16grayhatter_ stealing cookies is the LEAST important thing if you can run something on localhost:443
Well, that's also kind of the world of open source development where people share code and... Hmm. I'm really reluctant grayhatter_ IMO, the bar is don't enable 0click self pwn... as long as there's no 0-click, you're doing a good job
The way I've seen people kind of bootstrap exploits where there is one small thing that feels unimportant, I'm really just generally paranoid about these things, and I don't want to open any of them because I can't predict all of them that could happen. And then, you know, someone's going to make some obscure chain of things. I don't know. I guess I am admitting that a lot of it for me is... DeadEgos can you describe the problem I had to step away for a moment. What is the chief complaint
pretty vibes-based, pretty emotional, where I'm like, oh, this whole area I want to be cautious around rather than I have a very explicit threat model. I will admit that that is exactly what I'm doing. grayhatter_ users *will* pwn themselves, it **will** happen... don't over index on it, because doing that will cause a DoS on your brain, and your code... which is equally as bad
Or not just an explicit threat model, an explicit model of the whole exploit chain and all of the steps. And instead, You know, I am doing my own less informed version of defense in depth. Yeah. Dead Egos, the issue is in development road. Yeah, let's do it here. Generates URLs like localhost 3000 slash s slash abc123. We used to have the prod domain hard coded so we generated lobsters abc123 even in dev using rails url generation in dev we filter urls prevent bare zones like just localhost from being saved as links using more means for generating localhost links Dev test, so the test is failing.

01:46:32If I hard code the domain, the test fails for every sister site, right? If I re-implement URL generation in the test, it's brittle. There's just a bunch of ugly things and I don't know what I wanna trade off against.

01:47:48grayhatter_ how about `localhost.localdomain`?
DeadEgos host env var?
DeadEgos that is swapped for dev
is any of that yeah see and then we have more of the dev stuff hard-coded post envar the thing is if i grayhatter_ oh
DeadEgos I mean can you default in configs?
switch from the rails default i break all the sister sites and other developers again because they all have to change their development environments to match and the worst part is they're going to have a random model test fail rather than something clear let's

01:48:45Let's make the test ugly I think.

01:49:27grayhatter_ so... I explicitly advice against this.... but.... lobste.rs cookie is secure true, `http://local.lobste.rs` can *NOT* get the cookie because it's not https
Well, thanks for checking.

...44Or just call it.

01:50:00Thank you.

...30DeadEgos its been so long since I did any rails but I thought active support had s route helper that already did this
The route helper, so one of the reasons Dead Ego were down this rabbit hole is that the route helpers are only available in Action Pack, so that's... in your views, in your running controller actions and in mail. And we have a lot of things. DeadEgos can you just import said function in other classes?
I think that's just a misdesign in Rails because we have things like jobs that need to share URLs, models that share URLs, emails that share URLs, but are like incoming rather than outgoing. And so

01:51:34That's what we're doing here on the left. That's what extras routes does. So what we did previously was the models had a bunch of methods to generate URLs because there's, you know, when you have MVC, it's got to go in one of the bags, right? pushcx https://www.youtube.com/watch?v…
And it went in the M bag. And I saw a talk, it's linked up here. I'll throw this in here where someone said, you know, This is such a hassle that I make a routes class. And I saw this and I went, oh, that's very nice. Let's clean all this up. And so we are a couple of yaks deep on this yak shave. I really just care that it includes the project.sportId.

01:52:49So comment target path did not generate a target. So it's the story short ID path with the comment URL. That's correct. DeadEgos I've been so spoiled by elixir
This is just bugged. This is a correctly failing test.

01:53:38DeadEgos I used to dev in rails from 2012 till about 2016
Can I pass nil in the middle like that? I'm going to just make this mad. No. Okay. Wrong parenthesis.

01:54:15Ah, yeah, I started in Rails in like 2005, I want to say. And I've been doing it almost continuously since. Expected nil to equal one. Link.to comment ID.

...43Let's double check that we're putting out the right. DeadEgos I stared in action script in 2000, then to php -> python -> ruby -> elixir -> rust
No, it just slapped it on the end. Why did that work in the console and not in the code? It didn't work here. It didn't work here. I read it wrong because this red is so dim. Anchor? Ah, neat. DeadEgos I stared with types in action script
So you've become a fan of types, huh? Okay, it's anchor, not target. DeadEgos but no, I love elixir the most
I'm thinking of the other direction where... In CSS, you can recognize it as a target. There are so many names for things. Oh, did ActionScript have types? I didn't know that. Oh my god, a green test. When was the last time I saw a green test? An hour ago? OK.

01:56:14DeadEgos Action script is Ecma Script with classes
DeadEgos and is compiled
I didn't realize, I thought ActionScript was its own thing.

...28Okay, so this test is wrong.

...40It is the comment. DeadEgos action Script is what js would look like if sun micro make it based on java
short id path that i wanted here so let's grab this put this down here and then this one is comment what did i just call it comment short id

01:57:24Okay. Well, there's that joke that Ruby is what happens when, what is it? DeadEgos even their name space in action script is com.foo.bar
Ruby is what happened when Smalltalk got lonely and Pearl got drunk. It's been a while since standard Ruby has looked much like Pearl though. Comfubar. Oh, that's not bad.

