Languages: C++

Yeah, hard pass on looking at that code base.

“quick call?”

“sure, I’ve got time for the two hour meeting this is going to be.”

“I guess this is why real companies do regression testing.”

I’ve heard nothing but good things about HTMX

I’ve only ever heard anything “bad” about HTMX and it was here on Lemmy, actually. I ran into someone who was absolutely certain that HTMX was unsafe by design because it leveraged HTML over the wire and was therefore susceptible to HTML injection attacks, specifically by injecting malicious scripts that could be ran from domains you didn’t control. I tried explaining that proper utilization of access-control headers innately prevented this because they worked on the browser level and couldn’t be intercepted or interfered with by HTML injection by design, but he kept insisting it was unsafe while refusing to elaborate. He was very wrong, of course, but also very confident.

I do a lot of systems and backend programming and HTMX is the only way I can actually be productive with frontend work when I have to do it. It’s so simple and straightforward.

This is the only actual explanation I’ve found for why numpy leverages its own implementation of what is in most languages a primitive data type, or a derivative of an integer.

I think there’s a difference between “python guidelines encourage” something and “this is a common coding pattern.” Yes, you can use try/except for flow control, but there’s a lot of people, myself included, who try to use that style sparingly.

python guidelines

Do you have a specific PEP you’re referencing or is this one of those “I assume this must be the case because of how common using try/except statements for flow control are” kind of things?

I’ve heard similar from the worst first year CS students you could ever meet. People talk out their ass without the experience to back up their observations constantly. The indentation thing is a reasonable heuristic that states you are adding too much complexity at specific points in your code that suggests you should isolate core pieces of logic into discrete functions. And while that’s broadly reasonable, this often has the downside of you producing code that has a lot of very small, very specific functions that are only ever invoked by other very small, very specific functions. It doesn’t make your code easier to read or understand and it arguably leads to scenarios in which your code becomes very disorganized and needlessly opaque purely because you didn’t want additional indentation in order to meet some kind of arbitrary formatting guideline you set for yourself. This is something that happens in any language but some languages are more susceptible to it than others. PEP8’s line length limit is treated like biblical edict by your more insufferable python developers.

Yeah, but it’s still a Ship of Theseus problem. If you have a ship and replace every single board or plank with a different one, piece by piece, is it still the same ship or a completely different one, albeit an exact replica of the original. It’s important because of philosophical ideas around the existence of the soul and authenticity of the individual and a bunch of other thought-experimenty stuff.

You would have to functionally duplicate the exact structure of the brain or its consciousness while having the duplication mechanism destroy the thing it was reading at almost exactly the same time. And even then, that’s not really solving the issue.

It’s “y’all” - as in a contraction of “you all.”

If you don’t establish an encryption mechanism for secrets that allows for automatic, in memory decryption on deployment from the start of your project, then your project is run by incompetent developers/ops specialists/architects/management/etc. and deserves to fail.

They’re statistically correlated with incidents of mauling. Nobody is denying the statistical correlation. But there is a difference between observing a statistical correlation between breed and maulings and asserting a causal relationship. My argument is that the assertion that “pit-bulls are innately, biologically predisposed towards violence against people and other animals” is not supported by meaningful evidence. If you are arguing that they are, then you’re gonna have to convince me with more than “insurance companies say they are.”

“If a big corporation says something is one way, it must be so. They have a lot of money, after all.” Your argument is peak “Argument to Authority.” I guess it’s a good thing those insurance companies like AIG were able to effectively assess their degree of risk exposure in the housing markets in 2008 and avoid collapsing when the housing market imploded. Oh, wait…

One of the things we based rates on was the breeds of dog people owned. Pitbulls and certain other dog breeds do not just have a bad reputation because people irrationally fear/hate them, they actually do pose a greater risk.

This is a classic example of someone observing a statistical correlation between specific factors and using that to assert a direct causal relationship between them. It implies that an insurance agency is able to 1) accurately identify every single breed of dog in every single insurance related incident (which is definitely not the case, because I doubt every insurance company is doing genetic testing on every single dog it comes across) and 2) tie a causal relationship between dog breed and incident. If I were going by typical insurance metrics, and to borrow from your analogy of “teenagers as unsafe drivers,” you would also assume that red Camarros, something more expensive to insure than your more conservative sedan, were statistically more dangerous than, say, a white Civic, as if they were what caused their drivers to get into car accidents, as opposed to young, reckless people interested in a fast sports car to simply go out and buy one. These are people who would be reckless behind the wheel of any car, but who are statistically correlated with a particular type of one. But you still mark the red Camaro as more expensive to insure regardless of who buys it because it’s statistically correlated with a higher degree of accidents.

Pit-bulls. Most of their bad reputation comes from organizations that campaign against their very existence and people will quote pit-bull bite statistics with the same lack of irony as a white nationalist quoting FBI crime statistics about people of color.

“After I leave, this is going to be someone else’s problem.”

This demonstrates a profound misunderstanding of HTMX, and how websites in general operate. So much so that I would not hesitate to describe this as somewhere between a baldfaced lie and just malicious incompetence. You can’t “invoke logic via HTML attributes,” but you can describe it. HTMX is a client side javascript library that parses custom elements you define in your HTML and uses the data described by them to initiate AJAX calls via the fetch() or XMLHttpRequest browser APIs, which CSP explicitly covers via the connect-src directive: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src. It’s literally just a javascript library that parses HTML and uses it to parameterize AJAX calls. If HTMX were somehow able to bypass CSP, then every single piece of clientside JavaScript in the world could violate it.

“Wow, these screen doors really suck. I’ve stuck them on my submarine, but they just don’t keep the water out at all. Some people are going to say that I’m a fucking moron and don’t understand the technology I use or that I’m too goddamn lazy to actually take the necessary steps to keep water out of my submarine, but I know they’re wrong and it’s the technology’s fault.”

In all seriousness, HTMX is a tool designed for a specific job. If you have an API that has either non-parameterized endpoints to hit or an endpoint that accepts a single integer value or UUID or…whatever to perform a database lookup and return stored values to be interpolated into the HTML that endpoint returns, then, great, you’ve got a lightweight tool to help do that in an SPA. If you’re using it to send complex data that will be immediately and unsafely exposed to other users, then…that’s not really what it’s for. So, I think the core issue here is that you don’t really understand the use case and are opposed to it because to use it in a way that is beyond or outside the scope of its established convention is unsafe without extra work involved to guarantee said safety. It also implies you are running a website with a content security policy that either explicitly allows the execution of unsafe inline scripts or which does not care about the sources to which a script connects, which is the only way you could realistically leverage HTMX for malicious ends. So, ultimately, the choice to not adopt comprehensive security measures is one you are free to make, but I wouldn’t exactly go around telling people about it.