throwawasiudy's comments

In case it isn't obvious to everyone, the government runs or has tapped most or all TOR exit nodes. This has been going on forever.

Nobody knows exactly what the attack is...but if they're willing to drop cases to cover it up, its probably something that either: 1) completely breaks TOR permanently 2) is easy to bypass/block

Since TOR has withstood a lot of scrutiny I'm betting on option #2. They found a total break but it's really brittle. Either an exploit in software, or more likely, some protocol hiccup that allows them to de-anonymize users running certain popular software or OS.

It's kinda sad that TCP was chosen so long ago for HTTP that there's effectively no changing it. With modern TLS the underlying data guarantees TCP gives you just aren't that useful. We have kinda a weird situation where we have TCP->TLS->HTTP in layers when it could all be one protocol layer. We also wrap a stateless protocol (HTTP) inside a stateful (TCP) one which causes some insanity.

What the problem with doing it the current way? Massive routing inefficiency at scale. Since the layers for persistence and routing (L2-4) don't carry all the info needed to connect to a server (some like headers and URL are up in HTTP - L7) it's mandatory to "unwrap" through the protocol layers before you can determine where a stream/packet/HTTP req is supposed to go.

This means you can use something like IPVS as your L2-3 load balancer, but once the streams are divided out by IP/port you need to do the TLS+HTTP in one step. There's also some hard limits on how much traffic a single IVPS instance can handle because balancing TCP even at low level requires the router to keep track of connection state (conntrack). So we have this situation where there's a main low-level balancer with some arbitrary traffic limit imposed from TCP overhead, and behind that we have a bunch of child balancers doing way more work than they should be handling the connection from the TCP level through TLS and HTTP before they can pass on the connection to a back-end app server.

This could all be avoided if HTTP was a stateless UDP based protocol, and TLS was baked in rather than being an additional layer. It would make routing and load balancing far more effective at scale. You probably wouldn't see nearly as many DDoS attacks succeeding, because the vast majority of them exhaust CPU power far before they actually flood you off the net.

holy shit wtf

Cloning a reply I made earlier talking about that exact situation:

It's not my company or me, it's my clients. Here's a sort of long winded story explaining what I mean that the corporate world can't use anything with the name "cockroach". If you disagree after reading, I'm open for a friendly debate.

Average project, some 60 year old VP signing off on 100k of custom software with 8 pages of lawyer speak contracts is NOT going to allow "his" project to run off of "cockroach database". VP's/CEO's like to take personal ownership of projects they feel will go well, and ones done with us usually do. None of these people want ANY chance of their project getting criticized internally, so nobody will use CockroachDb. It's just not going to happen. Having successful projects is an easy way for these people to gather promotions and respect. Having any part of it do with "cockroach" could result in the whole project being an embarrassment.

Imagine the database goes down one day. One of their low level staff calls us(we have ongoing support contract). Problem gets rapidly escalated to development. One of our lead developers replies to the email thread, that by now has a third of the clients' company on it. "Yeah see the problem was the cockroach database that wasn't supposed to go down needed to be restarted" . Most of the staff think we're joking. Guarantee this becomes a big pun around their office, every time anything breaks in the app they say "maybe the cockroaches on the back end died again".

It's made worse by the fact that issues in software systems are commonly called "bugs". Well, our system doesn't have general bugs anymore, it has "cockroaches". Do you think this is an unlikely scenario? Because it's not. Besides the word "cockroach" this is exactly how urgent issues tend to be reported and fixed. Replace "cockroach" with "Microsoft" and I've probably violated my NDA. After that incident, whoever championed the project, probably our strongest ally in the company, resents us for making such a stupid mistake that resulted in his project becoming a joke. Maybe we aren't as great of a dev shop as he once thought? Maybe it's better to do open bidding next time so whoever wins he can't be blamed directly for what happens.

You could say their company culture sucks, maybe it does? But that doesn't change that I can't use it on any client projects because of the chance we'll lose hundreds of thousands over a stupid name.

There's plenty of other names that convey meaning but don't make lawyers nervous. Your attitude of "oh, well if you can't use it your company culture sucks" is EXACTLY why nobody will rename it and why corporate american won't touch it. Nobody cares about how cool it is to be edgy when millions of dollars are on the line. If you plan on forcing clients to use it you might as well hold a going away party for any of your clients with more than 5M revenue.