01:58:05So this becomes the story short ID, right?

...19Yes.

...49I said end with. That would be... I think I'm allowed to say end with like that. That would be nicer. Because then I can express that I'm seeing more of this. Yeah.

01:59:39Let's see if any of these pass.

...53Good. All except the one I haven't updated. 57? Oh, I did update this one. Why did this fail? Because it's supposed to be target here.

02:00:13Good. And now the next one, right? Line 57.

...26Oh, it's not short ID. It's short ID path. DeadEgos So intresting I ran into this stream. I"ve been working on a site myself where I'm currnetly scraping hackernews. I have over 60k links submitted on that site atm. I'm gonna walk over each link submitted and find their rss/atom feed and make a rss aggregate based on links submitted to HN.
Got it right on the next line. Good. Now we're at 68. Let's just keep chewing through them.

...49This one is the story title path.

02:01:21DeadEgos I'm using elixir/phoenix for that
oh i see have you seen i think it's kelvin's site no this is i love when reddit just or google just ignores the thing i asked for and then i put quotes around and ignores it some more come on It's Calvin's site, isn't it? DeadEgos I almost always wrap every query in google with quotes now
For links that appear on Hacker News and Lobsters?

02:02:08Yeah, well, I mean, you just saw, like, I put quotes around it and it was like, okay, now I'm ignoring you again. Thanks, Google. DeadEgos rip google
I really wanted to see some dead-eyed skinny models with anorexia instead of the thing I'm actually searching for.

...49grayhatter_ so, I think https://github.com/lobsters/lob… you can add `same_site: :strict` and `httponly: true` and then in 1 month, you don't have to worry about that localhost risk
Somebody? Big meta thread over which site is cooler. I don't know. I can't find the damn page again. NoGoodNick_ @DeadEgos oh that's interesting, I'm curious what you'll build
DeadEgos I have a initial site running that updates based on new links using websockets. https://bkmk.ing/
You can add same site strict. Hmm. That's interesting.

02:03:46grayhatter_ I *think*
grayhatter_ I know NOTHING about ruby, and it's very magical
DeadEgos I wanted to make it easy initially to bookmark the links.
Yeah, Gray Hatter, that's fair. We probably should have those options. So let's file an issue about it. DeadEgos yeah same_site
grayhatter_ would you like a PR?
I don't want to do that when I'm already like four yaks deep. So let's grab this.

02:04:17grayhatter_ give me 10m
Yeah, I would take a PR if you want to do that, even without me filing an issue. We're going to have to... If you could throw in a link to the Rails guide about setting cookies or the API. grayhatter_ lol, it doesn't exist
Yeah, thanks. I'm happy to have that. Just to step up cookie security. grayhatter_ I figured it out by grepping the source and finding tests that I think enforce it
Which reminds me, I don't think we ever finished the... csp work on the site someone submitted the start of it and then we never came back to it

02:05:34grayhatter_ but I will document this in the PR for comments :)
We need that.

02:06:15Where's my extra missing quote? There we go. People say I don't have syntax highlighting and that yellow just caught it.

...34All right, I think I finally got back to a green build. Only took like two hours. to generate links, which you think would be a pretty core feature of a web framework. But I guess it's not, you know, using my web framework, Ruby on, I don't know, pails, because I'm Peter. Just a tiny diff.

02:07:09LGTM.

...17All right, where was I on my to-do list? Forever ago. As long as it's been like two hours of streaming, I will do my little bumper that this is the Lobster's office hours stream. This is Lobster's. If you have any questions about the site, the community, the moderation, the code base, the hair gel, you can just ask anytime here in the Twitch chat. And otherwise, I work on the site. And I am a couple of yaks deep on a big yak shave to clean up URL generation so that I can clean up identifiers, so that I can clean up the story model, so that I can clean up the UI. And we'll get there. One office hour at a time.

02:08:13So this one is that the message model knows how to generate its URLs. grayhatter_ does ruby allow trailing commas?
So I'm going to take that away. Do any tests even fail? It is possible not. The private messaging feature is pretty low priority and low churn, so it doesn't have a hell of a lot of tests. No. In arrays and hashes, Ruby allows trailing commas in method arguments. No, Ruby does not. So in the file you're in, in the exact line of code that you were talking about. And then there's another layer. The short answer is no. We have a linter on top that's going to prohibit you doing that.

02:09:08grayhatter_ just making sure, trying to keep the diffs small
The linter is called standard. It is run as part of a build. If you tell me when you open your PR, I will run the build immediately, because I'm assuming you don't have a whole Rails dev setup if you're mostly writing Zig.

...26But it enforces all of those fiddly style issues. grayhatter_ no, I'm not setting up a ruby dev env 😅
And I have my editor set to... I appreciate it. I have my editor set to run it on file save because there are so many Ruby style issues that I just don't want to have an opinion on. Yeah, okay. That's fair. So...

