learning jq against my will
Streamed
Cookie deletion bug. Fixing invalid cookie key errors. PR review for SQLite migration. Block disposable email PR. Stale PR bot oddities. Slow inbox loading investigation. False CSP violations from browser extensions. Mysterious session bugs. Trying not to learn jq syntax for poking around in logs. Comment visibility on deleted stories.
scratch
topics
PR review
sqlite! https://github.com/lobsters/lobsters/pull/1705
block disposable https://github.com/lobsters/lobsters/pull/1704
stale PRs...
commonmarker - my check has only found one comment broken https://github.com/lobsters/lobsters/pull/1627
stale pr bot buggy?
issues
cookie deletion https://github.com/lobsters/lobsters/issues/1594#issuecomment-3190080120
fragment caching on mod activity
modmail
title
post-stream
Transcripts are generated with whisperx, so they mistranscribe basically every username and technical term. They're OK but not great, advice appreciated.
Recording
46Welcome to Lobster's office hours.
This is Lobster's.
Let's get set up for the day.
Oh, I've got the... Yeah, that's... All right, hopefully the audio should be good.
I'm remembering my stream setups, my little checklist.
pushcx This is Lobsters office hours, drop a question about the site anytime!
All right, so...
01:20So let's leave a message in chat and get started.
...31So this here is the site Lobsters.
And folks can feel free to fire off questions anytime.
We're happy to chat about anything around
how the site or the code base works.
And then when we're not talking about stuff, you can just hang out and watch me maintain stuff.
Epic_Ninja_Elephant Happy Monday!
It has been two weeks since office hours, which I think is the biggest break I've taken, was off traveling.
And...
I know there's been some activity on the code base.
Oh, Hey, welcome.
Happy Monday to you too.
Yeah.
So we've got activity on the issues.
Oh, these are pull requests.
Oh, great.
Somebody opened one for all right.
And then on the issues, we've got some activity too.
Great.
02:41Yeah. Oh, this one was especially bugging me. I got the big backtrace in from Telebugs.
03:01Huh.
Am I?
That is really weird.
This has got to be the cookie code.
And I guess we have still been seeing that issue.
Yeah, the last one was five hours ago.
Hmm.
And then this bug
is also still occurring.
And I really, let me double check.
So I'm not talking about, I'm peeking at the telebugs off screen, because it's going to have somebody's IP in it.
And then also, I mean, if you look at the weird cookies, there's a ton of stuff that looks like real user data.
So I click back through a couple of these.
Yeah, I think this is just one weird bot.
Because it's just all got...
I don't know.
There are multiple IPs.
One was IPv4, one was IPv6.
That's kind of unusual.
Running a quick whois.
Some random ISP.
This is just a badly behaved bot.
What's it called?
Let's ask the Wafers IP database.
So if you haven't seen it, there's a IP lookup tool.
twitchtd hi pushcx, just got back from a quick vacation as well
That's the wrong clipboard.
05:13This is kind of nice. You can kind of... It checks a couple of different providers.
...33Yeah, this is... So I'm clicking through this. This is some kind of bot on a cron job. not just because it has a couple of different IP addresses, but all of these failures. It's funny. So I'm clicking through Telebugs. Actually, I can show this without showing a IP. Yeah. Well, yeah. The gist of it is as I'm clicking through the reports, the screen refreshes, and the only thing on the top first page of it that changes is the timestamp. And the timestamp is always within a couple of seconds of 23 minutes after the hour. And there is exactly an hour between all of them. So this is just some kind of lazy bot. So I could fix that. Or I could just drop these two IPs.
06:37Oh, hey, TD. Welcome back from your vacation. I saw that you pushed some updates to your SQLite PR, so I'm glad you're here. I'm chasing this odd bug. Yeah, whatever this bad bot is, maybe it's some kind of probe. It's such a strange set of cookies.
07:07Epic_Ninja_Elephant cheers on the SQLite work.
There's a lot of weird software out in the world.
...16Let's see, where did this land?
twitchtd :)
Application controller?
...38Yeah.
...46So this wants to be next if the key. I found the name of that thing, didn't I? There's rack utils set cookie header. And it had like a regex or something, right? I browsed this source a little bit. So if I poke around here.
08:32There was a validation. That's what we're throwing. Hmm.
09:00So it's the do we have the whatever this is, this is an old version of it. That's what we're seeing. Yeah. Let's find the current version of it.
...28Almost it. That's the specs. Yeah. So let's find it. So I'm just going to, this is what I want. I want this constant. Can I just dig in and get it?
10:04Why did you make your constant cookie, your constant secret? Why is that private? That's not sensitive. It's even frozen. We've got to get out of the multi-line mode.
...31Deprecation. I was hoping they would explain why they made that constant private.
...45I mean, I could just copy and paste, but...
11:15Ah, no wonder they want to drop it, because the encoding is theirs. So nothing about why they made it private. Must be a style for the repo. But this one didn't. And then they closed in favor of the other issue, or the other PR.
...50that I already saw. All right, so my options are to violate the encapsulation, which seems a little rude. I think I'm just going to copy and paste it. This is not a list of characters that's going to change often because you have to get every browser in the world to coordinate on it.
12:27Yeah, let's make it a constant here.
...41And then we'll say from and what's my URL here? I'd like to just link to it.
13:24Can I just say the one on master? Let's switch you over to, do you not have a main branch?
14:04So the reason we have to do this, we're running into, I mean, this exact code here. The way cookies are deleted in the HTTP headers is you set back the same cookie, but with, I think it's a flag or a timestamp saying to delete it rather than like a command that indicates delete this one. So that's why we're getting a generic error about, oh, we have an invalid cookie key. We can't set that cookie because deleting a cookie is setting a cookie.
...57Yeah, that seems reasonable.
15:03Let's charge this phone.
...14All right, so if that's half of the bugs, I should grab this for the notes, right?
...27Grab that link.
...33Man, I am just constantly getting the wrong clipboard today. All right.
...58Actually, I'm going to edit this multi-line.
17:01It's 1594.
All right.
And where are we?
Well, I guess we're almost at 23 minutes after the hour.
ChaelCodes Hi! What are you doing today?
So if I resolve this on the bug tracker, it should not get unresolved in about eight minutes.
So that'll take 20 seconds or so.
The other bug is the one that these users are reporting.
Do I need to do anything else here?
No, I think this one can be considered closed.
18:43panzerbun Hello, I'm the user with cookie bug (i think)
So I guess the other question is on these public ID ones.
No, I only have 11 of them.
So I don't think, yeah, these are happening on a post.
19:10These are all looking like, a patch to a comment. What is this comment?
...25Well, it doesn't match either of these usernames.
panzerbun oh well neverind, it was previous one
So either they're seeing a different bug, which is possible, or they have very strange
choice in usernames, which is also very possible.
...54Yeah, so these exceptions
Public ID.
Oh, hands are gone.
I don't think you were the one with the previous bug.
I don't think you can be unless you are running a bot that hits the site every hour and it has a bunch of weird cookies.
panzerbun I just logged in and it works
Is that you?
If it is, I would love to know what your bot is up to because that is such odd behavior.
that I'm very curious, like, are you surveying something?
panzerbun I'm not using any bot
It's a really high frequency, right?
Like once an hour, if you're doing a security scan of how the interwebs handles invalid cookies.
20:50Oh, so when you say previous one, you mean the one I have up on screen, 1693? It took me a second to see your message. And then I guess the other question is, are you either of these two GitHub users.
21:13panzerbun I'm ~panekj
So these bugs have been these public ID ones have happened 11 times over the last couple of weeks.
Which doesn't seem to be.
...34You're panicked, Jay. Okay. Hmm. Well, the only thing better than a bug is an intermittent bug that can't be reduced. Reproduced, right?
22:00Panzerbund, can you say if there's... Oh.
Can you say if there's anything unusual about your browser?
Is it stock Chrome?
Do you have any ad or privacy extensions installed?
Or maybe have you cranked up any of the privacy related settings?
panzerbun Firefox on Chimera Linux with uBlock Origin
I've been trying to think of what could cause somebody's sessions to be working differently.
And then I guess this one person said their username on the site is summer, so let me go look at summer.
...44And.
23:01panzerbun I have ublock disabled for lobsters though
They were active on the site in the last day.
I don't know Chimera Linux, but I can't really imagine the distro making much of a difference unless it's a really, I don't know, funky one.
