bignavy

joined 1 year ago
[–] bignavy@programming.dev 5 points 1 year ago (4 children)
[–] bignavy@programming.dev 1 points 1 year ago

I think sometimes the difference between strongly typed and loosely typed is easier to explain in terms of workflow. It's possible (note: not necessarily a good idea, but possible) to start writing a function in vanilla JavaScript without any real idea of what it's going to output. Is it going to return a string? Is it going to return null, because it's performing some action to a variable? Or is it going to return that variable? And vanilla JS is good with that.

But that same looseness that can be kind of useful when you're brainstorming or problem solving can result in unexpected behavior. For instance, I write a function that prepares a string for additional processing. For the purposes of this conversation, let's say that it removes white spaces and any non-letter or number characters, and then returns the transformed string.

What happens if I feed a number (integer) to this function instead of a string? What about a number with a decimal (float)? Does my function (and/or JavaScript) treat them as literal strings? Does it remove the decimal from the float, since it's a non-letter, non-number value?

Without Typescript, you have to either a) write your code in such a way that you ensure that the situation never comes up (i.e. by validating inputs, or by being very careful about when and how this function is used), or b) you have to handle those weird cases, which turns a cute little three line function into a 30 line monster with a switch case and typecasting. And truthfully, on any project 'at scale' you're going to have to do both.

With Typescript, you specify that this function takes in a string, and returns a string, and that's it. Then, when another dev (or you, in six weeks when you've forgotten all about this function that you wrote) tries to send in a boolean, or a float, or an array of strings, Typescript is going to blow up. Nope. Can't do that. And they (it's more fun to think of it as future you) will have to follow the rules that you put in place by writing the function the way you did, which just means being careful enough to cast a float or integer into a string before passing it, or concatenating an array, or whatever.

Strongly typed languages expect you to write functions with the end state you're expecting in mind. You've already got the solution in your head before you start typing, at least enough to know what type of data goes in and what type of data goes out.

It also hides (but doesn't totally get rid of!) some of the sillier things that JavaScript does because it's not strongly typed. True + True should probably never equal 2.

As to OP's question, though - if you know how to do things in JavaScript (.trim(), for example), then you know how to do a thing in Typescript. Manipulating data in JavasScript and manipulating data in TypeScript is identical - but TypeScript is also watching what the types of the different data types being used, and throwing up the BS flag when you get too loose with what you're doing (or don't think through the consequences of your design decisions).

[–] bignavy@programming.dev 12 points 1 year ago* (last edited 1 year ago)

Is it just an extreme difficulty spike at this point that I have to trial-and-error through, or am I doing anything wrong?

I would say this is the biggest 'aha' moment for pretty much any developer - the first time you go from "I built this myself" to "A team built this and has supported it for 10+ years". Not only can a team of three or four write a lot of code in ten years - they'll optimize the Hell out of it. It's ten years worth of edge case bugs, attempts to go faster, new features, etc. And it's 'bumpy' because some of it was done by Dev A in their own style, some of it by Dev B, and so on. So you'll find the most beautiful implementation for problems that you haven't even considered before next to "Hello World" level implementation on something else.

The biggest thing you can do to help yourself out is make sure you're clear on their branching strategy. When you're the only one working on your code, it's cool to push to main and occasionally break things and no harm no foul. But for a mature code base, a butterfly flapping its wings on that obscure constructor can have a blast radius of 'okay, we have to rebase to the last stable commit'. When in doubt, 'feature/(what you're working on)'; but there might be more requirements than that, and it's okay to ask. Some teams have feature requests tracked by number, on a kanban board, some put it in their username, etc.

Get the code pulled down, get it running on your machine (no small task), git checkout -b from wherever you're pulling a branch off of (hopefully main or master, but again, it's okay to ask) and then, figure out what the team's requirements are for PRs. Do they have any testing environments, besides building it locally? Do they use linting or some other process to enforce style on PR reviews?

And then....don't move a button. (Unless that button actually needs moved!) But try to mimic something that already exists. Create a second button in the new location. Steal from the codebase - implement something small in a way that has been done before. After the new button works - then remove the old button and see what happens.

The longer you deal with a codebase (and the attendant issues and feedback) the more you'll feel yourself drawn to certain parts of the code that you're familiar with.

Anyway, hope that advice helps! But most of all, don't be scared. You will break things unintentionally. Your code will break things. If there's not a process in place to catch it before it happens, that's not your fault; that's the senior dev/owners fault. But do try to limit the damage by using good branching strategies, only PRing after linting/testing, and otherwise following the rules.