02:10:00DeadEgos Oh god I forgot about robocop
Yeah, RuboCop. So standard RB uses RuboCop under the hood. DeadEgos that brings back nightmares
And I had a giant PR in the summer of maybe 2018 or 2019 to add RuboCop just so that I could stop making tiny nitpicky linting comments in pull requests. And then RuboCop became its own thing to maintain, and I just couldn't keep having opinions about new linting rules that it introduced. And so when Justin Searls released Standard, I don't know, maybe a year later, I was like, yeah, I'm fed up. I'm done having opinions. Let me just drop this in. And I now feel pretty strongly that... grayhatter_ zig fmt
DeadEgos Q: have you ever looked at elixir?
Languages should have a formatter like go format, like black for Python, like standard for JS, like standard RB for Ruby that just, you know, you can turn off one or two things if they particularly are disagreeable to you, but otherwise it just works. No, I have never looked at Elixir. I hear about it pretty regularly because a lot of the Ruby community moved over to Elixir DeadEgos you know the guys from plaformaic made it
DeadEgos yeah that was me
DeadEgos 2016 is when I jumjped
oh seven or eight years ago five six years ago sometime yeah yeah there is only one rule that is turned on from standard that made me mad 2016 yeah that's DeadEgos it was the guy who made devise though
Yeah, that wave, I've described it on stream fairly recently as Rails development kind of stalled out for a couple of years, and it was when Yehuda and a bunch of other folks moved over. DeadEgos he made it
They rolled out in 2015, 2016-ish, and then a year later, Rails kind of entered a fallow period for five or six years. It's been busy the last year and a half, I would say. But I don't know. There's some things that frustrate me about Rails that it will never fix that are fairly deep design choices, we'll say politely. that are hard to reverse and hard to work around. And stuff like URL generation happening at the wrong layer is one of them.

02:13:06Yeah. Devise is one of those things that should probably just be baked into the framework already. I kind of think, so one of the things that is in my daydream for a web framework is, I don't have a better name for it. And don't say Sherlocked, but it is a bake-off model of development of, you know, the web framework needs some kind of standardization around log-in. So let's make a bunch of libraries that all handle authentication. And then after a year or two, we'll see which one is most effective and maintainable and just nicest and most reliable and secure. And then the framework will incorporate that one. And I am not calling it Sherlocked because that's when the operating system manufacturer is like, hey, nice app you have there, yoink. DeadEgos as a prior ruby/rails dev, I would honstly give elixir/phoenix a true 15 minutes of your time. I think you will be shocked. .
I am calling it a bake-off because it is an explicit, hey, let's all be creative in this problem area. DeadEgos FYI we have this in elixir/phoenix
DeadEgos its phx.gen.auth
And then narrow that back down to, all right, let's pick a winner and incorporate it so that we have one fewer decision.

02:14:35Oh, do they have a name for it? DeadEgos that the rake task
phx.gen.auth. Is that a... Domain? DeadEgos IE mix task
No.

...57DeadEgos a task
That's a module. Nice.

02:15:31DeadEgos it scaffold the whole auth
So a bunch of these just use the correct thing. Why was there even a URL method on message? And I know this is going to be painful because I know I saw it one place and did. Okay. Yes. All right. Then it was just the email message mailer.

02:16:19NoGoodNick_ I just heard “I wish Rails had …” and then my audio cut out for two minutes NotLikeThis
And there clearly is no spec for that or it would have blown up. All right.

...41Oh, I guess Big Rails is censoring me.

...59DeadEgos DHH got china to firewall you
I actually do call URL for somewhere. That's fine. I don't need to edit that. And then let's audit the link too. There's a whole lot of these, but actually I already checked that none of these are calling Yeah, I just want to check that these are not calling those methods on models. So I really just want to look at the second argument to all of these. There are 159. Great.

02:17:54not seeing that any of them are calling like dot path or dot url well link from comment url but that's on the link model which does have that method so let's look at these for path there's none and look at these for a url And there's just this one that's on the link model. Okay. Cool. So that's fine.

02:18:43DHH got China to firewall me. Maybe it's the UK, the online, what are they called? Ofcom, that sensor agency that sensors user-to-user content. Maybe they did it. It's them, working together with the Illuminati and DHH. You know, I joke, but all those kind of conspiracy theory jokes have gotten a lot less funny to me running, Lobsters, because every once in a while... What is once in a while? Roughly once a year, someone tries to invent a conspiracy theory about me. And that's very unfunny as the target of the joke. Like, so people joke about it in the lobster chat room sometimes, or even here in the Twitch chat. And I ask people not to because people who seem very unstable and not quite in touch with reality have tried to invent conspiracy theories and they are not at all kidding. There was one guy who said that I was conspiring with Wikipedia to censor something. He submitted an off-topic link and I removed it and he was like, obviously you are conspiring to prevent me from i think just abusively editing wikipedia pages or something i don't remember what his deal was the one that was more concerning was three years ago there was a guy who thought that y combinator was conspiring with all of silicon valley against him and that i was somehow part of this conspiracy theory because DeadEgos wtf
wouldn't let him submit links to how csvs were going to cure cancer and yes that csv is like comma separated value spreadsheets were going to cure cancer and big tech was censoring him and i looked this guy up and he was in the middle of getting divorced and his spouse was alleging domestic violence i don't know the guy was a whole handful and he was not kidding and it was NoGoodNick_ maybe ASI will be a giant CSV
not pleasant to get included in that conspiracy theory from someone who had kind of credible allegations of violence against them like if you are mad at big tech there's not a lot you can do silicon valley is not actually a place it's just a series of office parks along a highway in northern california but if you imagine that Peter, the guy from Chicago is involved in the conspiracy. Well, that's a guy that you could go get. DeadEgos Terrence Howard made CSV?
And I told on, not on stream, but there was another person, even before I became the administrator, who like found me offline at a conference because they wanted to continue a nonsense, unhinged argument they made from the site. chamlis_ being a semi-public figure like that doesn't sound very fun
they so i was at this conference and it was in the morning there was kind of the reception before the first keynote and i was standing around in a group of folks just kind of making small talk and someone was moving around in the background and they were doing something weird i could see them kind of like going from group to group and disturbing those groups just something in the body language the vibes were bad right we didn't have that term then but the vibes were bad And he came up to my little group and started yelling at me because what he had been doing was going around to every single person at the conference reading name tags to try to find me. That was weird and unpleasant.