> You can always use DataContext.Database.SQL(query) ofc

that's pretty much our MO :) . Never used Dapper, how reliable is it? I ask because we use StackExchanges' Redis client for C# and it mysteriously crashes even after untold hours of debugging

I had the same issue with another tool I used called "agent ransack". The solution is simple, offer the same product with a different name to corporate clients. They have a different download called "file locator pro" that's literally exactly the same, without the bad name.

Guess which one we use in the office?

My god it sounds like the philosophical ideals of somebody plucked straight from the Star Trek universe. Are silicon valley billionaires really this detached from reality?

The reason globalization is coming to a screeching halt is that human cultures vary so much. It's slowly going away, but in general for a belief to truly die off; everyone that believes in it needs to be dead. This gives us around 70 years before the walls really start coming down. That's assuming hate and prejudice are globally snuffed from the ears of the young and impressionable yesterday.

Sounds like he thinks a globally ideal society is possible and not that far away. Sounds like he needs to visit a country locked in civil war for the last 50 years for a week or two.

The "developed" world is quickly approaching utopia, but the other 4 billion people are rapidly being left behind. It's a tragedy that a double digit percentage of the human population is starving to death while I sit here in my heated and air conditioned house with ten foot ceilings, more rooms than people in it, nearly free electricity, running water of any temperature, instant access to any information I want through the internet, and more vehicles than people living here.

He needs to take a look at Bill Gates who's a lot older and wiser than Zuck appears to be. Bill has gained immense respect from me in recent years even though I'm still not a fan of Microsoft. He's doing things that will truly make a difference that nobody else wants to pay for. We make such a hero out of somebody that runs into a burning building to save one person. Bill Gates is bank rolling malaria vaccines that might save 400,000 lives a year. What does that make him? A saint at the least.

Zuck should go back to building his internet satellites, that's a lot better use of his billions than some kind of fairy land curated "safe space" for SJW's to hang out in.

There's one BIG problem with LINQ. I'll agree that the syntax is marvelous, a game changer. The problem is performance.

It's gotten slightly better over the years but compared to an ORM with less abstraction like Hibernate it's still dog slow. Every MS project I've worked on was mostly LINQ...then a folder called "dirty SQL" for the heavy stuff.

I'm not sure if it's due to the highly abstracted nature or just not making performance a priority but in my experience sane Hibernate queries are about 1/2 the speed of native SQL and LINQ is closer to 1/50.

I hope and pray they can make the performance at least within an order of magnitude of raw SQL or even Hibernate so I can say goodbye to SQL forever.

Fair enough, we can disagree cordially on this one. I agree that it shouldn't matter but we disagree that it does.

The other names you mentioned have a more silly connotation then bad or gross but I understand your point.

I will still serve as an example of somebody that will avoid cockroach db due to name alone so there's at least one of us out there

It's not my company or me, it's my clients. Here's a sort of long winded story explaining what I mean that the corporate world can't use anything with the name "cockroach". If you disagree after reading, I'm open for a friendly debate.

Average project, some 60 year old VP signing off on 100k of custom software with 8 pages of lawyer speak contracts is NOT going to allow "his" project to run off of "cockroach database". VP's/CEO's like to take personal ownership of projects they feel will go well, and ones done with us usually do. None of these people want ANY chance of their project getting criticized internally, so nobody will use CockroachDb. It's just not going to happen. Having successful projects is an easy way for these people to gather promotions and respect. Having any part of it do with "cockroach" could result in the whole project being an embarrassment.

Imagine the database goes down one day. One of their low level staff calls us(we have ongoing support contract). Problem gets rapidly escalated to development. One of our lead developers replies to the email thread, that by now has a third of the clients' company on it. "Yeah see the problem was the cockroach database that wasn't supposed to go down needed to be restarted" . Most of the staff think we're joking. Guarantee this becomes a big pun around their office, every time anything breaks in the app they say "maybe the cockroaches on the back end died again".

It's made worse by the fact that issues in software systems are commonly called "bugs". Well, our system doesn't have general bugs anymore, it has "cockroaches". Do you think this is an unlikely scenario? Because it's not. Besides the word "cockroach" this is exactly how urgent issues tend to be reported and fixed. Replace "cockroach" with "Microsoft" and I've probably violated my NDA. After that incident, whoever championed the project, probably our strongest ally in the company, resents us for making such a stupid mistake that resulted in his project becoming a joke. Maybe we aren't as great of a dev shop as he once thought? Maybe it's better to do open bidding next time so whoever wins he can't be blamed directly for what happens.

