Pair of shoes

01:08It's Thursday. Oh, I got to click off the stream for two seconds because I was going to post the, like, going live now. So let's go in live now. Twitch TV. Post to the socials. All right. So. Frici Ahoy!
So. Put that up. this is lobsters office hours and this on the left here, obviously this on the full screen for you is lobsters. And Peter, I run the site and I am happy to take any kind of questions. Ah, Hey, free chain. Good to see you. pushcx Office hours! Feel free to drop a question in chat anytime, or just watch as I code!
Welcome back to the question in chat. I'm going to just watch as I code. These Thursday streams, I'm always getting set up last minute. At least I remembered to open the microphone workaround so things don't sound bad. Alright, so let's see, where are we at? I have the scratch file from last week. Yes, and I still want to do a bit of that. So, let's edit.

02:42Not too much happened. I was under the weather on Monday. Sorry about that. This stuff, this stuff almost all happened. Good. Or it migrated into a proper to-do list.

03:01So we also have some PRs to review. Frici removing keybase? I never used it but how come? are they sunsetting it ?
and i think some issues yeah but then obviously the hot topic of the lobsters chat room the last day or so has been the soundtrack for the movie queen of the damned which is my favorite bad movie not super topical for lobsters but whatever Yeah, I can show you in two graphs here. It needs some maintenance. And then if we look at, can you guess on this chart when the company was acquired by Zoom?

04:06Frici ahhh yes I do see the issue LUL
The other link I wanted to open was the blog. because the hint is it's their last blog post from just over five years ago. dlamz I had to export all my keybase chats using a script that screenshotted everything :(
Frici htey definitely zoomed into a direction... maybe sad it was the downward one
So they took the next stage on their incredible journey and they kind of politely said, in this blog post that everybody was going to be reassigned to work on Zoom's security team. But that's pretty much what's happened. And so I messaged a couple dozen users who are active on the site and have Keybase profiles And one person said, I kind of use it for work. And then 25 people ish, 30 people, I forget how many I contacted, but everybody except that one person was like, Oh, I didn't even know that was still up. Yeah, I don't really care. There is something called key oxide. pushcx https://github.com/lobsters/lob…
And I put a feature request in here. Yeah, this seems to be the most popular replacement for key base. I want to say a half a dozen people mentioned it. I hadn't heard of it, but there we go. And rather than put a bunch of time into maintaining something that nobody even knew was still present, I think it's just time for it to go. And I had wanted to on last Thursday's stream, I think even the Monday prior stream, but just haven't gotten to it. So as long as we are talking it up, let's go ahead and do that even before PR and issues because it's pretty simple.

06:29Let's see. Where are we here? I guess I'm always on a branch, so... What are we doing? Remove Keybase. Honestly, the only tricky part about it is going to be the migration because the settings for it are shoved into the user settings hash. So let's make a migration.

07:12dlamz how are you liking jujutsu
I'm liking it a bunch. It's only been two weeks, but it is both, I think Steve Klabnik pointed it out, but it's both conceptually simpler, it has fewer moving parts, because it gets rid of things like the index, and then also gets rid of like detached head being a special state. But then it has Making changes mutable means it just has fewer primitives. And I'm getting very comfortable with it. It's still... So there was a 0.30, I think, was released in the last... Heck, I think I just saw it on the front page of Lobsters, right? pushcx https://lobste.rs/s/vmdggh/juju…
Yeah. So a new version was just released yesterday. And I like it a bunch.

08:19Lots of interesting discussion of how tricky it is to replace big, complicated software after what's been around 15, almost 20 years.

...38So let's start in the user model. And then I'll just work through the views. Yeah.

...54And I'm just going to grab this.

09:18No, I guess I'm not.

...27Oh, I missed the U. All right. So this is my local dev database and it has a little out of date, but that's good enough.

...51All right. Hi. Like, do I set it to nil? Here, I know I have one. Grab me, ebay signatures equals nil, and then save.

10:16And I'm thinking of validations. I don't think there's anything too interesting in there. And then, oh, you are just printing tokens. Frici out of near 20k 600 is a decent chunk of users for keybase.
Okay, let's go roll some tokens off screen. Because that's in that same array.

...45Yeah, actually, I was genuinely surprised that we had as many as 600. The easiest way to roll that is going to be to Just go to the settings and unlink my GitHub and relink it. Disconnect that. And disconnect that. And then I will come back and add those back. Fun with live streaming.

11:28Oh, and I will be rolling that too. Why is that even in the settings array? That's frustrating. Where is the... Let's just look at the source.

...48Yeah, I will just... Isn't there a... It said I'll render log and control it.

12:06It's over in settings controller.

...14Yeah, it is. All right. So if I go ahead and say disable on that.

...31Where are we here? There we go. Turn that off and back on. Very exciting. So I know not a lot is showing on screen, but I am rolling all the tokens I just showed on screen. There we go. Let's get back to what I was doing. With

13:19I'm making sure to re-enable the, what do you call it? TOTP.

...36Frici can't be a real streamer without leaking a token on stream... just like real programmers leak all sorts of secrets on github /s
Paste it in over here.

...49Yeah, one of the nice things about my stream is it is not so busily watched that I'm in a race to roll these tokens before someone can do something nefarious. And honestly, we... I'm honestly not sure if it would be harmful if I didn't. So, like, with GitHub, we only request permission to check your username. And the same with Mastodon. And then the TOTP secret, that's actually bad, but it's the second factor. So you would also have to know my password, which is randomly generated. So that's the worst one, but it's also the least usable one where someone could have rolled up to either of these sites with that token and authed in the 90 seconds it took me. So with that saved, now upstairs. okay so that's rolled and i am not going to redo the github and everything connection while i'm on stream because that's fine if that's just missing from my profile for a couple of minutes all right all right very exciting now let's get back to what i wanted to see which was if i set keybase signatures to nil OK, it becomes an empty array. Frici yeah just being facetious, the danger is far tinier than it would be in any other context rn
I actually want to delete it from the array. So if I said. Good. But now let's make sure I can actually do it as a migration, because if I. Yes, all this code is dead.

15:54If I delete this, I'm not sure how the settings array takes it. So I didn't save my user at the end there. So keybase signatures should be in there. And it is. And I can delete and then save bang. And those are the tokens I already rolled.

16:29Okay, so this type store, I wanted to make sure it was forgiving, that it wasn't going to be angry that I didn't have the named field key-based settings, our signatures. So this, we will say user settings delete, key-based signatures, and user save bank. That ought to do it. Let's pull the rest of the key base code out of here. That's all out of here. I'll test the migration. Yeah. So let's see. I know there's going to be some in settings index.

17:31And then I want to say there's a couple of files. Yeah. I think I haven't deleted a file with Jujutsu before. So let's see if this is the interface.

...59unrecognized sub command. All right, well, let's just do regular RM. And run status. Okay, yes, it recognizes that I changed all this stuff. And I guess I don't have to tell it. That's nice. One fewer step. All right. Let's see if anything else mentions key base. user profiles, makes sense. Routes, yup. And there is something in, oh no, that's dynamic, okay.

18:51Yeah. You know, since I put my email, this public security are well known i put my email in there and i put it in i think a file i think there's a security file here yeah and i did this only in the last couple of months and now like once a week ish i get a scam email to this that's like I have found a vulnerability in your website. Give me a bug bounty on HackerOne. So there's my Keybase. It is harmless to leave it in prod, so I will leave that in prod. God, that would be a pain in the ass if I showed prod tokens.

19:52This is a fixture just for Keybase. Right. Render expected KB username. Check. Yeah. Okay.

20:23Kind of wrong file to close.

...32All right, now the only thing left is the migration to remove key base. So let's go ahead and run that.

...46End of an era. Oh, so Frucci, to your question where I showed you the chart.

...58That's annoying. Why is that failing? There is one person who I think used to be the CTO of Keybase still making commits on the repo. That's why the graph isn't 100% flat. But it's clear they're not able to do a lot. We have two users named l-p.

21:40Okay. So we have one and do we have an L underscore P? No. What are we getting an error about then? Let's check that. Sure would be nice if I had released recheck already. Frici they....invited a user named... 2?
Underscores and dashes and username.

22:16Frici TIL
They invited a user named 2. I suspect that they had another name and renamed themselves 2, 2J. Yeah, all of this is odd. Hold on. Let me look at this with mod eyes on off stream. 2SV and 2J.