02:22:44pushcx https://tim.blog/2020/02/02/rea…
Tim Ferris has a really good post about this. that is about weird shit that happens when you're a semi public figure. And he has an analogy in here of audience size to city size that is very useful. So the monthly user base for visitor base for lobsters is on par with Madison, like a quarter million people. For Tim Ferriss, his audience size is, you know, many millions of people, like New York City size or Tokyo size. I forget. And for him, I am sure it is harder because he's also seen as kind of a self-help guru. And so people who cannot get it together are more interested in self-help gurus, and obviously no one is coming to me for advice on how to get their life together. God, I hope not, right? So... He has this extended metaphor about how weird shit happens when you have fame or you are a public figure. grayhatter_ https://github.com/lobsters/lob…
And what's happening that kind of breaks your intuitions is if there is a one in a million thing, like someone who is unpleasant enough to run around a conference or trying to read every single name tag to find you, if that is a one in a million thing, well, if Lobster sees a quarter million people every month, that kind of thing happens three times a year. That's not great. NoGoodNick_ yes, large numbers are unintuitive
And it is very unintuitive that it ever happens at all. And Ferris also talks a bunch about how we sort of, in American culture, we value fame and reward fame and it is expected that a normal part of ambition is wanting to be famous and recognized and complaining about getting that is seen as ungrateful or not how you are supposed to perform fame i don't know so it comes with a bunch of cultural baggage where if you complain yeah someone came to a conference and tracked me down to yell at me DeadEgos narcissism meets scarcity
Well, you are ungrateful and you don't understand your audience and X, Y, and Z. Let's put this in here.

02:25:57grayhatter_ I'm sure this idea isn't novel to you, but I just learned it myself a month or so ago, and it's the most useful framing I've learned in years
grayhatter_ never accept criticism from someone who you would ask for advice
let's take a peek at this great that's going to be a green build because there aren't going to be any tests around it but thank you so anyways i really liked that ferris piece I am really glad that I am not famous in the way he is. And I have really tried to avoid anything that would look like fame. That's why like on this stream, I don't put my face on the stream. This is not about, this is not the Peter show. This is not Peter as a personality. Isn't it great to hang out with Peter? This is, let's talk about the site. Let's hack on the code base. Let's try and stay focused on that. DeadEgos lol
Grey Hatter, I'm guessing you meant to say never accept criticism from someone you wouldn't ask for advice? grayhatter_ lol, yeah, unfortunate type
I've heard that kind of thing. I think... grayhatter_ typo.... fingers... please.... help me here
I think it is useful if you get to, like, Tim Ferriss levels of fame, but actually... That is not how I handle stuff. I take criticism, like, I don't know if you saw the recent meta thread on vibe coding, but there was a lot of criticism in there. DeadEgos I can respect that you want the intent to remain the subject code and not you as a person.
And there are people on the site who made some of it that I disagree with them about pretty much everything, but no, I'm going to take their criticism very seriously and try and figure out what in it is useful. You know, I don't take random criticism from like, grayhatter_ sure, but I see "never accept" as distinctly different from "never solicit"
DeadEgos IE my user name is big part of how I navigate the world these days
twitter replies i mean i haven't been on twitter for years but yeah one second my spouse is texting and yeah that's why like if you look at the stream archive it's all about the topics rather than isn't peter a great guy anyways never accept it differently from never solicit hmm grayhatter_ what am I missing from this decision, isn't the same thing... I'd assume?
What was the second thing I was going to do? I'm thinking about house chores. Sorry. So I have a focus mode set up on the phone so that when I'm streaming, I don't get texts, but I still get them from my spouse because, like, grayhatter_ wait... you think your spouse is more important than twitch chat?! D: D: D:
know like hash product priorities my marriage comes first god there was something some other house tour i was gonna do we'll get back to it hopefully i put it on my to-do list all right so DeadEgos Welp it was night meeting you. Hope to see you streaming again.
DeadEgos my god my typos today
yeah yeah actually no i have my little i have a little index card of what are the things that are really important yeah thanks for dropping in dead egos i have the twitch schedule below so you can add it to your ical and all that but i was pretty bad for the first hour of the stream before my coffee kicked in so no criticism but i will stream again on monday is the next scheduled stream All right, so if story title URL and story title path are wordy,

02:30:03They could just be title URL, title path. It's obvious the variable that is getting passed to them is always called story or S or MS for merge story. But as part of the yak shape, I will be touching that because that concept will change. So yes, this is redundant because everything goes story, title, path, story. All right. So...