Because some of them are like, they add patches to browsers and things, but, hmm.
24:14panzerbun think of Alpine Linux (apk v3 and musl) but BSD userland + LLVM toolchain instead GNU
Oh, neat.
Yeah, so that's a bunch of uncommon things, but it seems pretty implausible that that's reflected in cookie behavior.
This thing about public ID for nil.
...37I don't know, Ruby's really big on nil. So it's just kind of a bomb waiting to go off in a lot of programs.
25:18Epic_Ninja_Elephant I just tried loading inbox/all, and it took 7 seconds. Is that expected at this time?
Looking back through the instances in the bug tracker real quick.
panzerbun it might have been the closed issue for summertime as well, since this problem happened for me on /inbox but soon after it broke whole lobsters for me
That is not expected.
That's pretty slow.
I think there's a...
Epic_Ninja_Elephant I also see a CSP violation in the console.
soon happened on inbox for you.
That's really strange because this thing doesn't also see a CSP violation in the console.
26:15dlamz ~3 seconds for me
Let's get that up.
Starting up the
This is the one with the test data, right?
Yeah.
So if I go here to Emily's inbox, we don't hear.
Hmm.
Yeah.
Three seconds is also pretty painful.
...45I've been playing with caching on the similarly implemented view for moderators because that one is also taking seconds to load.
27:05I should delete this message. That's no longer the case. It's already on a new commit.
...28It's weird. Why did you highlight it if it's ambiguous? I guess it doesn't exist because it's ambiguous. All right. View inbox.
...46So that can just be gone. Even with that gone,
28:23I wonder if we gave Emily some notifications that would be happening. Epic Ninja Elephant, can you tell me what the CSP violation is or post a screenshot in the issue tracker or something? Because there shouldn't be any. I think this fix was doing.
29:24Right, that one's fine.
...37Does this even show up in the traceback of these?
Or is it just somewhere deep in?
Epic_Ninja_Elephant Content-Security-Policy: The pageβs settings blocked an inline script (script-src-elem) from being executed because it violates the following directive: βscript-src 'self' 'nonce-vvTmiggJh6AdVI9Hszb3Rw=='β. Consider using a hash ('sha256-ZswfTY7H35rbv8WC7NXBoiC7WNu86vSzCDChNWwZZDM=') or a nonce.
Yeah.
The exception happens entirely in
...58Hmm. We don't have any script source.
30:15Does it give you a line number or a file name, especially if you click on it?
Because I remember when I was seeing those, it was just like the URL of the page.
dzwdz broken addon?
But when I clicked on it, sometimes I landed in the middle of the JavaScript.
And then we fixed that.
...39Well, not broken, but a lot of add-ons work by injecting a script tag into the page. I use one of them even called Tridactyl in my personal browser. And those are harmless, but they're part of why we had to turn off reporting on the CSP errors because we were just infinitely swamped in false alarms.
31:09Makes me wonder if there's something in... No, it can't really be related to...
...26Epic_Ninja_Elephant utils.js:42:10 -- oh, clicking that takes me to part of my PrivacyBadger extension.
Epic_Ninja_Elephant So it might be me.
Such a weird one.
I feel like I'm getting half of the debugging info I need.
Epic_Ninja_Elephant Sorry for the false alarm.
okay so that csp then yes that's a false alarm i have seen exactly that csp error myself because i've used privacy badger so that one that's one of these false positives and red herrings for this bug because this bug is a server side bug that is somewhere deep in right session in the action dispatch session cookie middleware
I guess let's go check that out.
I haven't read that code yet in the way I had for the other one.
dzwdz oh hey i have a CSP violation too
So it has a function called writeSession.
Does anybody else have a... Oh, hey, look, that's my bug, right?
Or at least that's the exception.
And it's coming out of the same function name.
32:53Epic_Ninja_Elephant @dzwdz Also PrivacyBadger?
dlamz i also had a CSP violation there, it traced to the alpine js dev tools extension
not using action pack in a proper way.
Yeah.
33:18Oh, generate a new secret key to invalidate all previous sessions.
Yeah, I really don't want to try and fix things by logging everyone out.
dzwdz i only have ublock and tampermonkey (the latter without any scripts enabled)
Oh, but here's someone else with this same kind of bug.
...40dzwdz it's in content.js:68:265
dzwdz i think
Rotating secrets also didn't help.
Yeah.
Yeah, that one, rotating secrets, that's hard to imagine.
36:13dzwdz wait no
We have a, yeah.
...54dzwdz okay it looks like tampermonkey is injecting some stuff despite me not having any scripts enabled for lobste.rs
This would be great if somebody sees this.
37:26Oh, huh. Yeah, I don't know what content.js is because we only have an application.js and a tomselect.js.
...45Yeah, I can't reopen this.
38:14All right, yeah. Just kind of rereading. I think that's safe to punt on this for a minute. Let's grab... Come here. Does this have a link back that it was mentioned? Yes. Good. All right. Of course, why I came to this repo was to go look at that source.
...50So we are looking at the session cookie store. Yeah, this is the code.
39:01And this is one of those Rails things that's going to be so abstract that I'm not going to understand what it's trying to do.
...28Nothing relevant here. One of the hassles of object orientation is it is really easy to introduce this kind of temporal coupling when you have mutable state where for some reason Oh, maybe it's not. Whatever this Sid is, the caller passed a nil and didn't realize it had it. So that was commit session, which is something in Rack. I have the, not psychic, I have the trace back off screen, but it's over in that issue if you're looking. So let's go look for Rack.
40:39Session.
...46Let's search for that call to write session rather than just farting around. No code, mention it.
41:06Huh, so the path that is shown here is a separate gem called Rack Session. Never heard of that before.
...43I thought I was searching the org, but... So this writeSession function is getting shadowed by Rails, I guess, because the final exception is over in actionDispatch.
42:16abstract ID and there's a note about it being overwritten but this is the actual line getting thrown so somehow we're violating the contract between this plugin I've never heard of and the Rails session code I've never seen that's that's a hell of a rabbit hole I'm not going down that rabbit hole
...54session ID or equal session dot ID, so it understands it could be nil.
43:07But at this point after it comes from the rack header.
...19I would have guessed this get header function returns just a string, but. That doesn't look like it if it's got this ID. Yeah, let's just punt on this one because it requires a lot of very fiddly plumbing knowledge.
...45Yeah, I really don't like leaving a bug that I know is forcibly logging out users. At the same time, It's not something I can make meaningful progress on. And I also don't want to revert it, because it's important scaling code. It improves our cache hit rate. Not that I have measured how much. We're not that formal, but hmm. Let's go over to the pull requests and sort some things out here.
44:26Let's start with Thomas's. Oh, it didn't get a pull request. Oh, it did get a pull request opened and updated. Beautiful. And then let's go find Thomas's comment.
...58Ah, beautiful. So he's saying, so this was a little funny of our interaction here, Thomas, where you asked if you could just ignore the bit bashing thing and leave it, and then you found it easier to just delete it.
45:20That is a really good question.
Let me skim the PR.
twitchtd ya, turns out the db specific bit bashing was just too annoying in sqlite
168.
That is a shotgun PR because so much stuff touches SQLite.
Yeah, I'm not surprised by that.
Did you end up replacing it with...
I suppose there kind of isn't a difference between doing it in a Ruby user-defined function and Rails itself.
twitchtd the ordering is in ruby now
My concern there is that one's on the hot path, so we'll have to take a look at that.
Yeah.
Sir, you're not helping by being wide.
47:08What does hierarchy mean in this context?
...19Are you creating a set of nested arrays?
twitchtd this implements that confidence order path in ruby
No, you're sort of creating a tree structure of hashes with parents and children.
...55I'm kind of confused by this code, because even the one that doesn't say it's recursive is recursive.
48:16So groupByParent is a hash.
...40Okay, so I see how you're doing it.
49:00Yeah, this is quite a different algorithm.
...27I'm trying to think of what a.
...37So it's possible to do this non recursively and in one pass. But using sort by. That the list of comments.
...57So what I'm thinking is
50:30so i am definitely not going to explain confidence order path on this stream if you are curious about it you can dig back in the stream archives but it does a lot of bit bashing to basically sort comments by their confidence which is basically score and then try to pad that with their ID. And there is a whole bunch of different concerns getting juggled to try and keep things small. I think, so if I said comment equals comment.last, well actually, story.last comment count, how many do we have? Comments count. Let's find a story in my test database here.