...46LP. Okay, I remember who this person is. I've seen them comment. And then to they look like an actual person at a glance. I don't think that's a sock puppet.

23:17Yeah, I think these users just have weird usernames as a theme rather than anything hinky is going on. It doesn't look like we've stumbled into a voting ring.

...39But I am puzzled by the validation failing.

24:02Is this?

...08So wait. So we take the username and we smash it down.

...23I think this is a bug that the username rejects doesn't include starting and ending tokens so it's so we have this person l dash p i think it is finding this neil underscore p is matching as well as this one because it's not actually regexing the whole thing. So let's, all right. Frici ah yeah it looks like so.
So I think this is just a, yeah. Okay. So it's turning up these other ones. This is a bug. This has just been bugged forever. Yeah, I only added this one, what, like three years ago, something like that? All right, so turn that.

25:57So Ruby does start an end of line a little different. And I want to just double check. Special characters, beginning of a string, end of a string, not just line. OK, so then this can become. Is it going to get escaped? Well, I can actually just run it and see.

26:33Yeah, let's see.

...50I've been writing JavaScript plus in Ruby, isn't it, for concatenation?

27:04mybackhurtss_h is there a way to hide tags without a lobsters account? I'm exhausted from all the vibecoding stuff
Okay, everything's fine now. Interesting little bug. pushcx https://lobste.rs/filters
Yeah, so my back hurts if you go to slash filters.

...25Actually, it actually has the help text here for it. Since you're not logged in, your filters will be stored in a long-lasting browser cookie. So you do have to do it once per device. or once per browser profile. But yes, you can filter that out right now. And I just recently, did I finish that code? God, it's been a second since I code. mybackhurtss_h oh my god thanks
Everything gets fuzzy for me.

...52I think I did. Yeah, actually. So my cursor is still on it. mybackhurtss_h my sanity will be somewhat saved again, yay!
Your tags will be filtered out even from if you read slash comments. So there you go.

28:08Yeah, there is a... About once a year, the site kind of picks a topic and beats it to death for six weeks. Five coding is maybe the biggest one of those we've done, but there's a lot of it. All right. So do I want to split out that one-liner fix? Why not, right? Because... So... D Lambs, you were asking about jujutsu. Well, now I have done two changes together, and we can see how to split them out. I want to say I just say split. It doesn't have the pager set, right? Come here. Pager. All right. So can I just say split out the one file? I don't want interactive, really. But I know I do want interactive because there's some changes in user. Yeah. So let's say JJ split dash I. And then in here, now I don't want all of these, expand this and just say that this change, and I don't actually know these keyboard shortcuts, confirm, confirm. Okay, so now I have two changes and one of them is the first and one is the second. So which one is which? JJ show LRM. Okay, so this is the one that got split out.

30:08rm-m, this becomes user fix validation of duplicate usernames.

...26How do I want to say this? Like not substring? Yeah. Jujitsu can't help me write smarter commit messages, unfortunately.

...43That seems fine. All right. So now there we go. I took my commit and I split it into two. And if we look at the log, you can see here's where master is. And then my thing is split out. That was pretty easy. And so if I look at this commit I'm on, here's all the key base work, which doesn't need anything else. The migration runs. Oh, and it automatically picks up the change to DB schema. So can I say, I always like to review those. Is it JJ diff? yeah okay so the only change that's correct the only change here is that we have a later migration version because that settings type store i think it serializes to json or yaml but it just it doesn't change the structure of the database because it's all just shoved in one column so cool so that's the end of that and i can say mybackhurtss_h JJ looks interesting but I've learned git decently well now and it would kind of hurt to feel unfamiliar with a VCS again lol
make a new commit and now i'm working on something else so let's set bookmark set master to my parent commit and i did git push origin git push dash b master yeah there is that little bit of oh hey fun warning there is that little bit of confusion where very common tasks like running diff it's a little annoying that i have to get the hang of those again this but the rest of this this workflow of like splitting out two commits And being able to, if I wanted, I could have started another commit and done something else and then come back later to split that username validation fix out. And it wouldn't have been any harder or more complicated. And I wouldn't have had to run rebase dash I, and I wouldn't have caught merge conflicts. mybackhurtss_h sounds like a hell lot of rebasin... oh
And even if I had, they would have been non-events that I could handle on my own time. I don't know. It just, it's nicer that way. I'm liking it a bunch. I'm still settling in, really, you know? Because after you've used a tool 100 times a day, 200 times a day, like Git, and then that's been what? 17 years? I want to say, like, no, longer. I want to say I started using it in 2007? Is Git that old? I know for sure I was using it in 2008. I don't know.

33:58Okay. 2005. So yeah, if I started in seven, I might even have started a little earlier. I'm thinking back by job. And I know in 2008, we were officially using Subversion, but me and the other developer were using the git svn gateway. Not Gateway, I don't remember what they called it. But you could use Git on top of a Subversion repository and collaborate with a Subversion repository, and it worked very nicely. So seeing Jujutsu do that to Git is very familiar. mybackhurtss_h I wonder how much chaos I would cause if I switch my work codebase to JJ and let my coworkers loose on it
Yeah, and I want to say it took me a year or two to really get into it because the docs were very rough at first. So I'm bumping Rack. The Dependabot vulnerability here is some kind of denial of service where if someone really crafts something... Yeah, so let's... Where am I now?

35:23Bump rack for... I'm going to assume we're affected by this. I'm just trying to grab the CVE ID off stream. There we go.

...41We can bump master up to this.

...48What a good boy you are. Cat is off stream looking for attention. He may come and join us because he's been settling on his favorite spot that the camera points at. But he's very excited right now and wants to run around and play. So the fact that I'm streaming is not very helpful for him. He is not a fan, in fact. All right. Let's get Push Master. And then... Deploy has not updated. Speaking of tools I'm replacing after years, I am not yet done. Oh, I don't need this puts. Dang it, and I pushed this, didn't I? Well, I would rather not do the equivalent of push dash F, but I will remove that.

37:01And I will probably at some point rename origin to GitHub. So the other interesting version control thing that's happening is, where is it?

...31pushcx https://lobste.rs/s/joubld/juju…
mybackhurtss_h yeah saw that and it looked interesting
There is a new, I guess, way of distributing Git and now Jujutsu repos called Tangled that under the hood uses the app protocol, which is the same thing that Blue Sky uses. This is really interesting to me. Because I've been griping about GitHub getting unreliable. There's both like the UI jank where pull requests, stuff jumps around and loses state. At least it hasn't lost my in progress comments. mybackhurtss_h githubs ai shenanigans.... ehhh that makes me not want to use it
But it's just been janky, flaky lately. It's been frustrating for months. On top of that, The overall pull request workflow is not great. mybackhurtss_h however stuck without a better alternative
Yeah, I know a lot of folks don't like Copilot and I've leaned on the add block button to block Copilot out of the UI because Jesus, shut the hell up. The thing that's interesting to me about mybackhurtss_h they even started forcing it in vscode ._. annoying stuff
Jujutsu and Tangled and Gitbug is they are all things that I can add and experiment with. Ah, I don't use VS code, so I don't know, but it's not surprising to me. Microsoft is, when they pick their strategic direction, they are not shy about making sure every employee knows that their performance review depends on pushing it. and if number don't go up well paycheck don't go up so when microsoft gets into we are promoting x you see a lot of that so tangled we can start using tangled to distribute the code base without having to give up on github it's not a cutover like changing to another forge would be and i linked it here. Yeah. But one of the things I mybackhurtss_h your terminal prompt now says "press tab to use copilot". new file placeholder... yeah that's a copilot ad
mybackhurtss_h ughhhh
mention was there's this tool called git bug that has bi-directional pull requests or bi-directional syncing for issues and prs which is nice oh that's a that's a lot of ads oh and i was saying that even with the minor jank pull requests are just kind of frustrating to use they have to switch back and forth between those two tabs of comments and the diffs and the whole workflow for comments being resolved and disappearing from view or if people edit a commit and push up a new one comments can kind of disappear in a way that's very frustrating so something like well calvin says it that stacked prs and then That other thing, actually, this article itself has the thing. It's funny. They call it diff soup. I keep calling ERB string soup. mybackhurtss_h I'd use vim at work too but windows is already unreliable and I don't want to test my luck too much
But they have kind of a stacked PR or an interdiff model. There was also that neat talk somebody linked me on how Jane Street does code review that was kind of promising. mybackhurtss_h stacked PRS look nice
Well, if you're able to install WSL, I understand that's pretty comfortable if you're familiar with Linux, but I don't know about it. Yeah. And stacked PR. mybackhurtss_h I am stuck in normal windows land :(
So we've had a bunch of contributions from Chamlus recently. I don't know if she's here in the chat, but her workflow has been to basically do stacked PRs on herself or that did they call it the diff updating interdiff model where she wants to create a very clean commit history in the pull requests but because that means she has to do push dash f the pull request that you view on GitHub.com is kind of incoherent because either comments disappear or comments refer to things that are not in the code anymore and cannot be seen in the pull request anymore. And so either you were there and you remember what the conversation was or it makes no sense. And out of a version control system, that's kind of the opposite of what you want. The idea is to put all the versioning stuff together so everybody understands what they're looking at. So anyways, yeah, I can't imagine how your coworkers would take to Jujutsu, but I'm taking to it quite a bit. It fixes a bunch of stuff in Git, and then that kind of ties in with there are all these alternatives for things that I keep getting bugged by. So we're getting there. mybackhurtss_h would be kind of funny to them waking up to everything being JJ though :mmlol:
All right, so there's Keybase removed, which let's go look at my that deployed, right? So I have my profile, my home page, and Keybase is gone. I think you would probably not be popular at work if you replaced the version control system without any warning. mybackhurtss_h kekw yep
That's one of those places where you really want to get buy-in from your team because it's such a high touch surface. All right. So as long as I'm messing around in history, I wanted to, and I think I'm going to do this through Git instead of Jujutsu because Jujutsu thinks about commits so differently. Yeah, all right. mybackhurtss_h lmao
Let's back up my repo first before I do something fun. So let's grab this and copy it to temp and call it, oh, 06, 05, lobsters, re, wiki, history, smash.