[–] bignavy@programming.dev 36 points 1 year ago (6 children)

The most compelling argument I heard is that WASM can’t manipulate the DOM and a lot of people don’t want to deal with gluing JS code to it, but aside from that

But other than that, Mrs. Lincoln, how was the play?

You've gotten several other answers that are true and correct - the pain of implementation at this point is greater than the pain points that WASM solves. But this is also a non trivial one - most of what Javascript should be doing on a webpage is DOM manipulation.

At some point, WASM will either come out with a killer feature/killer app/use case that Javascript (and all the libraries/frameworks out there) hasn't figured out how to handle, and it will establish a niche (besides "Javascript is sort of a dumb language let's get rid of it"), and depending on the use case, you might see some of the 17.4 million (estimated) Javascript developers chuck it for....what? Rust? Kotlin? C? C#? But the switching costs are non-trivial - and frankly, especially if you still have to write Javascript in order to manipulate the DOM....well, what are we solving for?

If you're writing a web app where one of the WASM languages gives you a real competitive advantage, I'd say that's your use case right there. But since most web applications are basically strings of api calls looped together to dump data from the backend into a browser, it's hard to picture wider adoption. I've been wrong before, though.

[–] bignavy@programming.dev 4 points 1 year ago

For a second I thought my github was going viral. ;)

This is a hilarious (and interesting!) read.

As a young(er) and slightly shittier web developer, before I really understood or could implement promises effectively (or when my code would 'race' and fail to recognize that the DOM hadn't been loaded yet, so I couldn't attach event listeners yet), I was known to implement a 2 second timeout.

It wasn't pretty, but it worked!

[–] bignavy@programming.dev 1 points 1 year ago* (last edited 1 year ago)

Wish I could upvote more than once. Azure artifacts has some fucky authentication requirements (cleartextpassword is the dumbest field I’ve ever heard of - especially since it’s not clear text or a password, it’s a base64ed PAT) but there’s plenty of first party support to make it less painful, and it’s a problem you only have to ‘fix’ once.

Our prior solution was verdaccio for NPM and a shared drive location for Nuget, and….well, it beats the tar out of either of those. Being able to see exactly what’s in the feed, when it got there, who put it there….all grade a stuff. Handling SSO and such seamlessly is nice too, and being able to scope access with tons of granularity….well it seems like a rake waiting to be stepped on, honestly, but if you need to manage access it seems like a big win.

Public feeds - yes. Why reinvent the wheel? Will be easier to find and use if it’s on nuget.org.

If OP’s goal is to be able to source control all the public packages that their projects use, for security or peace of mind purposes (or to make it the sole source of packages to avoid dependency injection/confusion attacks)…there’s actually a feature of Azure Artifacts where you can pull packages from an ‘upstream’ like nuget.org and host public packages in a private feed. It’s got a gui, and it’s pretty convenient as far as such things go.

[–] bignavy@programming.dev 6 points 1 year ago

Junior-ish DevOps with some blue/green experience.

It’s a very thorny problem, and I think your willingness to put up with the trade offs really would drive what patttern of architectecture.

Most of our blue/green deployment types use a unitary database behind the backend infra. There’s a lot ways to implement changes to the database (mostly done through scripting in the pipeline, we don’t typically use hibernate or other functionality that wants to control the schema more directly), and it avoids the pain of trying to manage consistency with multiple db instances. It helps that most of our databases are document types, so a lot of db changes can be implemented via flag. But I’ve seen some SQL implementations for table changes that lend themselves to blue/green - you just have to be very mindful to not Bork the current live app with what you’re doing in the background. It requires some planning - not just “shove the script into source control and fire the pipeline.”

If we were using SQL with a tightly integrated schema and/or we couldn’t feature flag, I think we’d have to monkey around with blue/greening the database as well. But consistency is non trivial, especially depending on what kind of app it is. And at least one time when a colleague set up a database stream between AWS accounts, he managed a circular dependency, which….well it wasn’t prod so it wasn’t a big deal, but it easily could’ve been. The data transfer fees are really what kills you. We managed to triple our Dev AWS bill prototyping some database streams at one point. Some of it undoubtedly was inefficient code, but point stands. With most blue/green infra, your actual costs are a lot less than 2x what a ‘unitary’ infra would cost, because most infra is pay for use and isn’t necessary except when you go to deploy new code anyway. But database consistency, at least when we tried it, was way MORE expensive than just 2x the cost of a unitary db, because of the compute and transfer fees.

[–] bignavy@programming.dev 5 points 1 year ago

So glad I Xited right after Musk’s purchase was finalized. My days are freer and my conscience is clear!