51:49I can't do it with a number at the front. Comments is s.comments.
52:04We've got comments here, right?
...28Yeah.
So if we kind of zoom out, what's happening is we want these things to be sorted by their parent ID.
So the top level, that's nil.
And then the later ones, that's like this comment's ID.
Although that's not sort by the ID, that's the tiebreaker between the confidence of the parent.
twitchtd it's a sort on siblings
the sorting key is sort of a tuple, right?
For an individual comment, it's that, parent comment ID.
So this is for an individual top-level comment.
If this one had children, though, their array needs to be the suffix of all their child arrays.
So I guess what I'm saying we want is...
54:08We really wanna just walk the comments in the order of parent comment ID with...
I'm trying to think of how to express this.
I'm jumping up and down the levels of...
So what I wanna be able to say is comment.sortBy
Do you know this Ruby method?
twitchtd ya
So it would take an individual comment and it would say that the path is this thing at the top level.
But then after that, it's
55:07right and this thing i'll throw parentheses around it just so i have valid syntax but it's the value already set for the parent comment id so i guess that's saying we have to do one pass over the comments in parenting order so that each of these already has its parent pre-filled and then we can call comment to sort by these keys And the easiest way to do this is to make it a, we have an attribute for these. No.
...53Oh, you can just make an adder accessor for the comment order path.
56:08pushcx comment.sort_by { |c| (c.parent_comment) + [c.confidence, c.parent_comment_id] }
And I guess we would just call it like order path.
Anyway, does this algorithm make sense?
I've kind of jumped around a bunch and I can write this up as a proper comment if you need.
But the gist of it is that instead of building a data structure, we just want to do one pass over the comments
to figure out what their sorting key is and then do one call to sort by that, you know, I don't know what the algorithm is under the hood, but it's reasonably smart about avoiding repeated comparisons and other things.
57:01Yeah.
And then most of this code goes away.
This almost becomes a two-liner or a three-liner, depending on what character column you're wrapping at.
I'm going to keep skimming, but let me know what you think of that and if you want me to break it down some more.
And you know what I should have said first is moving this back into Ruby is a totally sensical thing to do.
We can look at if it can get shoved down into SQLite or we can have it like this.
Honestly, they're becoming mostly equivalent.
Yeah.
Because the alternative in SQLite would be to build up a JSON array.
And I would expect that to be more performant in SQLite.
It's not just that it's written in seed, but it's then the database is manipulating a data structure and giving them back to Ruby in order.
And we're not paying the penalty of serializing and un-serializing, which is where
most of the expense of using json comes from so i think that would be more performant but what i outlined is fine to start with because it's short and it's readable where the existing thing like i i really had to stop and chew on that to understand the the algorithm
I don't know.
I guess I'm coming around to say that if I'm planning to push that into SQLite, I guess the algorithm doesn't matter, right?
But I did have to work through it to understand what I was trying to say in my head.
twitchtd sort_by { [[it.path, it.confidence]}
This one...
Why did you change the default from one week into seven days?
59:42twitchtd sqlite doesn't support Weeks
So I understand that probably SQLite doesn't have a week.
Yeah, you said it just as I got there.
but I would rather not change these URLs because these will show up in URLs where if you go to top,
you get forwarded to one week rather than seven days.
I guess what I'm saying is this doesn't need to be a user visible change.
Man, that's a, but these are just gonna be a lot of fiddly details.
Oh, nice to start deleting some of this stuff around confidence order path.
01:00:35I'm really curious to see the full text search because I know it's there, but I don't know how it works.
...51Hmm.
01:01:08That's a nicer syntax. I like that.
...17Let me double check that my zeal install has the SQLite docs in it, because I'm going to spend a lot of time finding this kind of fiddly stuff as I write queries. Or maybe I'll be making Claude translate from MySQL to SQLite. Style transfer is the one thing that those things seem to be real good at.
...51Man, this search code. I am very glad, especially now that I see you touching escaping and quoting that I wrote way more tests on that because it's security sensitive than I thought we would need. But these are mildly terrifying commits in that.
01:02:32They're security sensitive and pretty incomprehensible.
This isn't a you thing.
twitchtd if you look at the :search scope above, the full text search is a bind instead of raw sql inserting
This is just you have to read to know the exact level of quoting and build it up in your head.
...56twitchtd so not as scary as mariadb
Is it?
That's very nice, except
01:03:06If it's a bind, how does that support the operators? Like, I don't know, comment or colon? Are you doing it... I guess those get split out as different parts. Hmm.
...35And it builds up the query. And then at this point, it's just, oh, that's a lot more expressive.
...57Yeah. I see how that's less scary than this thing that I had to gold plate the tests on.
01:04:24Well, and I'm glad you were able to figure out what was going on with story texts, because I'm not sure there's a comment explaining it, but that whole table is just a performance hack. Hmm. Date time now. All right.
...57I'm curious, Thomas, when you were doing this, how much did you refer to the fork used by the YJIT team in performance testing, or I guess the Shopify Ruby performance team?
Because I imagine they made some of these, but some of them are, I don't know, I just kind of can't imagine them getting into this level of detail.
twitchtd they didn't migrate any fulltext search so I didn't refer to it
like this sure but I don't know ah yeah I meant more generally than just the full text search because I know they also I think they just said something about they dropped comment sorting entirely
by route actually said something in one of their updates where he was mildly annoyed by confidence order path because not because it was a big gross hack but because if we're not sorting comments in ruby we're doing less work in ruby and so it's less of a performance test and my go-to strategy very often has been to just try and shove work into the database as much as possible
01:06:42twitchtd ah I'm not sure you know about contentless-deletes?
That must have been a fun one to update too deep, because it's no longer a technical limitation.
All right, I'm not too worried about BreakMan, because I care that it's going to get a passing run.
I will go and reread that.
I don't think I know what you mean by content list deletes.
No, that phrase doesn't mean anything to me off the top of my head.
01:07:26Hmm.
...44Oh, did you?
You deleted all the old migrations, huh?
I mean, I have considered them dead code for a long time.
amazakar Hello
you know, starting a couple of weeks after I write each one, but I've been reluctant to delete them because I'm constantly using them to look up syntax for migrations.
Hi, Amazakar.
We're talking through a big giant pull request to replace the database on lobsters.
And you know, I say big giant, but this
This is actually less giant than I thought it was going to be.
And I guess some of that is I've been trying for years to reduce how many custom queries we have where we drop to SQL and lean on Active Record.
And now we are reaping some benefit from that very tedious work where we had fewer queries to update.
01:09:17All right. I'm kind of deeply suspicious of things like cascade that make it easy to delete a ton of data once
...52Oh, the bitpacking spec.
You know, for an ugly performance,
ChaelCodes Cascade makes gdpr easy though. /s
twitchtd tests for bitpacking & search were :great:
hack i'm actually kind of proud of this code mostly the test code because it is pretty expressive about a very fiddly bit of code so you know f in the chat for all of that as a chicagoan i don't worry too much about gdpr thanks thomas that means a lot you are probably
the second person to read the bit packing tests there is one person who found a bunch of bugs in it and i am not remembering their username off the top of my head but it's on the previous streams where we talked about confidence order path the the title on that stream was something like we have fixed seven out of the four bugs because as we were fixing bugs we were finding more
01:11:15Epic_Ninja_Elephant Haha, seven out of four. I thought her name was Seven of Nine.
twitchtd sqlite does quoting differently which is is why it changed
this you know i was just talking to a friend about voyager because his household is he is not at all the star trek fan but his household is watching their way through voyager just as a you know low stakes low stress background noise kind of tv and there is a commander peter harkins on star trek voyager he's come up here once or twice
So I made sure he knew, hey, when you see the yellow shirted engineer who's super nervous, get ready because his boss is the best named character on Voyager.
And so he got hyped for it when the Barclay episodes finally rolled around in episode or in season five or six or whatever.
And then everybody else in his household was like, you hate Star Trek.
How did you know the name of this character?
Oh, you're your bestie.
twitchtd quoting ' -> '' (two single quotes), and quoting inside the full text search query " -> "" (two double quotes)
It's your bestie.
He told you this was coming.
