596 subscribers
4 photos
1 video
2 files
440 links
python, go, code quality, security, magic

Turned from Russian to English starting from this post:
https://t.me/itgram_channel/440

@orsinium

https://orsinium.dev/
Download Telegram
to view and join the conversation
πŸ”§ croc is a tool to transfer files between machines. Fast, simple, powerful, peer-to-peer, no need for local network. πŸ”₯!

#cli
GitHub introduced dark mode:
https://github.com/settings/appearance

From sites I use, dark mode is supported on Twitter, Slack, GitLab, startpage.com, Gmail, ProtonMail. Some others, like Jira, doesn't have themes yet, so Dark Reader is a solution but it makes the page load is a bit slower.

Yeah, a few months ago I had a post how researchers say that light mode is better for eyes but I can't get used to it, my eyes definitely get tired of a white screen. Bad background lighting? Glasses? I'm not sure what's the reason, I need a bit more experiments.
πŸ“„ The biggest engineering disaster at Uber is a good Friday reading about how Uber decided to rewrite iOS mobile app from ground zero and on a new language (Swift).
πŸ“ŠπŸ”§ Everything You Always Wanted To Know About GitHub. ClickHouse team took the whole GitHub archive, put it into one ClickHouse database, collected all possible stat on top of it and framed it into an article. However, the most amazing thing is that you can run your custom queries! For example, this is how I queried which my repositories in which months received most stars:

SELECT 
repo_name,
count() AS stars,
toYear(created_at) as year,
toMonth(created_at) AS month
FROM github_events
WHERE event_type = 'WatchEvent'
AND (
repo_name LIKE '%dephell%'
OR repo_name LIKE '%life4/%'
OR repo_name LIKE '%orsinium%')
GROUP BY repo_name, year, month
ORDER BY stars DESC
LIMIT 50

And this is who liked most of my projects (yes, it's me):

SELECT 
actor_login as username,
count() AS stars
FROM github_events
WHERE event_type = 'WatchEvent'
AND (
repo_name LIKE '%dephell%'
OR repo_name LIKE '%life4/%'
OR repo_name LIKE '%orsinium%')
GROUP BY username
ORDER BY stars DESC
LIMIT 50
πŸ“„ Cohesion is a good explanation what "cohesion" means. I often use this term as well as coupling and indeed it is harder to explain. I usually show it on examples. Relation between function "sin" and "sort" is really loose and they are meant to be separate packages while "sin" and "cos" are about the same, should be in the same package and can share common implementation.
πŸ“ŠπŸ”§ hercules is a couple of Python and Go tools. hercules collects repository statistics, labours visualizes it. Hard to install, long to run, the documentation is a mess, but at the end it produces fun charts.
🐍 atheris is a fuzzer for Python code written on C++. It generates random bytes, feeds it into the function and checks if it fails. To cover more cases, it on every run checks the coverage of the tested code. It has an awful undocumented API but you don't need to know much to use it. Atheris has been around for some time but Google open-sourced it only about a month ago.

In general, there are not many fuzzers for Python, so it's a great news. I know only 2 more:

+ python-afl
+ pythonfuzz

BTW, the next release of deal will have a native support for fuzzers and hypothesis.

#python
πŸ”§ ctop is a terminal UI for docker 🐳 container metrics: CPU, memory, network usage. Basically, it's like docker stats but nicer, with bar charts and graphs.
Morning reading:
πŸ“„ Amazon: NOT OK - why we had to change Elastic licensing. A post from Elastic team about how AWS uses ES without getting in touch with them.

Some moments, like trademark usage and twits about collaborations aren't ok for sure, some moments are questionable. If from the licensing perspective all is good, AWS doesn't own them anything. Sad but true, this is your decision what license to use and you should expect someone to use all permissions you give in it. On the other hand, when you provide a service, exclusively based on some third-party project, on such scale, you'd better provide some kind of support for the creators, regardless if they are a company or one lonely developer making a small pet-project on evenings.
πŸ“„ That XOR Trick is an article about properties of XOR with Python 🐍 examples. Another one fun exercise in category "avoid it on production".
πŸ“„ A new and innovative way for Google to kill your SaaS startup. TL;DR: a company's domain was added in Google Safe Browsing list and so Chrome of their users kinda blocked access to the website. The reasons how it get there remain unknown. Oh, and at the beginning of the article is a short list of related cases how Google takes control over the world. It's time for a tin foil hat πŸ‘
πŸ“„ The worst pieces of code I've ever seen. TL;DR:

* Think about your readers.
* Keep code consistent.
* The devil can be in dependencies, trust no one.
* Sometimes, it's better just replace all the module is it is too messy.
* Most of articles on writing a good code just cite or re-tell "Clean Code" or "Code complete", so just read these books.