44:44And then I see you're chill. And if I run git status, you're also chill. You don't know I'm on master. That's fine. This is normal for Git and Jujutsu being co-located. So there is a way to have in Git, it's called like an independent root commit or like an independent branch. Something like this. Where is it? So we have... Let me explain what the heck I'm doing. We have a wiki. It is pretty badly out of date and of unclear importance. Like, if someone creates a page here, is that an official This Is Site policy? Is it not? Who knows? That ambiguity is not helpful. There have been more pages in the history of the wiki. None of that is visible because this is not a feature GitHub has put a lot of time and energy into. So what I would like to do is I know on Git that you can create a parallel history sort of. mybackhurtss_h yeah github wikis are... something
So you have your original history where like down here you might have your first commit and then say several building up. And you can branch that off and come back, right? Well, you can start from another root, basically, and then merge it in. And that is nice for combining the histories of two repos. And I have a checkout of the Lobster's Wiki. Create a git checkout dash dash orphan. chamlis_ really we're all just working with different partial checkouts from the great git repo in the sky
let's just i think that's what i want create a branch in it like state on a non-new repository yes this is what i want create a new orphan branch okay from start point what is this started from start point if it's orphan It doesn't have parents, right? Okay, so start point is optional, which is why it's not listed down in this part of the man page. Ah, hey Shameless, I was just talking about you and your PR editing style. You know, the more I work with type IDs, the more I feel like I have a window into a global namespace in the sky. Because when you have 128 bits for your IDs, you don't really worry too much about collisions. All right, so we want to say git checkout orphan wiki.

48:11I think I have to say dash B as well. I'll double check at the top. Just want to read the whole section in the man page before I do it. Clear the index and the working tree by running git rm dash rf. Oh, that's not scary or anything.

...39Hmm. Yeah, before I do this, I want to say, no, not move, bind.

49:07Oh, yeah.

...15This, well, if this actually exists, this is what I want. Let's see if this actually exists.

...43As this is very rare, no config variable to enable this by default exists and will not be added. Please stop submitting it. OK. All right. Let's trust the LLM. So let's say git remote add. at wiki, lobsters.wiki, git fetch wiki. Good. chamlis_ > please stop asking for male-to-male power cables, they don't exist and we won't make them
I would really like it to be, I guess as long as I can merge it Oh yeah, those signs for suicide cables? Yeah. I have even seen... I was in a hardware store. God, where was I? I was in Minnesota, and I went to a hardware store with my friend who lived there, and they had one of those signs up that said, we do not make extension cords with two male ends. and we cut them if you bring them in and then nailed to the sign or like stapled to the sign was one of those cords cut in half because and i i was chatting with my friend he was like oh yeah no i talked to the owner they will take a male male cable out of your hand and chop it in half in front of you and somebody complained and they were like here's 20 bucks buy yourself an extension cord that won't burn your house down but we won't let you leave the store holding it because Those things are just so damn dangerous. All right, so git merge wiki. chamlis_ lol the government funded buyback program
I'm not on master. Let's put myself on master here. Git merge. Yeah, that's not government funded. That's opinionated hardware store in a small town, which is its own kind of fun. culture now unrelated histories okay merge made by the ort strategy that's a new one one file changed now see what i want is git log can i see the git history here yes so this is all This is all Git history. This is what I don't want to lose. All right. Come on, Git, don't do me wrong. If I push this up.

52:49Okay. 173 objects. That sounds like it actually pushed up all of these commits. So now, Please don't let me have just messed up the production Git repo, because this is so tedious to try and fix these kinds of things. So if I say commit slash, not that clipboard, this random ID, OK, it is present in the repo. Look, you can even see it is this random commit I clicked on is my own, fixing a typo. And you can see another typo of mine. Jesus, come on, Peter, get it together. So now if we go out to the code and we look at the branches. Yeah, it's not an active branch. Merge remote tracking branch wiki. So this one, you put it in HomeMD. That's fine. Two parents. Okay. Okay, that got me the history I wanted. Okay. Little high stakes there. And you know, it's funny with Git, like, I say high stakes I don't have a lot of worry with get that i'm going to actually lose files I just worried that I am going to get the really tedious chore of digging stuff out of the ref log because I don't know, maybe. Every 18 months, not even once a year. Maybe every two years, I have had to dig something out of the ref log or. reconstruct history or branches, and it is such a painful slog. So now let's make this a little more usable. So we have the README.

55:20And then we have this HomeMD. Yeah. This is really, so this part is redundant with the readme and so is this. So I am actually just gonna take this and do that.

56:10Let's put these together.

...43then this these journal do hacker folks they used our ansible script and it has my email hard-coded as the bounce address and i at this point get something like 50 bounce emails a day out of their server because something is misconfigured i don't love them so now instead of doing that let's move home.md to What do we want to call it? It feels silly to do this all caps thing. So let's just move home to sister sites. And then this becomes, I don't think I've ever done a relative link in a GitHub readme. Can I just say sister-sites.md? It's not going to work, right?

58:13Oh, OK. All right.

...25All right, not bad. So where am I now?

59:06So that's up now. If we look at slash lobsters slash lobsters, we see the, yeah, GitHub. Yeah. You call that a link GitHub?

...40square brackets, round brackets, name of the file.

...50Is it that I don't have a slash? Or that I do have a space? I don't know which is breaking it. And the only way to know is to make another commit and push it.

01:00:18Did this?

...23OK, this did. I saw the old file name down here.

...42Where's the add that?

01:01:04OK, so hopefully.

...22so if we push that up services github am i supposed to be encoding this like can i preview here now you highlight it okay so if i say percent 20 that's weird because i'm not It's weird to do HTML percent encoding when I'm not actually in HTML.

01:02:09I really don't like that.

...20This is why we can't have nice things.

01:03:05Yeah, we're happy now. I can click the link even.

...18These don't need to be crossed out, but I'm really tired of editing this one file. Okay. All right, so that's... That's a bunch of tidying done. That's been hanging out for a minute, these two things. Oh, wiki.

...41I can go ahead and turn this off now, right? I don't know if settings is going to throw up API keys on stream. Nope, but I can turn off wikis. And I don't have to hit save, it just happens. Okay, so that is GitHub Wiki turned off and its history preserved and hopefully a little less chaos and confusion. Fingers crossed. All right, pull request review. Yeah, let's see where we're at. it's been about an hour i've been streaming so i will do my little bumper that this is lobster's office hours you can ask questions about the site or the code base anytime and then otherwise just look over my shoulder as i do this kind of maintenance all right chamlus was your was this ready to go the No, we talked about the, yeah, I left you a comment about the complex selector for the labels of checkboxes. And you had said also something about it, you considered it a draft. All right, well, is there anything there that you would like to talk about? If not, I can just leave it in your hands because it looks like you're making progress on it.

