I'm not really sure how to respond to this since you're not providing any specific rationale for your arguments. I think you may want to review https://news.ycombinator.com/newsguidelines.html if you haven't read it in a while.
I'll assume good faith and respond to what I think your argument probably is: Maintaining separate accounts just to prevent phishing is basically security through obscurity. All you're doing is adding some level of implicit trust to messages you receive on your "work account", which isn't actually secret and can probably be discovered by a sufficiently motivated person.
He is openly admitting to being vulnerable to a type of denial of service attack. If he is flooded with communications, he would be delayed in reading other important communications.
I do not advocate security through obscurity, which is security theatre. I also think Discord should open source how various systems operate, particularly law enforcement interfaces, as I do not believe law enforcement are any better.
Discord | Security Engineer | San Francisco | Onsite | Fulltime | ~$150k - $250k base + equity + hoodies (equity/hoodie split subject to negotiation)
Hello friends! We're hiring engineers for our brand new security engineering team. Check out the description here: https://discordapp.com/jobs/4362278002
Historically, Discord hasn't had a dedicated security team -- we just happen to have a small handful of engineers with a strong enough security background to pick up this kind of work in their spare time. We've since grown to the point where we finally have enough work to justify a full time security engineering team. Note that this team isn't just infrastructure security (although it certainly includes that) -- we'll also be building product features, new backend services, internal tooling, and more. If you have a solid grasp on software development, an extensive security background, and are excited about helping build a security team from the ground up, please get in touch!
Of course, if you're interested in working at Discord but not in this particular role, we have plenty of other openings at https://discordapp.com/jobs (but I'm not the hiring manager for those).
If you have any questions (about the role, Discord, resume advice, or whatever you feel like), feel free to add me on Discord at cmFtc2V5IzAwMDE=. Do note that I probably won't respond if it's a weekend (and your DM might get buried under the avalanche of work-related DMs by Monday). Last time I did this someone messaged me three Saturdays in a row and then angrily blocked me because I wasn't responding. If you're reading this: I'm sorry! Just message me on a weekday! :)
Notably absent from the list of requirements is professional work experience or a college degree. If you're a self-taught programmer passionate about this kind of work, please apply! (Of course, that doesn't mean we're not looking for more senior people as well.) As someone who got their first "real" job from a Who's Hiring thread (this one, actually: https://news.ycombinator.com/item?id=1958374) I'm super excited to be able to offer the same kind of opportunity to people who might be having a hard time getting through resume filters due to their unusual background.
Feel free to apply through the website (I personally look at every submission), but if you have any questions don't hesitate to contact me at cmFtc2V5QGRpc2NvcmRhcHAuY29t or on Discord at cmFtc2V5IzAwMDE=. Happy to give career advice or answer any questions you might have, even if you don't think you're a good fit for the role.
We're also hiring for a bunch of other stuff, but I'm not the hiring manager for those teams. If low-level/systems programming isn't your cup of tea, check out the rest of our openings here: https://discordapp.com/jobs
Are you willing to hire non-US citizens? Reverse engineering is fun and I might be a fit (e.g. having played around with IDA Pro to reverse binaries and Spectre and Meltdown, among other things).
Is Discord really using 2GB of RAM for you? Can you clarify what you mean by regularly? Discord (including all of its helper processes) is only using 190 MB of RAM for me at the moment.
The screenshot below was a particularly bad day... but Discord, Skype and Slack (all javascript "applications") compete continously for eating more ram than my actual work stuff.
Edit: for those who don't want to click, it's a screnshot of the os x activity monitor showing the worst memory consumption, in order: Discord Helper 1.98 Gb, kernel_task 1.67 Gb, Skype Helper 1.58 Gb, Slack 1.20 Gb :)
Modern RAM doesn't work the way people who complain about Slack/et al think it does. The operating system will cull it from other places when it needs it; even a native Cocoa app will not dump memory you're done with until the system decides it needs it for something else, because on the off-chance your app ends up needing it again, it's already allocated. "purge" exists for a reason.
It's like when you pull up a StackOverflow answer for "how can I judge how much memory usage my process has?", and the top voted answer is some bash script to determine peak ps, when every other answer tries to explain that that's only one measure of memory and isn't even totally accurate.
Furthermore, that nice feature of most modern apps where you're scrolling up rapidly and an image is nice and ready to present? Images are big, especially when we all use retina displays. They take up memory. There was a blog post that went on HN a few months ago but didn't seem to make the front page, wherein the author determined that forcing Electron to dump image cache junk lowers the memory usage substantially.
Could Electron & co do better? For sure. Loading an entire browser for a UI does kind of suck. But stop acting like all the stuff that the browser does for you _for free_ is or should be zero-cost.
If the memory consumption of a process grows from 200 M (which is about what the chat apps use when freshly started) to 2 Gb, something is rotten by any metric. The system was responding slowly when I made that screenshot because it started using swap. Which got instafreed the moment i restarted the memory hogs.
If i don't restart the machine for a year, is the pretty chat app going to keep in ram, uncompressed, all the cat pictures that people posted in the last 12 months then? Do you think that's sane?
> If the memory consumption of a process grows from 200 M (which is about what the chat apps use when freshly started) to 2 Gb, something is rotten by any metric.
That is just not how memory works anymore, at least not how the OS reports it to you.
> The system was responding slowly when I made that screenshot because it started using swap.
How did you determine this? If you're looking at swap usage in activity monitor, this is also not an accurate metric. I'm sitting here with 14GB used, 18GB free and 2GB of swap usage. Using swap does _not_ mean you are out of ram, it just doesn't work like that.