...39So the real one is URL or comments path. Yeah, that is the same thing. Let's take all those.

...56NoGoodNick_ @DeadEgos your personal site seems to be down
Yeah. All right. All right. As part of spouse texting, I have to stand up for 90 seconds and do a house chore. I will be right back. NoGoodNick_ it's linked from https://bkmk.ing/
and then we will break this stuff.

02:32:34All righty. How do I help to turn this thing off?

02:33:02I know it is possible to do a search and replace on all of these, but I like to see them.

...45I guess I'm also okay taking the word story out, not just because it's always the variable name, but because it's the God object of the site and everything is kind of oriented around story. They're the only thing in the site that has a title. So it's also unique.

02:34:21nothing here is becoming ambiguous to me hmm let's yeah make that clear that was probably wrong one reason to look at it is you catch stuff like that

...59Of course, the sitemap stuff is already broken.

02:35:32You know, did that used to be? No, okay, it's still a path. I'm a little surprised the sitemap doesn't have you do it as a URL instead of a path, but I'm gonna just assume that that's correct. Leave it alone. Don't need to go looking for more work on these, right?

02:36:32How many have we got? Six. All right.

...48Yeah, we'll leave it on the short ID or URL. Good. All right. Let's see if we're still green after that. There was another little shotgun patch.

02:37:04And I'm actually, I feel pretty good about having broken that out as its own line item because I thought of that while I was in the middle of making all of these. And I was like, all right, let's leave it on ambiguous and build my intuition and see more of these call sites. So let's check that off.

...40Merge stories. Yes, I was going to link to. Their single detail. Yes. OK, so let's. In single detail, we want them to have a. Target. so this is come here let's get the server up because i want to see this one so i just glanced down at my clock so i usually run these streams about three hours we are pretty close to the end of my to-do list so i'm going to get to a point where i can merge this which might be Like 15 minutes or it might be 2025 and that'll be. The end of this stream So if you have other questions about the site now is a good time to get them in otherwise i'm going to try and bring this home here.

02:39:33remember the order of those.

...43NoGoodNick_ do you recommend other devs try / switch to (n)vim?
So we've got a story with a merge here. Let's look at this.

...53I think knowing the basics of editing in Vim or NeoVim is pretty useful for if you ever SSH into a production server, but I don't know. It seems like all of the momentum is behind VS Code and Zed right now. I don't know. I'm happy with Vim. For me, it's just like I've been using it for two and a half, three decades. There's not a lot of point in Frici don't people just remote edit with VSCode these days?
learning a new one that's only gonna be a marginal improvement.

02:40:54NoGoodNick_ I know hjkl and oO and cw but not beyond that
Frici like even "ssh into box cause vi is the only installed editor" doesn't hold as much these days.
All right. So what I was like is if we link to NoGoodNick_ yeah I remote in with vscode
NoGoodNick_ but vscode remoting is relatively heavy weight so I wouldn't be surprised if it's not available everywhere
like this target will get redirected to the story page which is going to be this slug but we should highlight this target so what's the so if i grab this guy yeah see i get redirected to the title url But I don't get the... Fruity, pretty good point there.

02:41:47Frici unsure, like peter, i learned vim decades ago so never looked elsewhere tbch
Yeah, so I guess no good, Nick. pushcx https://bookshop.org/p/books/th…
Frici but I do know that until recently the non vim option was TRAMP and now vscode remoting
My... My advice on this comes from... The Pragmatic Programmer book, which if you haven't read it, I think is excellent. And one of those that everybody should read. And one of its tips is just flatly learn. You're going to spend a lot of your time as a developer in whatever your editor is. So pick one that you can script and learn the hell out of it. Become an absolute expert about it. NoGoodNick_ how do you script your editor?
And I don't care if that's Emacs or Vim or NeoVim or Zed or VS Code, as long as it is an editor that you can script, because there's a lot of value to being able to script things. And like in Vim, you can make macros, which is like a miniature script where you input a set of commands and that becomes a script. being able to script your editor very casually is very powerful. Like that search and replace, I could have scripted that or actually did script something last stream or the one before I made a little macro. And I think all of the popular editors allow you to script the editor. Yeah. So like in Vim, So we have here we have this variable ms right. I can write a macro that says. At keep not come here let's let's remember what the heck i'm doing so let's record a macro called Q and in it, we are going to jump to the next search item and. know go to the end of the word and append one two three and then that'll be the end of the macro i don't know i'm i'm trying to think of something trivial right and then i can just run that and now i can run it again and again and you can see i'm like i have a little macro that is moving around but it could do anything that i can do with the keyboard so it could Frici I don't think you can script things in vscode but you can create tasks that run external scripts (so you can use cli's through the editor or similar) and ofc for emacs you have elisp to do literally anything.
save the file and open another file name or you know find me every instance variable in here and open a scratch file with the name of that instance variable and copy the line in you can do all this kind of stuff and once you get the hang of scripting your editor you will occasionally do very powerful things there's where is it Destroy all software. I don't know which of these are public, but so. This was a popular screencast series. And these talk about. I think it's this one, right?