01:05:49You must be AFK. We can come back to that. Actually, let me throw it in chat.

01:06:01Can I? pushcx @chamlis_ When you're around, happy to talk through PR 1577 for css grid on tags and categories.
PR15.

...22Then otherwise we had, yeah. So these are all things that I have asked folks to contribute. So this is great. We're getting some contributions.

...49chamlis_ sorry, just got back. thanks for those suggestions! I've been ill this past week so haven't looked at it since then
No worries, Shameless. I mean, I missed Monday's stream for being under the weather, too. Take care of yourself. I just wanted to make sure that I made sense, and if there was anything I could answer while we were sitting here, I'd be happy to. All right, so, yep.

01:07:19This looks real good.

...30And then every day at midnight, sure.

01:08:33All right, so let's go ahead and say. Oh, man, can't type. All right, so we will say this. I think she just had one commit. Yeah, so we can go ahead and say rebase and merge. Go. And then there are two things to look at. Number one is we can check this off here. What was this? Let's grab this pull request number.

01:09:32So there's 1605. And then here we go. Let's edit this to check it off. And I can just say, done in 1605. Save. is great i really appreciate that i think she's vivian just says viv shaw hannah vivian shaw all right well hannah vivian shaw if you are here thank you for your contributions this is really nice to start marching through these all right so actually since she's done both of these Or maybe I did this second one, but I think I can just... Yeah, the whole... Can the whole daily job go? Because what's left? Rack attack. Why did I cross this off and leave it here?

01:10:52All right, we'll double check prod, but I think that's... defunct because it's been... So let's just go ahead and grab this.

01:11:43Thanks again. All right.

...51So if we have this.

...58Okay, so that's merged. It's just out of sync.

01:12:06Yeah, let's go look at prod. So what that job does is it looks in the temp directory for... I think they're under subdirectories. So the only reason I'm not just running ls is because all these files get named with... What is it? The IP that they're for. And I try not to put all that stuff up on screen. All right, so.

01:13:03Yeah, I think we're fine there.

...14It's thinking about it. So I just peeked in the HTTP temp cache directory, and there's nobody, obviously, that matches the name Rack. Well, actually, let me take, I knew they would start with Rack, so I can search a little faster. I think there's just a bunch of leftover directories because this doesn't attempt to clean up empty directories on prod. It only deletes the files out of them. So I'm running find. I'm going to show this because I don't think there's going to be anything visible here. I would already have turned up 10,000 of these. So this is all in the cache. This daily job can go. So let's... Let's jump over and clean that up. Easier to just make another terminal jump over here. So I have not started using jujitsu on the Ansible repo, because honestly, I just want to retire it in favor of hatch box. So.

01:14:41So this is an annoying thing about Ansible, is it claims it's declarative, and it looks like it's declarative. But if I delete this thing that copies up the script, it's just going to leave that file sitting there. which I guess is harmless. It's just tacky. But then crontab, it sort of compiles its own section of the production crontab file. So who are you running as? Lobsters. So if I look at this, yeah, it puts its own little comment marker around it. And when it reruns that job, it recreates its section. So I think this one is actually declarative, where if I delete it, it'll go away from prod.

01:16:08All right.

...44Of course, I've got to pull that down. And we have conflicts. Oh, I was just saying I hadn't moved jujitsu. All right. Well, this one at least is easy. We resolve the conflict by deleting the file.

01:17:10grayhatter_ do you use rerere?
All right, push that up. I do, yes. So at least I wouldn't have to deal with it with multiple commits. But yeah. grayhatter_ also, good morning :)
So let's go ahead and say deploy lobsters. Oh, and then off screen here, this find finished and it didn't find any files. So there's just a million leftover temp directories. And hello, greyhatter. So that's fine. That's all safe. Okay, so I'm going to watch this run and then I'm going to make sure that the cron job is gone from production because I don't need a bunch of emails from the production server complaining that it can't find the script or something like that.

01:18:04Although actually what I'd end up with is it's running the script. So I think it's going to leave that file there, but it is going to delete the cron job. We'll see. The fact that these other cron jobs are multiple steps makes me wonder. Yeah, okay, so the daily job went away. And then it left the file there. So let's go ahead and get rid of that. There's nothing in it that's not... So I'm usually very hesitant to delete files off of prod servers. But this one I know doesn't have anything left in it. Yeah, so because of the way Ansible works, it just abandoned that. I feel safe doing that because nothing should be running the cron job. Nothing should be running that script. There's no likelihood on... You know, even if something was and I needed to silence it, I would just recreate the script as an empty file because I don't need those things running. So, all right. There's a nice pull request down. Great.

01:19:36What was that? Oh, here we go. All right, let's get this queued up. Now something very nice is happening on stream. Let me just get this thing proper. There we go. And we can enable Supervisor Cam because the boss man just hopped up. Hello, sir. How are we doing up there? Oh, with your bright eyes. I need one of those ring lights because he's a black cat and then you can see his nice green eyes. Alrighty. So there's that merged. Let's look at the one that has a green build first. I'm going to stick this in the notes.

01:20:43Yeah, so this is another, hey, let's refactor and simplify things. It really surprises me that folks like to do these kinds of mechanical refactorings, but very glad to have the help because you know like i looked at each of them and i was like oh that's like a two second job but then i know that if i do them there's going to be some amount of extra tweaking that has to happen just some something okay oh and this person is adding basic specs which I really appreciate.

01:21:37Great.

...49Yeah, that looks great.

01:22:12chamlis_ would you accept a pr for a cat cam on the site?
let's pull that up onto is it just one oh yeah let's just go ahead and squash that cancel a cat cam on site oh yeah so on prod when the cat is up on the filing cabinet we'll turn this webcam on the webcam actually isn't fixed and i do actually use it when I'm talking to friends, so... I would have to get a second webcam just for the cat.

...51You know, there are a couple of little, like... silly, indulgent personal touches on the site, like... everything runs in Chicago time. chamlis_ he's watching you make your comments, they better be nice and good
I feel like CatCam would probably be a bridge too far, especially if it was like one of those really annoying news sites where they... You scroll down and they move their irritating autoplay video to the lower right corner. I hate those. I adblock those instantly. All right. This is great. This is totally not exciting, but... I really love this kind of refactoring, because this and the daily cron job is just making everything simpler on the site. These are cleaning up some of the couple of odd, strange, non-Railsy corners we have. And the more we can be just a generic Rails app, the easier the site is to maintain. So at this point, let's git pull, git fetch, and then where am I? Yeah, so I'm still where I was. We can abandon this. Oh, and then it immediately makes me a new one. So what I want is actually A new one that's on top of master. Do I just say R? OK. Yeah.

01:24:48Look at the log pager.

01:25:04Why does this show as a merge commit?

...15Oh, this is all the stuff that's off on the HatchBox branch, and I'm showing it. These things don't connect. But then why does this show as a merge?

...29I think I say like this. Yeah. Okay, it's not a merge commit. This one is. That's correct. All right, see, I'm still learning my way around Jujutsu. Supervisor, why didn't you help? You're my programmer. Oh, he's conked out. All right.

01:26:11getting it's sort of funny because the these two parallel tracks of master and the hatch box branch which is going to be down here somewhere after all the yeah the hatch box branch these two things are kind of racing to make the site easier to deploy and understand so like not having a daily cron job is one fewer thing you have to do in prod and then hatchbox is a whole lot of god what if we didn't have to deal with ansible at all it's getting there oh and i did just get i saw an email response from them come in and i haven't had a chance to read it so put it on my little to-do list I, yeah, I have had a lot of questions of, Hey, here's a weird ass thing we want to do with our hosting. And they're like, don't do weird ass things politely, but there's a couple we do like run our own mail server. So where was I now? All right. Oh, I was going to look at the progress on the story repo. That's what I was curious about.

01:27:46We're getting there. One, two, three, four, five, six. Only seven left.

...59So anything else in the PRs? Yes, there was this one that didn't get a green build.

01:28:09I don't think I broke master, so this one might not be me.

...29Okay, so he's added a test and then it's failing because the bug still exists, okay. All right, that's a totally reasonable basic test.

01:29:16I think that's the first time someone has just added a test for a bug without trying to fix the bug.

...31Let's say.