01:12:31Yeah, this, this quoting spec, I see what you're changing and
...46I'm kind of automatically scared by it because it's a change to such fiddly code. But I guess I do have a question. I'm puzzled by... Why do we delete the double quote and leave the...
01:13:17Wait, what was different about these two tests that they could expect different things? Or was this escaping a no-op in Ruby and it got odd during editing?
...37Also, Thomas, what is a content list delete?
...54twitchtd ah sorry, it's the new way of creating fulltext search tables in sqlite
I'm clearly going to have to sit down and just read the SQLite manual.
Ah.
01:14:30twitchtd previously you had to specify all previous columns when deleting
dlamz are you worried about concurrent writes blocking things with sqlite?
twitchtd with contentless deleting you just need to do delete from table where id = ?
You know, my one style thing about SQLite that not really know DLAMs, people have put a ton of work into that in Rails in the last year.
Is that when...
sqlite does backwards compatibility things they often do it with special values like use the empty string and i understand that they really worry about long-term backwards compatibility but sometimes it just means everything has kind of sprouted these extra options as opposed to the new thing being the default
It becomes something you have to opt into.
01:16:01oh oh i follow what it is okay so it's just that you can because this is such a special virtual table i mean they're all virtual let's be real but
When you delete, you don't have to name all of the fields and values.
twitchtd ya
You can go ahead and use a PK for the row.
twitchtd previously you had to specify that
Okay.
Yeah, that's wild that that's not the default.
...54David Price- Okay, so I didn't see you respond to my kind of long rambling about comment hierarchy.
David Price- What do you think about the idea of.
David Price- Doing this to more directly do that confidence order stuff and use sort by to simplify that code, rather than.
twitchtd I can try doing something like c.o.p. and then sortby
twitchtd but keep it in ruby though right?
figure out how to shove this work down into a json array because i guess what i'm saying is one of the reasons i want this in ruby is it translates pretty directly over to sqlite okay wow it's funny this
This does legitimately look like a ton of work.
A lot of these kinds of things don't.
End of an error to remove the MariaDB library.
01:18:08If you're more comfortable in Ruby, yeah. But I think ultimately I'll want to shove it down into SQLite I guess I should actually performance test and we should come back to your direct question, but the JSONB array has the functions that we need for like concatenating arrays and sorting. I think it has concatenation. If not, we'd be SOL.
01:19:19twitchtd I originally tried to do it in sqlite but it got hairy and not as clean with ruby imo, though I can try again now that I know your preference
OK.
I'd appreciate that.
amazakar getting rid of trilogy?
There's also the existing confidence order path that you're working through has to do so much bit bashing that it's hard to see the algorithm at work.
amazakar it was annoying me on windows :]
And the fact that it's limited, like why only use the low byte of the ID?
pushcx https://github.com/lobsters/lob…
That kind of thing is just a big distraction.
So Emma Zakhar, there's a whole bunch of people
bunch of history you could catch up on, but basically it's moving the site from MariaDB to SQLite.
And then Thomas's excellent question that I could have answered a while ago is what kind of performance testing would I be comfortable with to determine that we can move to SQLite, that this isn't a big wasted effort.
And I do hope it's not.
01:20:39twitchtd it's not wasted either way, even if it turns out to not be viable we'll learn something
I think we'd have to use something like AB to do benchmarking.
...58So AB is the primary one I know of.
My one question is whether we can give it
a variety of URLs because I've used it to just hammer one URL.
But the thing I'm really curious about is, you know, do something like 90% read and 10% writes.
So we could do a performance test where.
And I don't see that kind of option here.
dlamz might be a perfect task for AI to spit out a script tbh
We stand up a server on our personal machines in production mode, which is pretty straightforward.
And it might be given that we delete the script afterwards and it wouldn't become part of the code base indefinitely.
So my worries about copyright don't matter.
01:22:20Yeah, I guess it does come back to the same kind of thing that DLAMS was asking earlier about, are you concerned about concurrent rights?
graefchen AI? I like *stupid AI*, like decission trees. limesComfy
And so if we could get a benchmark that it's not going to be AB because that only lets us hit one, I guess we could start like, you know, three instances of AB doing reads and then
one or two instances doing writes whether that's you know like one instance doing new comments but it's they're all going to be hitting the same thing right i'm trying to think of how to simulate something that looks a little bit more like user behavior and user behavior looks like a ton of reads of the story list and a ton of reads of the single story view
and then occasionally doing a write of a new comment or an edited comment.
So do we know a benchmarking tool that'll let us get kind of a distribution of hits like that?
01:23:41I do not off the top of my head.
01:24:48twitchtd Maybe need a list of top 10 or 20 urls and their frequencies?
twitchtd then I can write a tool to simulate those probabilities
Cat you're not helping, sir.
Where'd my tab go?
He deleted my comment.
Let's see.
The thing about it.
No, given that you're just throwing away the, yeah.
01:26:31Let's generate that for you.
...40I have to pull this one up off screen because it's going to have some lucky user's IP in it. let's create a new file here and then i'm logging into production great so if i grab this and
01:27:25so here is and this is like the archetypal value in the logs a json hash that is a read of the home page and you know given that we do this json logging with a little bit of performance info in it we can look at that too in this test of are these numbers for duration roughly similar i guess we might as well look well if we're moving the threading up to db we can't just look at db yeah all right so all right so d lines you're talking about vibe coding let's try this one of right a jquery command to take a or not jquery jq command that takes a js objects one line per invalid data
01:28:58Because it's called URL on there. No, it's called path.
01:29:10dlamz you're asking AI to do what humans can't now π
So this is, I think this is Simon.
Yeah.
...23Let's give that a try. The syntax of jq, I just don't use it often enough for it to stick in my head.
...53I thought from JSON would...
dlamz i tend to try and toss things into duckdb so I can use sql
Yeah, I don't think we actually need that last part.
let's head action.log into this and it didn't work great we got some great great code out of there jq let's i'm gonna peek at that head yeah that should have been that's 10 lines of jquery
01:30:36chamlis_ maybe `.path?`?
Am I going to have to actually learn something?
chamlis_ without the fromjsoln
I was using an LLM to avoid learning anything.
...52No, the from JSON question mark is what is going to protect it from bad input. And it's a hassle with... but the Rails default logger really wants to just toss unstructured data in there. So if I, yeah, there's a couple of random error messages in there. So we do have to keep the from JSON.
01:31:43Did I have one of these in the Lobster's Ansible repo?
...58Yes, I did.
Let's select.
chamlis_ I think you want `-R` for raw input rather than `-r` for raw output
That's what's missing.
No?
JQ.
Cool, there's more than I wanted.
I think I want both.
01:32:36So that select gave me a lot more than I wanted.
...48In that it gave me the whole thing.
...58Okay.
graefchen Today I learned something about jq. limesNoted
So the select was for filtering.
So let's go say .path.
which there we go all right where's my all right so we've got these we can just go ahead and say dump the whole log in there
01:33:43Let me check something before I run this.
...53Yeah. I'm going to throw away anything with an equal sign because that's going to be somebody's token for the RSS feeds.
01:34:18Well, so I said the archetypal page is the home page and then a single story view. I should have thought of RSS because, of course, the bots hit the heck out of RSS. And all of those are going to have, most all of those are going to have the same path. The individual tag ones will have different tags. Maybe what we want to do is grep for the controller in action.
01:35:17How do I, can I say comma? Yeah. But now they're on two lines. If I say dash R, no, I just get that. All right.
...35How do I get these two values on one line? I put quotes around it. That's not what I wanted. I guess that's what all those backslashes were for.
01:36:10Parenthesis and then dot. There we go. Learning JQ against my will.
...41Of course, we're going to do more than just this.
...52All right.
That's interesting that RSS controller.
Oh, so RSS isn't handled by a separate action.
It's just down a different templating path.
So that's why RSS has totally disappeared.
And now this looks like
my intuition of the only two things that really matter are the single story view and the home view.
So Thomas, if I gave you this, would this be useful?
I mean, realistically, if we get the top two and we post some comments, I'm satisfied with it.
And
twitchtd ok, top 2 sounds good
I say that because you know everything else is order or orders of magnitude fewer in popularity, but also it just they don't do queries I mean they do, but it's like one direct query to the indexes.
So.
Like newest by user looks up stories by user ID.
It is so fast.
Single tag.
I mean, it's got to do a join, but it's fast.