02:45:30pushcx https://www.destroyallsoftware.…
yeah i think it's this one so i think really highly of this entire screencast series and while i don't do tdd i otherwise got a heck of a lot of stuff out of these screencasts and he talks a bit about effective editing and scripting vim and pulling the macro into Vim, I don't know, I guess what I'm saying, I'm kind of rambling. My point on that is he shows off a lot of the expert Vim stuff that you can do. And you can do this stuff in almost any editor. Vim has the bonus that it has a very permeable boundary between scripting and editing, where other editors are a little more formal about this. Your scripts are written in their own programming language. But I think people can be very effective in pretty much any scriptable editor, and I highly encourage them to do so.

02:46:42Let's grab that bookshop.org link for the...

02:47:04NoGoodNick_ do you use vim shortcuts in firefox?
me i kind of live in the terminal aside from firefox almost everything i do is in a terminal and it's really nice that when it works readline has vim mode and most everything has a vim mode and so i kind of always have my shortcuts and i have everything set up to open in vim And I always get to use that editor everywhere, as opposed to half the time I'm in VS Code. chamlis_ I'm bound by law to point out emacs also lets you do macros in a similar way to vim
Yeah. I don't hear on the stream, just because this is a very stripped down profile, but there is a... Ah, great, Shamless, yeah. I am not one of the die-hard, let's have an Emacs versus Vim fight. I think Vim is, or I think Emacs is excellent, and I also suggest it for all the same reasons.

02:48:06What is the name of the extension I use in Firefox? NoGoodNick_ vimperator or something like that?
Let's see if I can find it off stream here.

...18elusive_quasar I was just thinking that the terminal is the universal GUI on Linux, compared to GTK/Qt.
chamlis_ yeah, agreed, far better to get good at an editor than choose the "best" editor
I've been using it so long I've forgotten its name entirely.

...46elusive_quasar Vimium?
Frici vimperator hasn't been usable in like way too many years. vimium is a good option though
Oh. It is called Tridactyl. pushcx https://addons.mozilla.org/en-U…
So there are a few of these kind of plugins. I think this is the one I use. Yeah, there's Vimium, there's Vimparator, there's this one, and they all kind of add Vim shortcuts to the browser. Yeah. elusive quasar, I think the universal GUI is a pretty good way of putting it. I also like, I still use MUT. I switched to NeoMUT because there was some feature in scripting that I needed, but I used, what is it called, NewsBoat for an RSS reader. I just live in the terminal. It's where I'm comfortable. I use CMUS for playing music.

02:50:07See, do I want to have an ID? So I think I want to have two IDs. I want to have one for the top and then one for where they appear in the comments. So like A versus B. So what do I want to call that?

...39What do we call this thing at the top? I mean, I call it single detail. But is it a header? Is it the headline? No.

...55Yeah, let's call it header ms.token. And then story show.

02:51:17Where's the each? NoGoodNick_ as an outsider, the appealing thing about vim seems to be how fast the expert users can navigate and edit code but the scriptability aspect I still don't get
Here. All right. And then we show that little header. And there's the story content. Isn't there another loop for comments?

...50Where do we get the comments? OK, just down here, so let's put it on this oil.

02:52:02And I don't. Yeah, I'll put it on the ID tag. Don't want to call it threads. elusive_quasar the best way to understand a perspective you don't naturally already have is to try it yourself.
Or comments. Threads is like an internal name that almost never is user visible but anchors are a little bit so these things don't have a token because i'm on the routes branch so that's going to fail right that's going to fail undefined method merged what the is that

...50Why did that only... What did I edit? Where's my diff? Yeah, I think the fast navigation is pretty nice. Oh, I... Well, I was showing off the... Playing around in Vim, I accidentally edited that. Let's restore. Oh, but I just threw away my, well, I'm going to see that exception I expected anyways, aren't I?

02:53:34I didn't get an exception.

...50Because there aren't any comments.

02:54:02Oh, and I want to link to the... I don't want to link to the actual comments. I want to link to that internal header. So... Yeah, hold on. Let's find the title again. This thing.

...55Frici fast navigation is something you can achieve in most editors tbf once you get used to your editor you get used to navigating around what you need as fast as it can get.
Oh, I'm doing Ruby string interpolation I can't keep.

02:55:11That's what I wanted. All right. So let's wrap that up in a method on story, because one of the hassles I had with the previous short ID stuff that I made this whole branch to clean up was how many places had that string interpolation.

...59Don't call this. Call it anchor, right?

02:56:18Header heading think header.

...36I'm kind of waffling on this because I know it's going to be user visible, and then I never like to break links.

02:57:02Anchor comments anchor.

...11Don't really have a name for the block at the top.

...41Guess that'll do it. Losing battle. I try and put these in alphabetical order.

02:58:54What did I do? I'm missing the percent. Okay. NoGoodNick_ @Frici yes, learning vscode keyboard shortcuts has been very useful
So now this wants to commence.

02:59:29Not this one. This one wants to link down to

03:00:09NoGoodNick_ @elusive_quasar I like to learn from others' experiences when I can
Now these are all getting that options I've been trying to avoid.

03:01:06Skip that. Oh, I got a little typo. Unexpected keyword splat after a splat argument. That's 23. That is a weird formatting on that error. Why are you angry about this? AnakimLuke RED COLORED ERROR must be important :P
Because I can't put this after a named or after a keyword argument, can I? Has to go here, I think. Red color must be, yeah, I know. I mean, I can't change this to be my boring PIM color scheme, right? So now it is this. Yeah, see, now that links down. All right. Didn't generate a valid URL, though. P01. Oh, yeah, it didn't. So it should have still, so it's that it tagged a dot anchor onto the end rails. What are you doing to me?