01:30:03What's up here? Oh, Chemless. I thought of you when I saw this in my email this morning. Some of the comments have lost their margin. Oh, and the line is wrong. That one's on me. Hmm. I wondered if this was going to be like really long words, but no. That's odd.

01:31:15Let's take a look. So that was... No, it's on the other . That's fine. What is it, F12? There we go, mobile. So I even see it on Firefox with whatever my font size and everything is. Okay, well, easy enough to reproduce.

01:32:03chamlis_ I found bisecting very helpful for the vote count width issue
And I'm guessing, Chanlist, that either you are solving it right now or you're not present, but either way you haven't said anything, which is why I'm looking at it.

...16Is that one still open? I thought you fixed the vote count, right? Yeah. Yeah. And this one. I was pretty sure it was just. Yes, the inside is supposed to have a margin. But things are hanging out of it.

...57chamlis_ yeah, I'm suggesting it might work here? I marked good as before the grid PR first got merged, to find the diff that showed how things used to work
Oh. Well, I mean, having a negative margin. That would do it. OK, so if we just change you to 0. Yeah, there's this one that's wide. That's fine. NoGoodNick_ morning
NoGoodNick_ !cam
And then otherwise, do you touch the left side correctly? You got way out of, all right. NoGoodNick_ what is that cam or image or
Hey, no good, Nick. I don't know what bang cam means. We don't have a bot in the channel. NoGoodNick_ the video overlay
So if this was 0, 0, 0, minus 0.5 M, that would get us what we wanted.

01:34:02That is... That is the supervisor camera. NoGoodNick_ ohhh I thought it was a pair of shoes
The black lump in the middle is the cat. And when he chills up on his filing cabinet, he gets to be on camera. Pair of shoes. Frici please do not step on the cat LUL
Oh, see, I really do have to get a ring light for the cat. This is ridiculous. Nobody can tell he's a cat after he shuts his eyes. The hassles of having a void cat. chamlis_ what are the cards? on the wall behind
You know, I actually... Pair of shoes. I gave a talk ages ago. Where was it?

...56It was the Liskov talk. I wonder how fast I could find it. Let's make sure that's muted. So I gave this talk about whether one object could be substituted for another as being the heart of what we were getting at with the Liskov substitution principle. And in here,

01:35:27I said, I thought it was here in the beginning. Oh, well, there's the one cat. There was another photo of her in here, because I try and put a cat photo in every talk I give. Maybe I put it in another one. I thought it was in this one where I had a photo of her. She used to sit in the boot tray. and pose like she was a boot. And so in one of these talks, I asked, you know, if she's in the same place and the same shape, is my cat a boot? What does it mean? Maybe I was talking about identity. Oh, you know, Chamos, I've been waiting for someone to notice them.

01:36:19actually wondered that nobody spotted them the first time i turned on cat cam maybe they weren't hanging the first time but they've been hanging for months the can i make cat cam bigger yeah there we go all right because you asked here we're gonna go to big cat cam let's see if anybody can figure out what they are I'll give you a second while I go find that CSS.

...59This feels like your kind of puzzle to find what's that weird deep reference. Ah, see, you can see it shaking now when it's big because it's not on its own tripod or anything. It's on the top of the monitor. All right, where's... That was in comments.

01:37:44grayhatter_ pokemon card badges I don't recognize, it's also looks like original mtg cards, but I don't see detail to claim that
grayhatter_ resolution is too low
Oh, yeah. No, it's not. It is indeed not magic or I'm sorry, not Pokemon cards. It is, well, let's, let's finish this CSS before I lose my train of thought. So it's all comments inside zero, zero, zero, zero. There we go.

01:38:27What was the ID? 16oic.

...39Bookmark, and then push.

...48And then CAD CAM can go small again there. Yeah, let's go ahead and get that fixed deploying.

01:39:04Thanks for this bug report with screenshots. Made it really easy to . And let's label this one, even if it's after the fact. So Chandler, the last train of thought there is I didn't go the bisect route, because I know we have had a significant amount of churn. And I figured it was going to be a one-liner kind of fix. So I don't actually care where it was introduced. I just care about getting it back to normal. I think your strategy would have worked, but yeah. So do I have...

...53So if I grab the camera and I move it closer, You'll never be able to see what's going on for the shakiness of my hand and then the zoom stuff. So how do I browse these photos? chamlis_ they almost feel like catan resources
Cause I must have, I must have a photo here on my desktop of the little frame, right?

01:40:42You know, it's been long enough. When did I get these? December? November? I'm scrolling back in my personal images off stream and I don't know how long it's been since I got that in the frame.

01:41:06There we go.

...17All right, there's a good photo. Let's turn off the sidebar and then I can pull that on stream. So here's a good photo of it. That's what's hanging up behind the cap.

...54NoGoodNick_ ooh
grayhatter_ I KNEW I SAW A LOTUS
grayhatter_ is it real?
NoGoodNick_ those look like IRL Hearthstone cards!
Oh, well, good eye there, Grey Hatter. It is a real card that I bought for $2. grayhatter_ lol
grayhatter_ <3
It is a reprint. grayhatter_ good for you
It is fake as shit. I do not actually have the Power 6 hanging on the wall behind my desk. That would be like hanging a Lamborghini behind my desk. You know, it's funny. There was not here... at our last apartment which was so there's a rick chicago two flat i used to live in a yeah so like the vernacular chicago two flat looks like this where it has a bay window and it's brick and the door is on the one side and then everything is This is just a quirk of Chicago zoning code that the first floor is up about half a flight, right? So you see, you're kind of seeing variations on the same building over and over, right? And when I got these cards and we lived in a two flat, I realized that if the cards were real, they would be worth more than the two flat that they were sitting in. They're obviously, they're not real, but... I want to say nowadays power six auction. I can't spell.

01:43:35Yeah, I don't know what that is. If they were real, they would be north of a half a million dollars. chamlis_ ahh they're magic cards, not my field. the wiki has "the power nine" listed which I guess is the same thing?
chamlis_ I'd keep them away from windows in case any passersby were fooled in that case
are definitely not now i don't think anybody actually auctions them off as a set anymore but if you were like yeah so this is a year old and one sold for three million i think this one i think i heard about this one it was like yeah so

01:44:13grayhatter_ it's good art, for good lore
thought this one was like a misprint or something so the the power nine was the nine best cards the power six were good enough to put into every deck the power nine were they added three more and i didn't have any special emotional connection to those three i just thought the six were neat yeah I was young when Magic came out, so I played a bunch of it. I knew one guy who had the Mox Emerald, the green one. Oh, we were so jealous. It was like a card that was worth $50. Or maybe it was like $150? Yeah, he had it sleeved, but he played with it. Because, right? You're going to win if you got that. NoGoodNick_ pay 2 win
Nowadays, it's funny, because it's like, oh yeah, if that card was in... mint condition, it's worth, you know, a luxury car worth of dollars.

01:45:28This is an interesting feature request. Let's grab this link for the scratch file here.

...39I didn't grab the story margin.

...58This is an interesting one. So I understand why silby would want to filter things out so i'm guessing and it is probably you know given that it was the the hot topic of the day already once it's probably vibe coding or the ai tag that they want to filter out because i've had to delete comments out of the vibe coding one people there is a frustrating thing where when people feel morally righteous they feel entitled to violate norms, which is a very highfalutin way of saying, if people think that someone is breaking the rules a lot, they feel entitled to break the rules a little. grayhatter_ I'm not sure I disagree
And so if they think that someone is doing something bad or inappropriate by using LLM coding tools, Well, it's okay to call them a shitbag. It's not. That's still breaking the rules. And, you know, the big version of this is vigilantism, right? It's, oh, I saw you breaking the law, therefore I can beat you up.

01:47:29grayhatter_ I disagree with their assessment, but not applicability of the heuristic
So, stories that are in the vibe coding tag that a bunch of people... are pretty strongly opposed to the idea of these tools. People seem to be a lot more comfortable posting insults there. And I delete them.

01:49:53I don't want to say they necessarily would,

01:50:20So I've written that... I just really don't like putting a filter... You know, if it's a filter... We have a bunch of filters up here.

...58I guess if there was a checkbox for apply my tag filters, that would be okay. That would get Sylvie what they want.

01:51:20And then there would be something visible on screen It's making this UI fairly complicated.

01:52:31Well, I don't know about auth by default. Let me think about that one.

...58Try and avoid pronouns in copy. So I'm not sure whether to write your or my tag filters. We'll just say tag filters. Or maybe the other ones are nouns, right? Yeah, they're nouns.