These things, they're sorting by hotness or confidence.
And the ordering of things change as voting happens.
Which a little surprising that voting doesn't even make the top 20.
01:38:55Hmm.
01:39:19There we go. Oh, it did make the top 20. I just didn't notice it because I was looking on the controller name for a votes controller. I forgot it's not quite restful, but that's okay. This one is way too high. This is not we get 338 messages posted from email. This is we get 338 bounces a day. And yeah. All right.
...58twitchtd are those numbers for 24 hours?
So we got that.
01:40:42Did I close that? I closed the terminal, didn't I? Dagnabbit.
01:41:05Less than 24 hours, but... The distribution of traffic doesn't change. It's the overall level of it that changes. So Monday is our most popular day of the week, unless it's a US holiday. And things just scale on the weekends. They just scale down over the week and then a lot on the weekends. And then, yes, this... If we just look at, since I logged back in, if we just grab the timestamp field to look at the first, ooh, I meant to say one, but yeah, that's about 20 hours.
01:42:02And before anybody runs and extrapolates that to user activity, you should know that we get scraped constantly by bots. And even with the full page caching, they are probably a majority of our views. So this is checking the Rails log. The full page caching doesn't appear in here. And this one, the 404s, I mean, just off the top of my head, more than half of these 404 pages we render are the enumerator bot. I know I've talked about this guy on stream. There is one persistent bot that I call the enumerator that comes at us through... gave up counting ips at hundreds but they have just an enormous number of ips at their disposal and they are either vpns or tor or you know residential ips where somebody has a mobile game on their phone and the mobile game monetized by proxying connections for iffy traffic some of that is scrapers some of that is abuse and the enumerator is always always every second or two at most hitting the sites to test for user accounts just trying every possible username ever. It's clear they've got some enormous number of usernames and email addresses from dumps and they just try all of them.
01:44:07We looked at stats once where we were trying to break out site traffic by browser and we saw a ridiculous number for firefox and that was because you know it was like 80 of your visitors use firefox and as much as i think that would probably be pretty neat no absolutely not and that was just because the enumerators default user agent looks like firefox to i forget the name of that tool we used
01:45:21graefchen 80% sounds, when knowing how many people use firefox, really reallly out of place. limesNoted
Yeah.
Yeah, Graf Chen, we got the chart up on stream, and I looked at it, and I just instantly was like, oh, bullshit.
I don't believe it.
And everybody was like, yeah, that's not plausible.
You would expect for a site full of programmers that our number for Firefox would probably be a little higher than the baseline, just because it's a little more popular with techie and programmery types.
but 80% is ridiculous.
01:46:07All right, so Thomas, I think that is everything for your PR and your update.
I've answered your direct question.
We've kind of skimmed.
twitchtd still needs a lot of testing
and i didn't say it on the draft pr but i think everything looks good there except that one that one liner about changing the one week url to seven days i would prefer not to change that but everything else i totally follow what you did and why and it looks great it's
very pleasantly minimal, and I really like that you, yeah, it does, but I really like that you looked for opportunities to use bind variables more, that's excellent, because it means we'll be more robust in the future, and it's just all very clear what's happening why, like rewriting the interval syntax.
As for a lot of testing,
You are seeing the limitations of our testing strategy where I'm looking for high bang for the buck on testing and there are some things like.
That we literally don't have tests for like I am sure.
I know there's probably a page in about that we may not even have a test for.
Can you load the about page?
That kind of thing.
Epic_Ninja_Elephant Can you bring up a test site on a subdomain that we can choose to log into?
think what i would end up doing is when this is ready to deploy just i would mostly block off my weekend and i would deploy it first thing on a saturday morning u.s time when traffic is real low and then just smash 500s as we find them all weekend we could do that but
01:48:10it would be like a fork of the data.
Epic_Ninja_Elephant Might be nice to start with 16 test users instead of .. everyone?
And so it's not really any better than you can check out the code base and run it locally, right?
Because you could check out the branch and kick the tires on it.
And I would appreciate if somebody does, but
Yeah, I guess there's the convenience factor of you don't have to check out the branch and either fire up the Docker thing or get a Rails local dev end working.
Why is this...
I already got the blue again, or is it just out of date?
Just out of date.
All right.
But honestly, the...
The tests cover the important functionality, I mean I remember I wrote the test that was like hey does the homepage load because we didn't have a smoke test for that.
I think I also wrote me no I don't think I had to write one for the single story view.
But i've certainly added more over the years and so like our core functionality has pretty solid testing it's.
Like something in the mod dashboard is going to break because it does it does a ton of queries and it has very few tests, because the mod dashboard has like.
What for users right.
And they all know the admins phone number, so they can get their bugs fixed pretty easy.
01:50:08twitchtd alright, thanks for your feedback!
Well, thank you for doing it.
This is excellent progress.
...21And it's one of those long-term investments for the site. I would never have guessed that we'd be migrating away from MariaDB, but it is nice to get ahead of private equity ownership because that's not going to be promising long-term. And there is the very real chance that it makes the site faster.
01:51:02OK.
This PR is for recognizing and blocking disposable emails.
So there are a bunch of services like 10minuteemail.com that you can use to register for an account.
And I mostly don't wanna try sending email to those hosts because we're gonna see abuse from folks who don't want to stay on the site.
like one kind of let me turn that around one kind of abuse that we don't see on lobsters because of the invite system or we only see very very rarely i think maybe someone has tried it once is moderately common unfortunately on reddit and hacker news where someone wants to post something abusive whether that's commercial or most likely insults and they know
that it's against the rules.
And so they spin up a brand new account with like a disposable email address or something else.
And then they post the abuse from the brand new account.
And the brand new account gets banned, maybe.
But then they can keep using the site as a regular user.
And we don't see that kind of sock puppeting because of the
invite system what we do see is well and i i worry that we'll see it or that sister sites will see it so there is some value there what we do have though is folks who lose accounts because they're very privacy conscious and they use one of these temporary or disposable or alternate email addresses so
Like with Gmail, if you are Alice at Gmail, you are Alice at Gmail.
Maybe you are Alice plus garbage at Gmail because it does that plus addressing thing.
People are pretty good about remembering that.
But there are other services, and the only one that comes to mind, I think, is Proton, where it must just be one or two clicks to create a new email alias.
But then it's also just one or two clicks to delete an email alias.
And so maybe once a year, maybe a little more frequently, somebody emails and says, hey, I got locked out of my account.
Can you reset the password on it?
I'm not emailing from the address on the account because it's an alias.
I'm not sure I know what the alias was because
When somebody really makes a habit out of this, you end up with dozens or hundreds of these, right?
If you're trying to do one per site.
graefchen Having a Invite System is Indeed an Interesting System to Moderation. limesNoted
And then unfortunately the answer has been, no, we can't because we can't prove that you're you.
Then there's also email deliverability issues to these hosts.
The invite system, yeah.
ChaelCodes And you have to be like "This is exactly how you would sound if you were social engineering."
So it started as,
spam prevention but it has the effect of making an account a little bit more valuable than an open sign up yeah chill i've i actually usually write the opposite of i know you're probably you but i have to like be serious about this and one nice thing about the site is full of programmers is people get why that is
01:54:58That's nice that they reached for our fetching library.
01:55:30It's weird that it should come back as base 64.
...42I believe it.
01:56:01Why is this an after action instead of a before? I don't think I understand after action and before action in the context of Action Mailer. Okay. So it's not after in the way that the action controller after action is after the completion. That's probably, yeah, that's what after deliver would be. I would probably call it like after render or something. I don't know. Or maybe the, well, maybe the after actions in controllers should be after request. But I guess that's not necessarily the case. Guess I never thought about it. All right.
01:57:58graefchen The more I see ruby code the more i really wanna try it. But I first need to write that annoying kotlin android app for university. lilith3Lost
Nice to be able to just plug this into validations.
01:58:12Yeah, you know, Ruby is just a really pleasant language to write.
I really do appreciate a lot of its little features.
It has some of the syntax stuff is slowly getting a little clunky, like the difference between keyword arguments and named arguments.
amazakar Yeah I was not a fan at first but it is super easy to understand and intuitive to write
But overall, it's been great to run most of my career in Ruby.
...46So Emma's a car.
amazakar Yes
I think I know grave Chen situation, but you are new to chat.