03:02:26There's a bunch of things wrong there.

...51So this calls title path. Title path goes here. It has options, has a title. Guess I'm going to need a test, right?

03:04:46Frici work calls I won't be around by the time you wrap. take care 👋 and catch you next time
And URL has to be, let's say, title path.

03:05:00Ah, thanks for dropping in, Preachy. Have a good one. Yeah, that darn work.

03:06:17Hmm.

03:07:27define method story that's 15. but comment should have a story object associated well you know not associated but walkable from

03:08:12Call story on story, because I passed S, not C. Bad test.

...30Well, that's interesting. So I got the short version instead of the long one. I wanted the long one, so yeah.

...57Okay.

03:09:54Yeah, there's my error. So why is that? getting generated like that.

03:10:14Can I just say anchor colon nil, and then is that what I want?

...37I can't pun it, can I? Oh, I fucked up the edit. Thank you for sleeping on the mouse cat. NoGoodNick_ so I heard of an alternate solution to that
So one good reason to learn Vim that has not come up no good, Nick, in our previous discussion is if you have a big cat who likes to lay on your desk and sleep on the mouse, it is nice to have an editor you can use totally from the keyboard.

03:11:12NoGoodNick_ yes yes
NoGoodNick_ they just want to cowork with you
oh yeah the what do they call it the placebo keyboard or the placebo mouse where you put the extra keyboard on the desk for the cat to sleep on yeah so he doesn't stand on the keyboard and i gently trained him out of it by every time he stepped on the keyboard i would very gently reach over and hold that paw And he doesn't like that, of course. And so he stopped doing it. AnakimLuke :D :D
AnakimLuke meldamPeek
But he does just relentlessly want to sleep with his butt or his side laying against the mouse. Hi, baby. Oh, my big baby.

03:12:06So... What's my exception given to expected one to title path out spec me three.

...46AnakimLuke meldamLurking meldamLurking
AnakimLuke pandor92Jasper
AnakimLuke staceyrpgGrumpy
yeah every cat emoji you got to dig in the stream archives to see a picture of the big boy but he's taken to see i don't know if it was just a winter thing but before i really started streaming and in the early streams there's a spot on my filing cabinet that he can sleep and then the webcam can show him and he's shown up on stream a couple of times but I don't know if it's just for the winter he stopped sleeping up there or if he decided he doesn't like it, but he prefers to sleep on my desk now instead of the filing cabinet. We'll see if it's just a thing that as it warms back up here in Chicago that he gets back into. Wrong number of arguments.

03:13:46Right, because you can't actually pass.

...55Ah. gtfrvz CoolCat
OK, these did want to be story short ID path, short ID URL, so that I can have the title in there or not. excellent i didn't know there were so many cat emojis given two expected one comment target path what are we mad about because this calls story short id path which is the built-in This one is a rails route, rather than my little wrapper.

03:15:10Oh, I get it, okay. It's... The way these things are layered on...

...24So if there is a title we just want to pass... So let's say options equals... yeah we'll do it this way we'll say options equals a hash that hash is this and then if title options title equals comment story title as slug yeah and that's short enough it can do host method and then this becomes options let's bring this down here and you change path to say url and then it is the same method green green okay a little dancing around there to between keyword arguments and named arguments but that's fine that's why we write tests So now does the browser want to be happy? Yes. And does this link down where I expect? Yes. No. Because it is linking to... So the... All of this part, this is correct. The title is correct, except this is the merged stories title and the merged stories short ID instead of being the parent. And you're just going to get redirected back to the parent, so it's going to lose that. So for merged stories, this is going to be an N plus 1, isn't it?

03:17:47I guess what I'm saying is. Thank you, sir. I guess what I'm saying is. I want the title path or top level story.

03:18:19It's not defined there. It's wordstories.first.

...36And then now, yes. Yes. Look, see? And the target even gets highlighted. And if I change this to say header, It gets highlighted. Great. So if I go to... What is the short ID here? This. Where's that redirect? Where's the redirect for... Can't happen in the routes, can it? Because it can't know... Yeah, it's got to happen in the controller. Can't yet know that it's a...

03:19:26merge story so let's say merged into anchor is story dot header anchor and core not and or which is the So now if I go to load that merge story, Bam, look at that. I'm redirected to the header. It's highlighted. You can see that it's been merged. There's a note about it being merged. It is clear what you are looking at. There is a lot of confusion cleaned up. And I've started using the token there.

03:20:26Good. And then if I click on this, it drops down to its comments. If I click on this, where do I go? Ah, back up to the top. Yeah, I guess that's fine. Feels like it shouldn't link anywhere. Yeah, let's make that not a link.

03:21:35Good. Now it's not a link. Good. Because there isn't anywhere for that to go. That would go right back to here. I trust people are able to scroll back up on their own. All right. Let's look at that diff. That's not too bad. Don't love header. Maybe I should call it detail, because it is the single detail.

03:22:13Call it the title.