01:53:28grayhatter_ current user's tag filter
grayhatter_ or just current tag filter
And the third person, that's also its own kind of indirection. I think I'll just write to avoid the pronoun entirely and call it good.

01:54:28Oh, no good, Nick. Can you see his pink tongue as he's grooming himself? Yeah, he's got a just, you know, an incredibly busy day. Exhausting. It should not be, should not filter by default.

01:55:56so let's add that as a feature request i'm not checking good first issue because it's not that it's not straightforward code it's that it touches important site infrastructure you know as long as we're here actually chamlus you had the you issue the feature request you filed about the mod log right yeah to link to moderator profiles that's been hanging out a couple of weeks and i said let's just think about it and see if anybody wanted to pipe in and nobody's said anything and i think you're right that chamlis_ failing that, you could link to the profile for logged out users? the current link is useless to them
think you're right that it would be better to link to the profile so i've been chewing on this in the background the last couple of weeks and i reviewed my direct messages and people are as far as i can tell so i didn't okay not as far as i can tell as far as i cared to tell i didn't go pull it out of the http logs but I don't get direct messages about mod actions that are not from the person whose comment was moderated. The kind of like, hey, you made this decision, can you explain it some more to me? Or hey, I think you made the wrong decision. I get those messages, but so infrequently that I don't think they're coming through this interface And I don't think it's a big inconvenience to them to have a second click of, like, click the username and then click the message button. So I think it's fine. Yeah, Chamlus, that's a good point. So anyways, I'm actually just saying, having thought about it for a while. Oh, you just commented last week. Yeah.

01:58:38chamlis_ oh I wrote that in a comment, it's been a blur
So this is a one-liner change. I'm just going to hack this out now.

01:59:53Why does it have to try? I don't understand this code. So if there's a moderator, there might not be a username. No, all users should have usernames. What are we seeing here?

02:00:15Let's try to test this.

...48That's just a bad edit. And the code is incoherent. Oh, it's all the... Yeah, so it's pulling... Here, let's join.

02:01:08Let's see, but if I do a... No, if I do includes, it should do a second query rather than a left join. So that shouldn't... Yeah, so it's not masking... Yeah, this is just dead code. There's no way you can have a moderator and they can't have a username. I think this is going to be years old from when I did. Maybe this isn't my code at all. All right. So we can say.

...53We actually don't need the styled user link. I was reaching for it, but we know that moderators are not going to be story authors, not going to be comment authors. Yeah, we can just link to them. So let's link to mod moderator comma mod to the user path form. Moderator, this needs to be username. Okay. That looks fine.

02:03:02do i just have i been closing these terminals or is something resetting my pager i don't know all right

...35Alrighty. chamlis_ thanks!
So Chambliss, there's your feature request implemented. Thanks for suggesting that.

...53That's nice to have. Yeah, I think a lot of user interface design is these tiny little polishes. never get these things right on the first try you just polish a thousand times and i'm very conservative about things that touch the mod log i like to think about them a lot and reflect on them and make sure i'm not missing anything obvious because i've talked on stream about how nobody likes upheaval in their ui because the mod log is so sensitive and important i try and be doubly careful about that and really minimize churn in the mod log and related features because this is just a way things a way people work is if the UI looks different well then it's a change and it's a change that happened without my permission and what else changed And even if it looks like it's just a UI change, did the functionality change? Are they still taking it seriously? Have the policies changed? grayhatter_ lol, that's sounds a lot like a blog post I wrote :D
And I think it is 100% normal to have those kinds of questions. So I want to minimize those. I don't want people to worry unnecessarily. I want the mod log to be a thing that people trust and feel very comfortable with and feel like they can fully explain what they're seeing there and understand what they're seeing there because it explains so much of the rest of the site and the site culture and the mods commitments to transparency and public history so yeah so that's why this one-liner fix that took me what five minutes even though i was double checking stuff in the data why i wanted to sit on that for a week or two all right all right so nothing new here that's all of the issues where are we at here oh someone has commented in the last five minutes

02:06:31Oh, that's interesting. So Sylvie says they would expect the entry to display differently. Comment by Foo on a hidden story with no link, but keep the action and reason. That's.

...56Hmm. Yeah, that's that's very different.

02:07:07Gray Hatter, do you have a link to the blog post you wrote? I'm curious what you wrote. Because I haven't seen other people talk about UI instability and the way I think about it. A lot of this comes from Steve Krug's book, Don't Make Me Think, but it's not something he explicitly says.

...59What's the...

02:09:33grayhatter_ https://gr.ht/2025/04/12/consen… I care about the whole post, (obviously 😅 ) but the Catalyst section is the part I wasn't sure was as universal as I felt it was until you mentioned it
gsora_ passing by to say hi today
gsora_ hi cat cam as well!
Oh, I guess sir is done. I don't know if you can hear him, but he's making his old man Marge Simpson noise. Must be wandering off to get a drink of water.

02:10:45Was that 1605? 1605? Nope. 6432. What was it? I just saw it, didn't I? 1572.

02:11:36Cool just explaining why i'm going to be kind of slow and deliberate so great header let's take a look at your post. yeah. I think this is a really hot topic, especially as. People get closer and closer to Oh, hey, geez, sorry. I didn't realize I just saw the G and I assumed it was greyhatter saying hi to the cat cam. Always distracted when streaming. Yeah. So I've been thinking a lot about this because just in my lifetime software has become incredibly intimate in that it is on the device that's in your pocket and mediates your most close personal relationships. It's an incredible access to the core of people's identities and relationships. And unfortunately, a lot of the people who make software that does things like instant messaging or like health tracking do not understand consent. or actively subvert it. Like, what was the story that just came up in the last day or two? Just last day, where would it go? Facebook. grayhatter_ I've found myself writing about consent way too many times
Yeah, so Facebook has a, they found a technical way, there it is, a technical way to subvert anti-ad tracking stuff. Yeah, I knew there was a good explanation of it here. That's why I came over to HN because I saw this the other day. So if someone visits a website while logged into one of Meta's apps, it opens up a little port that it can use to re-identify their sessions, even in private browsing. because the, like, browse your local network permission is apparently not restrictive enough out of the box on Android. And that's, it's just really ugly. I don't think they've yet made a public statement about it, but I did know, what was it? grayhatter_ lol, I used to work on a security team at [redacted], and we blocked this exact feature... I resigned, but [redacted]
pushcx https://news.ycombinator.com/it…
just like in the last day or two since they posted this yeah someone else has it i didn't hit enter on that link they silently and without announcement right this hasn't had an update yet met a spokesperson did not respond to request to elaborate on the company's discussions with google oh yeah oh no they did actually make a statement what a forthright and honest statement, right? We are in discussions to address a potential miscommunication regarding the application of their policies. You know, if Google wasn't in the ad business, they would whack Facebook with a stick for this, but they won't. That's me being a little cynical.

02:15:37I've seen a lot of versions of this poll and I think, oh man, I laughed a lot at this, but not in a happy way because it is an excellent example of Microsoft's approach to promoting things.

02:16:04You know, the security one is interesting because or the system update one, I should be clear, because it's not necessarily security. But unpatched systems, there's an externality there. where it's not just, so I think it is totally normal that a user would want to put off an update because they don't know what changed and maybe it will break things. And in any case, they don't have a half an hour for it to run. But then also if it is a security update, their device being insecure is not just potentially very harmful to them, but also to other people who are on their network or running websites. So I don't know. grayhatter_ you don't have to use dark patterns to get people to update
And honestly, yeah, I think I disagree with you. So you say you don't have to use dark patterns to get people to update or, and I'm disagreeing in a very mild form about universality where there are people who would keep hitting, you know, so the combination of these two things next to each other is if there was a don't install updates, there is some percentage of your users that would choose it, right? grayhatter_ every day (or every hour?) the system is out of date, just decrease the contrast of the system by XX%, eventually, the system is completely grayscale, and users will do it just to get color back
And if you are looking for the inverse of the Microsoft pattern of remind me in three days, where there's no no, if there is a permanent no to a system update, yeah, you are opening the door for people to never do that. Yeah. Yeah, and I wouldn't be comfortable with that kind of really abusive way of forcing someone into it. There's a lot of things to trade off here of does the user have informed consent? Or does the user give informed consent? And can they be well-informed about the complexities of, security in network devices yeah this is this is really This is badly written, this FAQ. grayhatter_ to reuse medical learnings... I disagree with compulsory immunization. I fully support community exclusion for unimmunized humans
This sort of mildly, I mean, it just comes off as oily and smarmy because you know what they're trying to do is avoid saying no. They just don't want to say, no, we're not going to give you the option to go back to the original mobile app layout. And they're saying it in this very roundabout, we're here for your feelings kind of way. And, like, the idea that I would want Discord involved in my feelings is objectionable. Yeah.