Are you also a student or do you use rails professionally?
01:59:06amazakar I've had an internship over the summer where I picked up rails
That's why would the storage directory not exist?
Does it not have a get keep in it?
or maybe they're just being careful it does not have a git keep in it huh
...44Thank you.
02:00:21amazakar Looking to contribute gotta build that github page for recruiters :)
If you do want to contribute, let me know.
If you, well, hold on, let me make the proper pitch.
pushcx https://github.com/lobsters/lob…
I would like you to contribute because I'm always looking for more contributors.
I have tagged a whole lot of things as good first issue.
And I am very happy to talk through any of these in detail or dig into my infinitely long idea list to find more.
especially if there's like a, you really want to work on something front end, or you really want to work on something with the search engine.
I guarantee you, I have feature ideas waiting around.
vinitkme Hello Friend!!
vinitkme How are you doing?
And if you contribute, I am also happy to act as a professional reference and say, yes, you know, I mean, like number one, you can put it on your resume and say, I contributed to Lobster's, here's the link.
amazakar <3 that sounds amazing!, I found the disposable email blocklist by looking through the 'good first issue' label
I am also happy to answer emails and say, yes, Amakazar contributed this thing.
It was useful because of X, Y, and Z.
Here's roughly the scope of the difficulty and the impact.
I've written a couple of these for... Oh, are you this author?
veqqio Howdy
ChaelCodes Can I clip that?
I didn't realize that this was you.
02:01:52amazakar Yes I probably should have mentioned
amazakar My bad
Yeah, chill, of course you can.
ChaelCodes <3
Well, Amakazar, I didn't realize I was reviewing your code live to you.
I hope I didn't say anything embarrassing, but this is all real clear.
Anyways, to finish that thought, yeah, whatever level you're looking for a reference on, whether that's for college credit or
proving your bona fides to a recruiter, I am happy to write something out that says, yes, this is what you did.
amazakar Yes this lowk more terrifying than when I put a pr up for review in my company
Thanks very much.
We appreciate it.
amazakar That would be brilliant
When we throw on something like, Lobsters has 2,700 daily active users and roughly a quarter million visitors every month, people go, oh, this is real code in a real project.
02:02:55Oh, it's low key.
The slang took me a minute to parse because, you know, I'm incredibly ancient.
amazakar to "parse" lol
I hope it's not terrifying.
Like, I try and keep things fairly chill if let's just figure these things out.
graefchen We younglings are coming limesGiggle
yeah if you'd written low key I would have gotten it, but I thought it was a typo for lots or something else, you know it's kind of looking down at my keyboard like is do they do they have one finger off.
what's next to wk because sometimes that's how you figure out typos.
02:03:44know i've actually we replaced cron with this scheduling the recurring yml in solid q and it has its own parser and i was a little suspicious of this you just write your schedule in english and we sort of get it but i actually really like this expressiveness of saying this job runs every seven days And honest to God, I don't care what time of day or night or just consistently every seven days you hassle that detail. Because otherwise, with a cron job, I'm like, well, run it at 1.23 in the mornings because that's kind of a low period. And if we don't run the cron job at zero minutes after the hour, they don't tend to dogpile, especially because we both don't want to dogpile our cron jobs on our system, but also the API we're hitting will be sad if we dogpile them at zero minutes after the hour. And this of like, eh, just once a week, I don't care. That is the level of detail I want to specify.
02:05:12veqqio It's nice that you care about the API's emotional well-being!
Wow, I also care about its uptime.
Oh, you mean dogpile in the sense of
Giving people a hard time.
Yep, yep.
Changing gears between code and silliness.
All right.
...37It's...
So we get back JSON.
And the JSON includes the base 64 content that is.
So in there.
graefchen being able to tell the computer what to do in plain old english does make things easier. limesD
So if I pull this up right here.
02:06:05That's so weird. Huh? I wonder why they did that. Maybe it compresses better. I'll take it. Maybe it's a you must be this tall to ride so that people don't write really naive scripts.
...31Yeah, I don't know.
...54Epic_Ninja_Elephant I bet it's to avoid naive scripts, yes.
So I didn't even look at your test failure that you reported.
But if it's this same file, GitHub, where's my test output?
OK.
02:07:36veqqio @graefchen Welll... That's a famous siren song. Really, formal language is better! Cf. https://alexalejandre.com/langu…
I don't Oh, yeah.
...58So rather than
02:08:08Famous siren song.
...15Yeah, that's been kind of interesting. I was talking to someone about dealing with spam bots. And you can kind of tweak anything on your site and the spam bot breaks. But what's going to happen clearly is they're going to hook up the LLM to say, like, find the signup form. So I'm going to delete my comment because ideally, bin setup should run. let's tweak the script the reader to be forgiving if the file we can't count on all developers to remember it for this script especially if they already have a dev env set up. So where you call the
02:10:13graefchen As someone who probably knows more about how LLM's work (at least from the information of my highly educated prof), I highly doubt that AI will be the end of all programming languages. limesO
Yeah, so I would say, let's just tweak this here and say, rescue file not bound, return false.
So if the file doesn't exist, that's fine.
...51And then that helper. So I think. This is really just the one method. This is kind of a code organization thing.
02:11:16Rather than.
...23yeah cat cat don't scroll you don't get to code review you don't know ruby you only know kibble sir thank you sir so there's a ruby and a rail style thing happening where
02:12:00you have included you've put the method into a helper to share the code rather than just give them all a reference to a global object and i would rather just give them all a reference to a global object because we do that a bunch of places and but i do still want an include here because this module could just become email, lock list, validation, and bring the, and, is it, are they called concern or are they called like active concern? We only have like one of these. Active support concerned.
02:14:40And let me say, why am I fighting with the clipboard again? I just selected that.
02:15:15So Amazakar, I hope this hasn't been too terrifying.
graefchen Maybe that is also a reason why I am not the biggest fan of current commercial use of LLM's. limesHmm
veqqio @graefchen I mean, about you saying "plain english" :D
You've got the hard part of all this down.
There's just a little bit of organizing the API for it is pretty fiddly.
...40And then you've got the heart of it right here, which is so short and nice.
...54i wonder well yeah there shouldn't oh yeah since we have emails on the block list now we need that okay I think, do I say it here? Yeah. We got the three validations.
02:17:17amazakar I wasn't sure about this point, I mentioned it in my first comment
Ms. Carr, you've kind of, you're still up here.
Oh, did you mention it in your comment?
I didn't see that.
Let's go back.
So not here.
I got totally distracted by the Docker test failure thing that I missed it.
Okay.
...46so ah so i understand what you're missing here the let me show you exactly what i mean when we render and here you know what i'm already logged in as a test user i'm not in the right tab though so here on the settings page When you view this form, I would like to add text right underneath. And so you see we have this CSS styling for it. I would like yours to be red or bold or both so that it pops out. But we almost certainly have emails that we would block. And I would rather tell people up front so that the moment they load the form, even before they try to submit it, the moment they load the form, they see, hey, we now consider this to be an error state because we are breaking their stuff. And if you come in here and you go, oh, I just want to add that my homepage is Example.net and you save and then you get an error about a field you didn't even touch that feels pretty bad. If we tell you upfront. Something did I write an example message? Yeah, I wrote an example message so you can just use this text directly.
02:19:28amazakar Is this only when the form is loaded?
Does that make sense why that's there?
...40amazakar Got it
It's anytime the form is rendered.
Because the validation error shows up in the flash at the top of the page, right?
Okay.
02:20:09I can see that I didn't say why in my original request. So I understand why you were puzzled by that of, why did you tell me to do this twice? Because once you've put in the validation error, it's on the form, right? Yeah, I see how that was confusing. Sorry about that.
02:21:06amazakar Np!
Let's see.
That and what is today?
0825.
Good.
So that'll be up in a couple hours.
...42Great.
Well, Emazakar, I think that's everything you needed from me.
But if not, just now is a great time to tell me here.
And I want to make sure you are unblocked to revise.
But this is very close to merging.
amazakar Thanks so much! This is has been super helpful
And given that you basically nailed it on your first try, I have high hopes that we get to merge this soon.
So I usually do these streams on Monday and Thursday, and I've gotten, you know, the last two weeks were disrupted by travel.
So probably I will come back and review next on Thursday.
You don't have to rush for Thursday, but just so you don't expect when I'm going to respond.