As a side note, I hope the author doesn't read Reddit comments. There is a short summary:

* Author doesn't have any experience.
* Author is too emotional
* The problem is small and nothing important.
* The story is made up and never could happen.
* All these issues because it's JS.

Ugh, reddit...
πŸƒ gofakeit is a fake data generator for Go. Looks cool, it can generate a lot of things, like names, emails, emojis, quotes etc.

#golang
I made a thing.

πŸšπŸ”§ logit is a CLI tool that takes JSON logs from stdin and transfers them into google cloud, AWS, syslog, sentry, anywhere you want, or just nicely formats them.

It all started from idea that an application should have only business-logic in it. Later, I faced an application that has a lot of code to handle logging into GCP, which is unstable and hard to maintain. And at some point that application started to break everything because google cloud library uses grpc, networking, all that stuff that rest of the application isn't need. And it all started to go wrong because the network is unstable, grpc breaks multiprocessing, not every environment (for instance, CI) has access to google cloud and so on. In short, a lot of headache just to log things. So, if you don't want to get there, consider using logit or rsyslog.
πŸ“Š JetBrains has published The state of Go survey results. A few highlights:

+ China πŸ‡¨πŸ‡³ has the biggest ratio of Go devs, 16%. Then Japan πŸ‡―πŸ‡΅, Russia πŸ‡·πŸ‡Ί, Ukraine πŸ‡ΊπŸ‡¦.

+ Still isn't the most popular language but already in top 10.

+ Used mostly for web apps and CLI tools.

+ 82% of devs on go modules πŸŽ‰

+ most popular routers are gorilla/mux and stdlib

+ gin web framework is pretty popular, 46%. BTW, that means, more people use httprouter than the survey says (16%). Probably, they just don't know that it is in gin under the hood.

+ testify is used only by 13% of devs. IDK how others survive.

#golang
Trello Resources is a public trello board with tips on how to use trello, project, extensions, clients.
This code does not exist randomly pops snippets of C++ code either real (from debian packages source) or GPT-2-generated. Try to guess which one is real.

Hell is the code of other people πŸ‘€
πŸ“„ Bad software sent postal workers to jail, because no one wanted to admit it could be wrong. The program UK post office used for accounting has a bug that showed made it look like employees steal money. Lots of people paid from their own money, selling their homes, many end up in jail, one committed suicide. The post office knew about the bug but continued to accuse people.

There are lots of people to blame. In one side, the post office legal department that knew about the bug. They wouldn't pretend that all is correct if the bug would produce direct loses for the company, not random workers. On another side, the Post Office IT department getting a software into the work without testing and additional logs, and Fujitsu engineers not investing enough into testing the system.

The thing that bothers me the most is that the problem is already solved from early-medieval times. The solution is double-entry bookkeeping. Every change in the balance is tracked by at least 2 independent sides, so if there is an error, the records will produce different results, exposing the bug. Even more, since early telecom, we have redundant encoding to detect or even correct errors. For example, Hamming code. The same story but a bit closer to IT. Even simple logging would allow to reproduce transactions and find an error in accounting. But no, we will keep shit-coding even if human lives and/or huge money depend on it.
πŸ“„ The dispassionate developer. Warning: this post hurts. It's an essay on working for free (open source, podcasts, articles) to gain portfolio, about self-improvement and if companies should invest in it, about making technical decisions, aiming to be famous.
For a long time, I was looking for a good REPL for Go. I tried gore, gomacro, and a few similar solutions, but it all so clumsy. And so I found it.

gophernotes is a Go core for Jupyter Notebooks (I use it with Jupyter Lab, it's all the same). It misses documentation and type signature discovery (#173) but still better than everything else I tried so far.