02:20:16i don't so greyhatter i don't see a connection here between grayhatter_ the connection comes next
Anubis having a bug and people changing UI? grayhatter_ it's also not a bug, I disabled js
I get why you're annoyed by both of them. Okay, connection comes next.

02:21:24This is to catch them ignoring or abusing robots.txt. This is the big players, the big famous companies don't ignore robots.txt. grayhatter_ yeah, that's what I'm saying... many bots do
The other ones do, and grayhatter_ but the big players catch the blame
It is hard to attribute any individual one of them to an individual player to say, oh, this bot that tries to hide who it is is so-and-so. gtfrvz mcaT
And then the other part is there are services like Brave that ignore robots.txt. They especially are dishonest about it. And then they sell their scraping to LLM trainers. grayhatter_ yeah, that's why hetzner is banned from my servers
And so it's like they know exactly what you don't want as someone who runs a site and they are ignoring your expressed preference. Or your expressed more than preference, really. Consent is the word. Or withholding of consent. grayhatter_ it's consent, they're intentionally violating consent
Yeah, we've talked about how you like to ban ASNs.

02:22:58Thank you.

02:23:29So it is totally off topic of your article, but we have a pushcx https://github.com/lobsters/lob…
grayhatter_ I'll take a look
If you're familiar with these kinds of security controls, there are some open questions around invalidating sessions and recovery tokens here that I would really love to have someone with expertise weigh in on. grayhatter_ <3
And then all that said, yeah, I think you got some pretty good points about consent here. Another thing that might be a useful extension for this is grayhatter_ at the bottom, I link to my previous article about consent, (which is much shorter)
kind of build on your point is we have the idea of oh I'm blanking on the term because I'm talking out loud we have the idea of conflicts of interest so I think a big chunk of what's happening with these consents is understood as conflict of interest where the software maker doesn't want to get the user's consent because they benefit from one of the answers the users could choose, right? Like the Microsoft thing. Microsoft believes that they will benefit if they force co-pilot on you, or if they force their news headlines things into the start menu, or I don't know, one of their other hundred ads that they shove into the desktop. I can't believe people use that thing for anything but playing games at this point, but... Because Microsoft has these two roles where they are a business that benefits from one of the decisions you could make and they are in control of the UI for making the decision, they force you into... chamlis_ tangential: were two letter .ht domains cheap at some point? sourcehut, linkhut, now grayhatter...
grayhatter_ lol
a different decision than you might make if you had informed consent and more autonomy like a free hand right that's where you see things like you can't remove onedrive i want to say which is their paid subscription service that they really want to promote and so they've made it grayhatter_ they don't want you to make a decision because you wouldn't make the decision they wanted
grayhatter_ holy shit, I'll never get over how dystopian that is
Frici the poweruser way and the policies only work for a while then they bring it back iirc
nearly impossible to uninstall at least for regular users i am sure there's a power user way or a what's their enterprise desktop product where you can actually uninstall stuff i don't remember what that's called anymore i'm sure that can but regular users basically cannot the regular ui for uninstalling programs like onedrive is gone right so yeah So Gray Hatter, this also comes up to build back on your point. You draw a connection to medicine. Frici ALTHOUGH, they now allow you to remove edge completely in europe so maybe they will do the same for onedrive.
One of the reasons that informed consent is so important in medicine is the doctors typically gets paid if they do a procedure and they don't get paid if they don't do a procedure. And so the dentist who tells you you need a root canal that you don't actually need grayhatter_ my earlier article is literally titled "informed consent"
Frici mind you that is not consent that is microsoft being forced by someone else the same way they force you.
Is falling prey to the conflict of interest that you know they want the big screen TV or they want the money for something you know, so I don't know. yeah it's harder it's harder when there's these externalities like system updates and security updates. hmm.

02:27:56Yeah, Fritji, I think that's going to be one of those where it's probably going to be region locked to the EU. I don't know.

02:28:20Where was it? Frici it likely will be, no law will force them to do that in the us (maybe california?)
Ah, it's not worth taking up. All right, so that's... That's everything there. All right, we got about 30 minutes left on my usual schedule for office hours. And I'm not sure where I would immediately spend 30 minutes. So now is a great time to ask questions about the site if anybody wants. Or I can keep rambling about the industry. chamlis_ oh nice, keybase removed
Oh, I haven't even said anything funny for a title.

02:29:07Yeah, Chamlus, I pulled it out at the beginning of stream. It was pretty straightforward. I spent a couple extra minutes on it, making sure the code would work, and then rotating some tokens of mine that I accidentally showed on screen. But very easy code. gtfrvz question: how the vtuber-avatar coming along
All right, so... VTuber avatar. Yeah, I have no plans to make a VTube avatar, especially when I have this big wide box who wants to hang out on screen again. I think it's... grayhatter_ do you want security comments on the PR, or here?
So there's a kind of chintzy window near-ish, and I think he doesn't like going up there in the winter it's a little bit drafty because he's like, what, four feet off the floor, four and a half. A gray header, I would much prefer that they come on the pull request. So streaming knocks like 25 to a quarter to a third of my ability to actually code and make smart decisions. I make so many more typos and oversights and silly errors when I'm streaming. that I especially don't want to do security kind of design. And then I don't remember everything I said and that Hunter said in there. grayhatter_ lol, the very last comment starts to address my questions
So I would appreciate your comments there. And it would be especially great if you have, I think the big thing we were missing was any kind of best practices discussion of, has someone written up like, These are the ways you should handle not just sessions like in your example, but password reset tokens of you should generate this many and they should be used like this and they should be annotated like that. I don't know. grayhatter_ my friend is literally working on that right now
It feels like someone must have written up a best practices doc, but I've never seen it. That would be wonderful if you had that to share. Oh, great. Well, hey. grayhatter_ I'll mention it to them, and probably try to write that today :D
Get your friend to finish that up and get them to come into the PR. We'll get everybody to whitewash the fence. And then we can also submit your friend's article to Lobsters. That would be wonderful. Please. That would be really lucky timing. I am glad I made the connection between your post. Because I would like to have a lot of confidence in our security controls and not YOLO them, right? All right. So I was going to look at Hatchbox.

02:32:16There's a way to... That's over in the other, isn't it?

...29Yeah, there we go. So I can say JJ log, give me all the heads. So these are the branch heads. All right, that's not what I wanted. What was this one? grayhatter_ bah, I really need to write my essay on MFA
I have a terminal off screen because of course I've done a lot more. There we go.

02:33:08Yes, I would love an essay on MFA. Alright, so...

...30grayhatter_ what's the pink text?
So I can remove this bookmark.

...50grayhatter_ I've never seen what... looks like a hash?
Is it delete? Delete. What's the pink text? ah so in jujitsu so they're pretty vague right now on whether it's called a commit or a change or a revision it's pre 1.0 software that's normal so this id on the left is called the change id and that is stable If I edit the commit or the change, this one on the right changes. So this on the right is a hash based on the contents of the tree exactly like git. And when you're working with git, this one on the right is the git commit hash. grayhatter_ ah, the right is the git hash, and the left is the state hash
So if you looked at slash commits on the lobsters repo, you would see these IDs. grayhatter_ is it for the diff, or is it for the final state? i.e. what happens in a revert?
the left these stable change ids yeah the left one is the stable id so even if i revised this commit this stays the same on the left and a clever thing that jujutsu does is i don't need to grab seven or eight characters of this grayhatter_ that's nice
It looks in the history and it knows that ZM is the unique prefix or ETL is the unique prefix. So like they are different lengths because we must have an ET something else. grayhatter_ I'm gonna copy that for srctree
So it's yeah, it's like a nice little UI touch. Jujutsu is full of these kind of clever little touches. so in a revert there's two kinds of revert there's the like i back up and throw the commit away then it would just go away and i'd get a new id but if i write a commit that is reversing or reverting a previous commit i would get a new id all right so

02:36:23How's my to-do look for Hatchbox? So this thing, ready to get this done and get prod moved over. pushcx https://hatchbox.io/
All right, so there's the thing that I'm waiting on Hatchbox from. So for anybody who doesn't have the context on this, we currently use and have for the last, call it like eight years, we've used Ansible for deploying and provisioning. And I have not been good at Ansible for any amount of that time. But I've been the primary maintainer of our Ansible script for the last like five years. It's hanging in there and it's still mostly working. But I mean, even earlier on this office hour stream, I was saying I don't have a lot of confidence in it. And I don't think it's going to do the right thing in a lot of places. Hatchbox would be a Pretty close to one-to-one replacement for that Ansible script, except I pay these two guys $10 a month to actually keep it working. Because, yeah, so you spin up a server somewhere, a VPS, and then their script does all of the setup and all the install and all the deployment stuff. And it is $10 a month for just works, is the idea. I am ready for that, so this is my to do list of stuff to move over yeah so that also needs to be that. We can look at puma so. I did do this research nate burka peck suggested that there should be. One process per processor.