All right.
So all of these.
So these all got a nudge.
from the inactive bot, didn't they?
So channels, I know one of them was yours and I saw the email where you were like, this is active.
This is so weird because these were.
I guess it was only 21 days on this one.
But some of these like this definitely hung out more than 21 days, right?
Yeah, July three was the last activity.
So I don't understand what this actions bot did.
I think it might be misconfigured because maybe it said when all PRs are more than 21 days, or maybe it was just not running.
This is very puzzling.
02:23:34I think I can delete the label it uses, right?
...43No, come here. That ought to shush it for 21 days. I'll talk to Church about that one.
02:24:06I don't remember the state of this, PR.
...36Oh, I think the bot is catching my mistake here.
02:25:24This is absolutely part of why I wanted the stale bot.
...46I guess we have this open question about tests maybe. I'm kind of remembering this code now. So it looks fine. So hopefully that one gets unblocked. And I will write. This one. Yeah, I don't even have to reread.
02:27:47So, I don't understand why stalebot was so late, but this is actually super useful to get pings on these things.
amazakar Sorry last minute question that popped up into my mind, should I write more tests?
This one has been... Huh.
Me pushing to master bounced the staleness?
That's strange.
All right.
02:28:29Huh. Interesting bit of denormalization. I've retitled this bug. And now it's kind of, I guess it's normalization rather than denormalization, but it's a little confusing.
...55Thank you.
02:30:38Always feel bad closing a PR. I always prefer merging a PR. And then Common Marker is on me. I definitely have not looked at this in the last two weeks. I have thought about it, I swear, because we've only had... Oh, Amazakar.
02:31:10actually think that's an acceptable level of testing especially because the thing fails open where if the file doesn't exist it just says okay we're going to consider your email valid i think that's fine yeah i mean this is a fairly small feature it's not load bearing so if it breaks i'm okay with writing more tests when they've been proved needed
But I would rather merge it sooner than try and...
The other reason I think of it as not needing a lot of tests is I don't see it changing a lot.
I'm probably going to tweak the wording on the validation message, but not change the functionality.
And if the functionality isn't going to expand and change,
amazakar Sounds good
I either it works or it doesn't and it's going to break in a safe way when it doesn't so we don't get a lot out of tests.
So anyways back to Chandler says PR about common marker here.
Having reviewed I think i've made it to 30% of every comment posted on the site.
I have seen one where an ambiguity in or a difference in the two parsing engines, the old and the new, actually semantically changed a comment.
You know, like there's been one or two where it's been like, oh, this would be indented a little different or
it would be bolded or not bolded or linked or unlinked, but it's clear what the comment means.
There was one comment that used an odd syntax for strike through, and the new one would lose that strike through.
We do not have a mod feature for editing comments, but I think I would just manually edit that comment and manually create a mod log entry in the Rails console.
And maybe what I can do is just merge this.
You know, if I do merge this, I'm never going to finish checking the rest of the comments.
I think I can admit that one is such a slog.
02:34:02veqqio How are you checking the comments? I could help
So we've done this on stream a bit, but the gist is I wrote a script that loops over all the comments and compares the new render to the cached render.
...27So lobsters predates fragment caching in Rails. So rather than use a fragment cache or a Russian doll cache on comment text, since the site started, when a comment is created or edited, we immediately render it to Markdown and save that in the database. So they have a comment field and a Markdown past tense, Markdown comment field. So,
02:35:06We can compare the old and the new very easily.
...15And I say easily, but then there's some devil in the detail stuff that they produce different whitespace because white HTML mostly doesn't care about whitespace.
...38So I'm just kind of slogging along, really.
...48All right. This one, there has been some activity, actually. There has been a meta thread.
02:36:21Things in order. Anyway, so still about fired late, but I'm very glad it fired. Actually, it's a nice reason to not let things build up. Thomas, have you been fixing stuff right now? You keep doing this.
02:37:07I see what you did.
All right.
Are there any other issues that have had activity in the last two weeks?
twitchtd leaving notes for myself, not working on it right now
That sounds like a new bug.
This is bugs on notifications.
I don't know what this is.
I do know what this is.
...48so the notifications ah vec here you are yeah i saw it was just notes i was wondering if you were doing the thing where you write code faster than i can even expect and there is a new version for me to code review a second time on the stream because you've done that more than once
02:38:21So what's left? Yeah, we've got a few bugs. Does this have a... All right, let's try that feature.
02:39:07let's make it a bug this one it's a little fiddly but i'm not worried i pretty much tag anything good first issue unless it touches on site norms in a way that i worry someone won't understand when they're working on it and like might accidentally incentivize flame wars
...44veqqio (p.s. sorry if/for duplicating complaints)
I don't think you're duplicating complaints.
I think you're catching a bunch of stuff and I want to break it out to issues so that we can track them individually and get them fixed.
graefchen I also found a bug some time ago but I highly doubt that anyone would notice or care about it so I didn't really want to waste anyones time, even it probably is a good first issue to report. limesHmm Maybe I should try to replicate it. And then report it (if it isn't already reported).
you summarize this i'm struggling to write a title unless toggling submitters you receive a notification for every comment okay so
02:40:52Let me go back. Thanks, GitHub. Don't go back to where I left the page. Go back to just the random top of it.
02:41:13Yeah, this is kind of a repetition of that bug. So that's fine.
...27veqqio @twitchtd would you like to do a lobsters interview, btw? You do so much for the code base, it could be cool to get to know you etc.! So far my list is "popular" figures (n.b. idk your lobsters name)
Can I just, the badge in the top isn't showing me.
Okay, so this is the same bug.
...36Yeah. Okay, so what was the number?
02:42:15Yeah, Vek, get those guests. I respect the hustle. Grafe, if you found a bug, I generally want to fix the bugs. If it's very rare and doesn't really hurt much, it may hang out in the bug tracker a long time, but I would rather track it and hopefully eventually fix it than not know. Because we have had a number of bugs where someone is like, this is the tiniest thing. And I'm like, oh, that's actually a potential data loss bug. So I would rather know about it than not.
02:43:10What is this code? Is it still called good faith?
...35graefchen Ok. limesNoted Was something that in the search you could see comments of already deleted stories. limesNoted
You could see the comments have already deleted stories.
Yeah, you shouldn't be able to search for comments on deleted stories.
That's a bug.
There have been similar bugs like that because we try to soft delete so that, well, we can recover from errors, like if a story shouldn't have been deleted or if a comment shouldn't have been deleted.
But that does mean we sometimes have bugs where we show comments even when we shouldn't.
02:45:09veqqio Oh yeah, I get disappointed when I see a cool comment, clic on it but it turns out the story was deleted...
veqqio There's some really good stuff responding to deleted stories sometimes
You know, there is, and that's part of why I try to catch stories as fast as possible.
Yeah, it's a hard to balance that one.
They've also been at the smaller level, there have been comments that get deleted for being just outright abusive.
And then someone gives actually a very kind and informative reply.
And those all usually leave up as much as possible, even if it's sort of
better than the deleted comment deserved.
02:46:27veqqio In my subreddit, I leave a few rather... bad posters because people fighting with them generates a lot of insight
twitchtd @veqqio sure, I don't do too much work for lobste.rs but maybe once the sqlite work is finished it might be a good time to do an interview :), my name on lobsters is thomas0
That was a confusing prompt.
I get now that it was about this field
...49Wait, how is 17.07 this bug, but then 17.08?
No?
All right, so I've been griping for a while about GitHub being flaky, but oh, I can't screenshot that.
veqqio Time for codeberg?
But, oh boy, the whole browser, now I can't even, nope, now I can type again.
What a weird state.
So now I'm trying to link to bug 1708, which didn't exist when this comment was started and it is auto-completing a different comment.
Like this is just wrong.
It should not be suggesting this comment.
So if I go to 1708 in a new tab,
that is the one I want.
02:48:09veqqio Copypaste your comment and reload the window?
I could.
I would rather not bother hunting these bugs because at this point
basically every office hours, I see some other, some new transient bug in the GitHub front end.
And it's always in issues and pull requests, because that's where I spend my time.
No, that's not true.
I've seen them in code browsers too.
It's just, I'm not, I am venting that I'm not hitting rare functionality.
This is absolute core functionality of can you browse files,
Can you read and reply to issues?
Can you read and reply to pull requests?