...24gtfrvz GlitchCat
Anybody have strong feelings on this one? So this is the anchor that appears at the top here. Yeah, I'm not going to call it cat emoji. Hmm. If that's header anchor, detail anchor, top, headline.

...52I could just remove the prefix.

03:23:04Metadata. All right. Guess it's going to be header.

...29NoGoodNick_ DxCat
Cat anchor. Cool cat anchor. Glitch cat. All right. A lot of these cats.

...46What was left on my to do list? Update use of Rails application. I don't remember what that one's about.

03:24:02Oh, this uses the. This is the. thing that I wrote the routes helper to get rid of. So this is a place where a Rails model outside of the request response cycle mostly needs to generate a valid URL and can't without this kind of nonsense. And I guess that explains what I should have been calling it the console.

...42application routes url helpers yeah that's what i couldn't remember is that extra url helpers in there so this becomes routes user url

03:25:19gonna have to run the whole build because these are all fired by random callbacks honestly these are variables just because that call was so long so this could be Routes dot user URL.

...54The parent.

03:26:06Yeah. User divided by user.

...14Good. And here, now, this becomes routes user URL, parent user.

...33Let's go ahead and get rid of one level of parentheses.

...43Got the sender URL.

...50So that can just become routes dot user URL or sender. No, come here. And this one becomes rep user URL redeemer. This one in case anyone's actually reading the code here. So mod notes, these are visible to the moderators. And this one is so silly, but if you send an invite and then attempt to redeem it while logged in, this catches people who are trying to set up voting rings a couple of times a year. Mostly it catches people who get invites and then don't remember that they already had an account. And so they open it in their regular browser and they're already logged in. because they've just made their account six years ago and forgot they had one because they never used it. That happens pretty regularly.

03:28:04So this becomes routes.comment. Target URL for the parent comment. And this becomes routes dot user URL for the parent comments user. It's always nice to reach the stage of a very long refactoring where you get to start deleting code.

...55That's all of them, isn't it? Yeah. All right. Let's see if that's even like 50-50 at this point after three and a half hours that I'm just making dumb typos. So we may get a syntax error here. May not. It was a pretty mechanical refactoring.

03:29:25chamlis_ I believe!
So that's that. Yeah, we made it. All right. So I think that ought to be. There's a possibility that Brakeman complains a little here, but it'll just be updating an Ignore signature. I think this is ready to go. chamlis_ I hope to do another shift on the layout this weekend, did any of the markup change that I'll need to rebase on?
Nice big branch.

03:30:27yes, very slightly. if you didn't see it go by there in stories show, I added a couple of anchors here. Let's just, so I added a ID and then This changed a little and then in single detail there's a parallel change. That also has those same anchors and then uses the new helpers.

03:31:45chamlis_ ahh, nice, I'll try to keep those around
And so much routing stuff, I feel. Let me look at my afternoon schedule, so I merged it to master locally, but am I going to be around because I swear if I deploy this, I know I'm going to catch a couple of prod five hundreds from typos. And yes, I am going to be around, so I am going to go ahead and deploy this. Because it's got to get deployed sometime. Today is some time, and I am not. Really? Dependabot. What do we got going on, Dependabot?

03:32:30Ooh, actually, that one. One of these looks a little nasty.

...42OK, and then what's happening in this one?

...51All right, one's a denial of service that I'm not too worried about. I mean, that is bad and has to get fixed. Yeah, both of these are bad, actually. And then this one is definitely not. So let's bump those right now.

03:33:27run the build real quick. So the two bugs are the two CVS are there's a denial of service where if somebody gives you a query string in a field with particular terrible stuff on it, they might be able to get the server stuck in some kind of infinite or exponential loop. And then Rack session looks like if you do very particular fucky things, you might be able to take over someone's session and that's very concerning.

03:34:20Where's the CVE?

...27Both of these probably affect us.

...39So get that deploying. So yeah, I'm going to watch the end of this deploy and then stretch my legs, etc. But I'm winding down the stream here. chamlis_ thanks!
So if you have any last questions about the side of the code base, you can slide them in under the wire. Otherwise, I'm going to watch the end of this and then I don't know. Maybe eat this cat here. AnakimLuke poor cat
I don't know if his little myrrh came through. Sir, would you like to say hello?

03:35:15Oh, baby. Poor cat. Do not believe his lies. He is a big pampered baby who gets lots of attention, lots of affection.

...39AnakimLuke pandor92Dodger pandor92GhostHeart
NoGoodNick_ thanks for the stream
you know if we bounce puma with a reload wait this is wrong if it says it's doing the phase restart of puma but since we change the dependency we need to do the hard restart yeah

03:36:14yeah not reload but restart so what's happening here is with puma we can either tell it reload which reloads the app code but it doesn't pick up changes in gems and i don't think it would pick up that rack change restart is kill all the workers start from scratch and ansible is impossible to keep working it's supposed to if i touch the gem file do a restart instead of a reload but obviously that's not working all right so let's see the site come back up

03:37:19there we go all right well nick thanks for hanging out the whole stream and other folks thanks for dropping in this has been lobster's office hours and the next one will be Yeah, it's Thursday, so the next one will be Monday afternoon, Chicago time. You can get the ICS. Let's turn off the production footer about office hours. This thing. There it goes. Cool. All right. Well, hope to see you all on Monday. Take care.