You could say their company culture sucks, maybe it does? But that doesn't change that I can't use it on any client projects because of the chance we'll lose hundreds of thousands over a stupid name.

There's plenty of other names that convey meaning but don't make lawyers nervous. Your attitude of "oh, well if you can't use it your company culture sucks" is EXACTLY why nobody will rename it and why corporate american won't touch it. Nobody cares about how cool it is to be edgy when millions of dollars are on the line.

If you plan on forcing clients to use it you might as well hold a going away party for any of your clients with more than 5M revenue.

May I suggest renaming the thing already? 90% of the business world can't touch it with a name like that.

How about Duradero ... Spanish for durable. The name doesn't seem to be taken by any other database type software

their name is the stupidest startup blunder I've ever seen. Enterprise won't go near it, seriously. I cannot tell a client I'm using a "cockroach" database, no fucking way.

If we could go back and rename Windows Hitler would anyone be using it???

Maybe I should talk to a lawyer...

This is my issue - I don't know. I assume any time is worth wasting if your developer builds even a small business since the value of anything over 5 employees is likely more than a million. Time management is not my concern at all. If I could legally start a business I would begin working on it tomorrow

My current strategy is to open source everything because there's no reasonable way my company can take ownership of something that's free. I can't develop anything for money even though I've been asked to consult many times for many people.

My employment agreement at last three companies says they own any intellectual property I create on or off business hours with or without using company equipment. Whether or not its related to the current business.

I personally hate node with all of my being, but Go is good stuff and Java has two very solid REST frameworks Jersey and Spring Boot. Depending on the project needs you could use DropWizard or Play which come with a really solid REST API framework builtin.

I was always partial to Pythons Flask as well

What did we run into? Tons of brokenness. Inability to use C# libs was the biggest problem, if you're trying to make anything significant you're going to have to roll your own everything. Java is the safest bet for large projects, I've never run into any issues finding a quality library to do anything. This is coming from a guy that's been a career C# dev for years and wishes he could defect to Java.

I agree 100%. My last place was a 100% MS shop and while .NET core seems like it will be great we ran into endless problems, specifically with compatibility and existing libraries. We couldn't get anything more than a toy project to work.

I recommend anyone looking at .NET core to use Java for now. The languages are basically mutually intelligible and while java is a bit less syntactically pleasant it gets the job done, and the tools are quite mature. Arguably Java has, and has had, 99% of what .NET core is trying to achieve for many years. Using the right frameworks it's incredibly fast, multiplatform, and even serverless.

The biggest problem that you run into with Java is too much choice, the opposite of the .NET framework. Deciding which tools to use takes a fair amount of research because the ecosystem is so massive. I've been cutting my teeth on it for the past couple months and I would say go with these frameworks:

DropWizard Play Jersey

running on Grizzly, Jetty, or Netty depending on which project supports what.

Database-wise for ORM nothing beats Hibernate. Entity framework is basically a slower more confusing copy of hibernate, coming from someone that's used both. The main advantage of EF is LINQ which Hibernate can't quite match in theory but usually does in practice(the queries generated by HQL tend to be a lot less....stupid)

it's not like emergency services will have any trouble getting into locked rooms. This was a giant inconvenience rather than any real danger.

it's possible and not even bad. Just live in a long stay hotel for a month or two until you find a house. Pay 3-5 k to have all your stuff packed up from old house and dropped at new house. Pay realtor to sell old house.

Simple, it could all be arranged within days.

> I don't want to raise money and I only have a few $k

BE VERY AFRAID. I did this thinking I could get something off the ground fast enough to generate minimum income to live. It's possible ONLY if your level of support is "I live at mom & dads house".

I had enough social support to undo my mistake but it took close to 4 months to find another comparable job. It took another 2 months to pay back my friends for their generosity. 6 mos down the drain living on shitty couches and damaging friendships when I could have been saving money to make a less halfhearted attempt.

I will do it again, but a more realistic amount of money to start a business is 20-30k if you're on your own. This initial cash is your runway of sorts. If you have a few co-founders you could probably swing 40k all together. And 30k is enough of your own skin in the game to get an investor to double or triple that. 50-100k is enough to start a real bootstrapped business.

Also be wary of working on your new project while working for your current employer. Most have non-compete and ip-assignment clauses in the contract. If you're running a dog walking business it isn't worth their time, but if you ever build a business to the multi-million level they will swoop in and take everything you have.