[–] bignavy@programming.dev 17 points 1 year ago

I watched it in Vim, mostly because I don’t hate myself enough.

Not to spoil the ending either, but the nuclear device goes off because Oppenheimer smashes a bunch of keys and then finally remembers :wq.

[–] bignavy@programming.dev 2 points 1 year ago

Just because it's 'the hot new thing' doesn't mean it's a fad or a bubble. It doesn't not mean it's those things, but....the internet was once the 'hot new thing' and it was both a bubble (completely overhyped at the time) and a real, tidal wave change to the way that people lived, worked, and played.

There are already several other outstanding comments, and I'm far from a prolific user of AI like some folks, but - it allows you to tap into some of the more impressive capabilities that computers have without knowing a programming language. The programming language is English, and if you can speak it or write it, AI can understand it and act on it. There are lots of edge cases, as others have mentioned below, where AI can come up with answers (by both the range and depth of its training data) where it's seemingly breaking new ground. It's not, of course - it's putting together data points and synthesizing an output - but even if mechanically it's 2 + 3 = 5, it's really damned impressive if you don't have the depth of training to know what 2 and 3 are.

Having said that, yes, there are some problematic components to AI (from my perspective, the source and composition of all that training data is the biggest one), and there are obviously use cases that are, if not problematic in and of themselves, at very least troubling. Using AI to generate child pornography would be one of the more obvious cases - it's not exactly illegal, and no one is being harmed, but is it ethical? And the more societal concerns as well - there are human beings in a capitalist system who have trained their whole lives to be artists and writers and those skills are already tragically undervalued for the most part - do we really want to incentivize their total extermination? Are we, as human beings, okay with outsourcing artistic creation to this mechanical turk (the concept, not the Amazon service), and whether we are or we aren't, what does it say about us as a species that we're considering it?

The biggest practical reasons to not get too swept up with AI is that it's limited in weird and not totally clearly understood ways. It 'hallucinates' data. Even when it doesn't make something up, the first time that you run up against the edges of its capabilities, or it suggests code that doesn't compile or an answer that is flat, provably wrong, or it says something crazy or incoherent or generates art that features humans with the wrong number of fingers or bodily horror or whatever....well then you realize that you should sort of treat AI like a brilliant but troubled and maybe drug addicted coworker. Man, there are some things that it is just spookily good at. But it needs a lot of oversight, because you can cross over from spookily good to what the fuck pretty quickly and completely without warning. 'Modern' AI is only different from previous AI systems (I remember chatting with Eliza in the primordial moments of the internet) because it maintains the illusion of knowing much, much better.

Baseless speculation: I think the first major legislation of AI models is going to be to require an understanding of the training data and 'not safe' uses - much like ingredient labels were a response to unethical food products and especially as cars grew in size, power, and complexity the government stepped in to regulate how, where, and why cars could be used, to protect users from themselves and also to protect everyone else from the users. There's also, at some point, I think, going to be some major paradigm shifting about training data - there's already rumblings, but the idea that data (including this post!) that was intended for consumption by other human beings at no charge could be consumed into an AI product and then commercialized on a grand scale, possibly even at the detriment of the person who created the data, is troubling.

[–] bignavy@programming.dev 9 points 1 year ago

Good advice already in this thread, but I'd add: ask smart questions, and when you're engaging with a senior/mentor, build the picture for them. Everyone (including your mentor) expects you to have questions - they want you to ask questions, rather than just spinning your wheels for days and days. But they also want to know what you've tried and what you've looked at for resources. And despite appearances, they don't always have the entire code base committed to memory. :)

For instance - suppose you'd been asked to, using the UI, return a piece of information from an external API and display it within the UI.

Bad question: "Hey, so I tried to integrate that third party API, but I'm not getting a return."

"Okay - what kind of code are you getting? And what do the docs say?"

🤷‍♂️

Good question: "Hey, so I tried to integrate that third party API, but the return I'm getting from it is a 401 error. That should be an authentication error - but just in case, I pinged their server from our server, and they can reach each other. The documentation says that I have to use our key to get a JWT, but hitting the endpoint it says gives me a 401 error. I double checked our token; I've got the right one. And I'm sending it in the header as 'auth' like the documentation says. Where else should I look?"

"Oh yeah, that's a tricky one - you have to encode the token before you send it; let me see if I've got an example where you can see what that looks like....."

One of the things that will happen over time, based on the questions that more senior SDEs ask, you'll be able to 'rubber ducky' problem solve by asking yourself the questions that they would usually ask you, and it's shockingly effective to help you sort your own problems out and clear your own blockers.

view more: next ›