Is the memory pressure graph in activity monitor yellow or red? If not, which is likely the case, you don't have memory issues. You don't need more memory and it doesn't matter how much memory your applications are using.
I don't know the details of "how memory works anymore", but I do know that on my Fedora 27 laptop, everything stays nice and snappy, with under 200mb swap used, as reported by the system monitor...
...until I hit 8 gb of ram (the amount installed on my machine). The second that happens, the entire OS grinds to a halt. It starts with 5-10 seconds to change focus, and can go as high as 5 minutes if I don't do something about it. My best option for dealing with it is usually opening a new console (Ctrl-Alt-F3) and killing Android studio or the gradle daemon (the most common culprits). If I'm able and patient enough to open system monitor at this point, I can see that my swap usage has increased dramatically.
Again, I can't speak to "how memory works", but I am absolutely the expert on how my computer performs, as described above.
I've had similar experiences. Often Firefox is what's eating all the RAM, and I'm viewing it with htop. I've had cases where the freeze is indefinite and I had to hold in the power button. Couldn't change to another TTY or even ssh into the machine. When people say SWAP isn't needed, I just get mad. I've delayed these halts a bit by having some SWAP available. If I ever get slowed mouse movement, I panic and quickly check RAM usage and determine what has to be killed or restarted. I don't really understand why people pretend this doesn't happen and that unused RAM is always wasted RAM.
> ...until I hit 8 gb of ram (the amount installed on my machine).
I'm assuming you mean 8GB of ram 'used', by some metric of 'used'. What tends to confuse the hell out of people is what 'used' means. It varies by how it's measured, what OS you are using and how that OS is configured. I haven't a clue how Fedora 27 is configured nor how you are determining 'used' RAM, so my comment may well not apply to your use case.
And frankly, it seems to me like the issue is the OS being unoptimized or apps being leaky on it, because my Windows 7 machine with worse specs almost never has such issues, under any kind of similar load (and exactly the same apps).
Quit it. It was 32 Gb used (i.e. all of it, maybe 1-2 G left for cache) plus 5-6 G of swap.
I don't know how your OS X works, but mine tends to not go into swap before running out of ram. It does not come out of swap when ram is freed indeed, but when you freshly boot it it will stay at swap used: 0 bytes until someone posts too many cat pictures in Slack or Discord.
Or until i forget how many VMs I opened, but that's work and actually useful.
Edit: I can't reply to your reply because HN doesn't like so many indents. I also don't want to continue a flame war about observed behaviour vs the theory of shared libraries and memory mapped files etc so I'll stop here.
RAM is fast, disk is slow, network is really slow. Your operating system optimises for performance. Minimising RAM usage is bad for performance, because empty RAM is wasted RAM.
If your RAM is full, there is a probability that something will need to be read from disk. If your RAM is empty, there is a certainty that something will need to be read from disk or from the network. A probability of a slow operation is preferable to the certainty of a slow operation. Something in RAM is preferable to nothing in RAM.
The pretty chat app will not keep all of your cat pictures in RAM indefinitely, because the OS won't let it. If something else needs that RAM, then the cat pictures will be paged to disk. The OS is incredibly good at figuring out what belongs in RAM and what belongs on disk at any given moment.
> RAM is fast, disk is slow, network is really slow.
(all speeds are read time)
RAM speed: 35 GB/s
Disk speed: 3.2 GB/s
Network speed: 0.87 GB/s
While you aren't wrong, I have no problem loading cat pictures at network speed instead of ram speed.
I think the real issue here is network consumption is expensive. It's better if you store all your cat pictures for as long as possible. People would complain in discord generated gigabits of temporary disk files, but RAM usage can always be freed if the OS demands it.
Paging to disk makes it act much slower than simply releasing the memory when that cat has been off the screen for a moment. It is not a good solution.
The 2GB in his screenshot means that 2GB has been malloc'd and used. RAM reported as in use by an application is not being used by the OS to cache things.
RAM that's reported as "free" by OS X's activity monitor/windows' task manager is used for disk caching.
RAM reported as in use by an application is in use by that application. It could be using some sort of internal cache, but it does not give that memory up to other apps under memory pressure except by the OS swapping it out which gets very slow.
If I understand correctly this is true for the memory allocated by the os to cache files which makes intuitive sense as a file can just be read from disk if needed.
Its not clear to me how it would apply to other memory how does the os communicate to Firefox that it needs to clear out some memory for Chrome save by moving less used pages to swap with the probable high cost, of moving it back later. Further while some intelligence may be exercised insofar as which pages to swap it won't be made with the benefit of the app deciding which chunks of data to keep closer at hand.
Modern memory works the same way it always has and the best performance has always been maintained by staying within the boundaries of available ram and not needing to swap much.
When most computers have no more than 8gb of ram and consumer machines are likely to have 4 its kind of silly for a chat app to use 1-2 sillier yet to claim that the os will fix the matter.
When you calculate the sum of the so-called "memory consumption" of all processes, you generally end up with a number ridiculously above your the amount of physical memory installed on your box.
The only reliable way to learn the memory consumption of a process is to somehow make sure other processes don't allocate/deallocate memory, kill the process in question and watch the difference in global memory consumption.
I really hope the recommended method of suggesting tips (fork, modify, pull request) and the overcomplicated backend (complete with four dependencies!) is an attempt at meta-humor. Maybe we need an opensource-js.com.
I'll assume good faith and respond to what I think your argument probably is: Maintaining separate accounts just to prevent phishing is basically security through obscurity. All you're doing is adding some level of implicit trust to messages you receive on your "work account", which isn't actually secret and can probably be discovered by a sufficiently motivated person.