And I am finding these bugs at a rate of like two a week now, which is really frustrating for core site functionality.
02:49:05I left a comment. Speaking of searching for comments.
...15pushcx https://lobste.rs/s/5qq2k2/why_…
that's about this flakiness, it is also about what I would hope for in something that would replace GitHub.
Because Codeburg or 4jho or something else that just... All of these web things, they look like GitHub, but without any users on them.
To put it in a slightly mean way,
The big value we're getting out of GitHub now is code contributors.
Like on this stream, just in the last hour, a person I have never heard of before found one of our issues and came by and contributed a fix, and we talked through that fix.
veqqio Lobsters could self host, and use lobsters profiles for forge profiles!
If we move to some random, and it's not random, but even if we move to the best alternative web-based forge in the world and it has zero bugs, we lose that steady flow of new contributors.
And it's not 100% lose because some of it comes from this stream rather than people poking around GitHub.
Yeah.
NoGoodNick_ I wish we had decentralized interoperable social internet
I'm pretty sure that if we move off of GitHub, it is going to be to something that does bidirectional sync of our issues and pull requests into the repository and provides a front end on top of that.
And it has to be bidirectional so that we don't lose the discoverability.
I think jujitsu, very compellingly to me, demonstrated the value of that kind of backwards compatibility.
Epic_Ninja_Elephant The good thing is that you can easily push to git hosts other than GitHub.
Because I would never have adopted jujitsu if it meant everybody else has to, every potential contributor has to immediately switch to it.
Like that's why I never seriously considered Mark Curiel or darks or other things, right?
02:51:35veqqio Push to git hosts, but the issues are a bigger issue
It's making the decision.
It's not just, it's not that it's making the decision reversible, although it is, and that's valuable.
It's that it's making the decision permeable and incremental.
...55And honestly, there's more in my comments, so I'm not going to reiterate the whole thing, but this workflow is bad and shouldn't be reproduced.
Like I've spent a lot, 15 years more, 18 years using GitHub.
The issues are okay.
But the pull requests are so clunky where I have to switch tabs between a main comments flow and an inline comments.
And then there's review comments, which are a slightly separate thing that have a different workflow.
veqqio It's crazy that we can't review/make PRs from our IDE etc.
And when I come back to a PR, you just have to read the whole thing top to bottom and expand anything that says resolved because all of them could have every part of the page could have new material in it.
There's no,
show me since the last time i visited or switch me over to a purely linear view so for something to be compelling to me as a replacement for github i can't lose the fact that everybody is logged into github already and i want to see
an improvement to core UI and core features that is worth the pain of explaining why we're using some strange new tool.
We are not the Starship Enterprise seeking out strange new tools to explore and, you know, have riker relationships with.
I'm actually really slow and patient when it comes to fundamental tools.
02:54:44veqqio Anything with 0auth can use github logins automatically, technoamancy recently did Fennel's forge like this (but mainly targeting fediverse accounts) and I also have it in prod
All right.
I'm going to put up the last call for office hours kind of questions because we're coming up on three hours and I've got like one issue hanging out that's new.
So if you have any final questions about the site or the code base or
Peter yelling and shaking his fist at the sky about GitHub.
Now is a good time to ask it.
02:55:26Epic_Ninja_Elephant No questions, but thanks for streaming. I might have to slip away soon.
veqqio Have a beautiful day!
Oh, this is the exact thing that... Grafe Chan, you didn't open this?
...43graefchen No. That aint me. limesGiggle
because GraveChan, you do not need to open a bug.
This is that bug.
...55All right, well, this is definitely a bug. So let's label it as a bug.
02:56:05What a great bug report. They wrote this up really clearly.
...14And you know, I never saw this bug because moderators can still see the full comments on stories. So I could not have caught this bug myself.
...38When I saw orphaned, I was thinking it was going to be a problem with threading because we use the term parent there so much, but guess not.
...59If I look at the search model.
02:57:09veqqio Honestly, I think the comments should still show up, but when clicking on them from search, we should open just that comment (instead of totally removing them) :D
veqqio I'll put this in git
when we're searching comments.
...29I'm not sure what you mean by opening just that comment. We don't have any view of a single comment that's separate from the user threads or the story view.
02:58:12So now that we've, yeah, nav-mike. Oh, this is actually a really pleasant thing. So a contributor named nav-mike on GitHub refactored a bunch of stuff that we should have had as scopes in the story model. And now that they are, this is fairly straightforward to support. Is it active? Let's say it's base. It's active. Well, do we want to include filter tags or not? I think maybe not. I could kind of see the argument either way. Yeah.
02:59:57graefchen I just would have used another link. That is IMO more fitting: https://lobste.rs/search?q=comm… limesGiggle And it only show 1 comment
Well, if you want to make the point that
Comment should still be visible even if the story is deleted.
That's a pretty good comment to pick because you are pointing out the hassle of me making a comment of, well, I'm going to wait to delete the story so people can read this comment.
03:00:35And I guess we do want the... To respect story hiding and tag filtering.
03:01:22veqqio That was the point I wanted to make, the comments are good. That we can't see them/open them is the problem. Making a new view seems excessive, though...
veqqio So idk
Oh, well, what if this is just spitballing, but what if the compromise was that you could search for a comment's short ID and you would find it even if the story was deleted?
Then the search engine becomes your single comment view.
That is maybe being a little too precious about reusing existing functionality instead of making something specific.
...57I don't know.
veqqio So e.g. https://lobste.rs/s/pmfuza/bro_… - search c_f9nhbf and you'll find it?
And if you follow a link to an individual comment, there's the short version that goes, well, let's just do this in Scratch.
The short version, slash C, A, B, C, 1, 2, 3, right?
But a lot of the times what you end up with is slash story, slash X, Y, Z,
xyz456 this is the story title but then it's not a slash it's an anchor to the individual comment and there is a quirk of http that if you request this url your browser
03:03:00requests the page and does not send the anchor so beck yeah that was kind of the thing i was spitballing which is a little bit cute and you know like a better thing would be to link to the same story page but then like in this short version
graefchen Wouldn't it be okay to show comments on a deletd story and block any new comments. I also notice that I can only see the reason why a story was deleted in the mod view but not on the page of the deleted story. limesLurk
veqqio And the 404 would need such a note? To search the anker? Hm
veqqio Why delete vs. lock stories?
we could know that you want to see that story and like render you the page and have everything blank except that one comment in this latter one where it would be natural and we link to this all the time and it's what the search engine generates yeah grave channel you not logged into the site
So there is a subtle bit of design, and it gets mentioned here in this.
03:04:08graefchen Yes. limesNoted
veqqio If you need an account graef, send your email :P
When you are not logged into a site, into the site, we just say Storier was removed.
If you are logged in, we show you the mod log entry for it.
And I was just thinking maybe we should stick the username in there too.
But the reason that visitors get this one is we've had people submit things that are deliberately embarrassing as a kind of trolling.
And the first example that comes to mind is a story that was an extended metaphor about how Bitcoin was like masturbation.
And I deleted that one and yeeted the guy.
But if we showed the mod log for that, now forever there is a tombstone page of a little monument to his trolling that has to explain why the story was removed.
And he gets a little triumph of, haha, here is a dumb thing on the site.
And...
That one is kind of like eye rolling and stupid and I want to avoid incentivizing it where it gets harder is or more concerning is if we've removed things for being really abusive.
and I would love to keep talking about this, but I have hit a pretty hard time limit and have to run out at the door.
veqqio Have a good day!
03:05:53ChaelCodes Bye!
veqqio Ill summarize your thoughts on the git
ChaelCodes Thanks for the stream!
graefchen Thanks for explaining!
So a bunch of that stuff rolls into why we don't show comments on stories that are deleted.
twitchtd alright, thanks for your time, have a good week
The very short version of that off the top of my head is we want to disincentivize leaving comments on stories that are about to get deleted and disincentivize leaving silly comments on stories that are like bad and abusive that everybody can tell are gonna get deleted.
And I would be happy when I have more time on Thursday to pick this up.
Or of course, you can email me or you can DM me on the site.
I'm always happy to explain these kinds of subtle design decisions because I think some of them are really important.
But I am getting the look from the spouse, so I got to go.
Hope to see folks on Thursday.
because that next stream will be Thursday morning at 9 central time.
And I'll see you around GitHub.
Otherwise, until then, take care.