02:38:23And then, which we can get to this way. And then enough threads to saturate the box, which is something we'll have to tune. So I will have to tune config UMA thread based on broad usage. And then Where did I do this? I did it over in Hotcake. Right.

02:39:05Yeah, so I can say if there isn't an explicit Puma workers set startup at C and processors. So there's that. And we do have solid queue on the box. We use it so lightly, I'm not too worried about, like, should we dedicate a processor to the solid queue worker? Well, it's only busy milliseconds every minute. Yeah, not worried about that.

...54And then yeah, Hatchbox doesn't actually set that environment So I'm SSH-ing to it. I'm running env. Yeah, there is no Puma anything set. So we will use end processors. So let's describe that change.

02:40:30Make a new commit. This one also wants root because I have to install packages. There's a couple of packages that are not installed on prod and it's killing me. Postfix also needs root. Cron job. Cron job does not. So this is something that's going to happen in changeover.

02:41:01here actually i'm getting really close if i can get this root thing working i could get this closed out today that would be nice so hunter who is GhostUser1984 here on Twitch or 355E3B on the site, which is easy to remember because it's Hunter Green. Haha. Has done a lot of this setup with me because he actually knows more about DevOps stuff than me. And I highlight him because otherwise people are like, what do the other mods do? We don't see them so much in the mod log. There is a ton of stuff. It's just happening off screen. Try and highlight it when I can. All right, so where were we at with cron? We were just looking at, so I've knocked out the daily cron job. And then there was this every five minute thing. And there was a, you were just looking at it. There was the other thing in lobsters Ansible, right?

02:42:26Right, I'm in the, I made another terminal for it. Let's just do that again. Right, the page expiration job.

...53Which I don't think I remembered to list that. Nope. Let's list it.

02:43:34But this could... it's just a find command, isn't it? I would like to get everything... I don't know that I said it.

...55It's about... That cron jobs are a redundant way to schedule things. And the way of creating stuff in recurring.yaml is much cleaner. I want to say, actually, that expire page cache is just a, it's not Ruby. Yeah, it's a find.

02:44:23Why is this? Why is this line duplicated? I don't understand that.

02:45:06grayhatter_ I need help with reading ruby
There was a second one and I deleted it. Yeah, this first one actually should have just gone away. Yeah, because that's dead code. All right. Is there a specific line that you want to talk about? grayhatter_ ` return false unless totp_recovery_codes.include?(code)`
Or do you want a pointer to a book or something?

02:46:18grayhatter_ this is "if recovery_code contains (code)"
And since, so, we saw that Hannah is slowly working through this list, but I would love to cut over to hatch box earlier. So I guess I will have to implement the cron. That's fine. grayhatter_ last change in the PR
Turn false unless is this in the pull request or in the, like login controller.

...49Yeah, so it's, last change in the PR.

02:47:01Yeah, so if we were to, you're seeing, GitHub, did you lose my spot?

...12You are seeing the equivalent of, in another language we would write,

...26if not to tp recovery codes include code return false like that part so that's what's going on with the trailing if this include is saying like if array includes this string so it's saying if the code is one of the elements of this array does that answer Any questions about this, Ruby? grayhatter_ that's exactly what I thought, I have a single comment
Because I'm not sure which part is tripping you up. It's just a guard clause. Cool. I appreciate you taking the time to dig in on that PR. It's great to have someone with experience on it. Well, more than me, which is pretty low bar. All right. So this, yes, I will have to create cron jobs, which what are the odds? Yeah. If I pull up the hatch box UI on stream here, it is very chill about showing me environment variables and Other codes and so I know i'm just going to end up leaking stuff that I don't want to leak and I don't want to roll because I haven't even set the dang box up. So let's pull up. That you are off stream and see how it is.

02:49:13that's right so that's fine all right light mode warning. So this. Spire page cache. This runs...

...32I can just take this right from Ansible. I don't have to figure it out. It's the other terminal.

...49Come here. Oh my god, you really don't like that. That is some weird ass. All right, very small font. So this is just every minute run can't read the fucking help text. Cause it's so small inside the current deploy. Okay. So inside the current deploy, it's just script. expire page cache but then expire page cache is going to have to update for the new path and it okay i already did update that part that's when i put in the duplication so there's that what pages is going to take me to when i land on it Okay, just the list of cron jobs, nothing naughty here. So then we can add another one that is called maintenance jobs. I'll just call it lobsters.

02:51:16This one runs every five. Can I just come here?

...33OK. So this one will be bundle exec script bobsters cron.

...52The file isn't there because it's off in the Ansible repo, isn't it? No. I'm just in the wrong directory. Cron. It's here, it's just templated in. Yeah, so this is one of those things where code is kind of split up between the Ansible and the main repo in a funny way. All right, so we will go ahead and say Well, let's just run these, right? Yeah. Oh, I don't want to enable them in prod though, do I? So this box is set up. Yeah. So I can't actually turn these. If I put these in, they are going to start running in prod and like double posting to Mastodon.

02:53:08all right so they're not getting okay so i wondered if they would actually be in a cron daemon or if they'd be off in some system ctl service file it's probably the latter which makes sense cron is pretty long on the tooth and a little tricky to integrate into logging and things I guess I'm wondering, can I just put in, can I put that in and it won't actually run? I think that's safe.

02:54:12and you don't see what's the what's the systemd way to okay these are all out of date actually does anybody know the systemd way to say list me all timer jobs off the top of your head

...50gtfrvz systemctl list-timers
grayhatter_ I hate systemd's opinions so I go list-units | grep timer
List timers, OK. System, whoa, a lot of lag.

02:55:17None of these look like my cron job. Make that bigger. Why are all my terminals in a funny state?

...35And none of these are that cron job. So it claims it's created a cron job, but I don't see it in cron. Or the timers? I'm a little suspicious.

02:56:01You know, and there's nothing generic here that's like, I'm the Hatchbox Cron timer. Yeah, so Cron root doesn't have anything. And then... You don't have anything either. All right, so I'm just going to... Trust you, Hatchbox. I'm so low on trust for Opsy kind of things.

...35Ah, okay. So it's not... It created one named after the app. All right.

...46And I think... I don't want to do that as root. But that's fine. I got the comment I wanted. That'll get me like a syntax error maybe, which maybe my inbox is filling up right now. So there's cron jobs. And then when this is cut over,

02:57:26This is later slash never.

...41In the list.

...49And then.

02:58:05That's, that's basically everything. Right. So this, this is the first step of changeover. Cool. So I will go check my email off screen for hatchbox support and try and get this hacked out and then maybe we will deploy hatchbox this weekend because i try and do deploy kind of things on the weekends when traffic is much lower traffic on a saturday or sunday is like half of a monday so cool so that's been about three hours of streaming lobsters office hours if you have any last questions you can throw them in under the wire otherwise Thanks for hanging out and asking questions and contributing. It's been good for the site. I really do appreciate that so many folks drop in and have contributed code or ideas or criticisms on the feature requests or the security controls. Hint, hint. Yeah. Oh, we can wave goodbye to the sir. grayhatter_ left a comment
Goodbye, sir. All right. grayhatter_ cheers dude
So this has been Lobster's Office Hours. grayhatter_ hope your day is a good one :)
The next scheduled one is Monday, and I don't think there was... There's one of these days I have something on my calendar, but it's not Monday. Cool. So I expect I will be back on Monday, as usual, 2 p.m. Chicago time. Oh, thanks, Greyhatter. I'll go check out your comment after I get a glass of water and all that good stuff. Hope to see you around. Take care.