Hacker News new | comments | show | ask | jobs | submit login
Hack everything without fear (drewdevault.com)
166 points by RX14 8 months ago | hide | past | web | favorite | 33 comments

Like most hard things in life the most honest advice anyone can give you is stop worrying about getting stuck, embrace confusion and learn to love being lost. If you can learn to not lose confidence when you’re in the wilderness then you have learned how to learn. Unfortunately this is challenging to do. It’s like telling someone the way to do a pull up is to do a pull-up. For self motivated people this is all the coaching they need. For most however, they need someone to hold their hand through all the steps.

Actually, I was stuck for years, not being able to do a single pull-up, until I found a youtube video that explained how to progress in pull ups[1] The way was counterintuitive to me, so it would have never occurred to me.

The method consists in actually jumping, skipping the hardest part, then when being on top with the head above the bar, you let your body fall as slowly as you can. It turns out this works because in the eccentric phase your arm muscles are more powerful, but you are still able to progress overall.

The advice I would give is, as you said, embrace confusion but pay attention to where is your next mentor, the one that will show you that little trick or that little piece of understanding that will get you progressing.


Another way is to work negatively. So in a sense you do a pull up by doing a reverse pull up— that is you start at the top of the pull us and lower yourself as slowly as possible (like in you’re method). Just rather than pulling yourself up you just jump yourself or step up to the top. After so many sessions of that you’ll be doing them without much difficulty.

I’ve found in learning the process can be similar. If I don’t understand something I can only read so much and study so much. I have to get my hands into it. I will pull down a codebase, run it, change it, break it, fix it, try and emulate it from first principles and contrast that with my reading and repeat. The best way I’ve found so far is to couple that with bottom up learning— working and reworking the fundamentals as I capitulate and bounce off the walls of reverse engineering and experimenting. I can’t confirm the benefits of that for anybody else but it works for me and keeps me interested

Uh, isn’t that exactly what the parent comment just said? It sounded to me like they were doing negatives.

Not to me. But granted— they linked a video displaying supine form whereas I assumed, without watching, they'd shown wide pronate. The latter form is notoriously difficult and I felt like detailing further would be helpful.

The quickest example I could find (of pronate form) is this guy, (but he's right): https://www.youtube.com/watch?v=yLXn2OtQmxo

Wanted to add, off topic but for interested parties of the digression, a good resource— Scott.. from Boston? never checked. But he's pretty good: https://www.youtube.com/watch?v=MogM8PlV1NI

You get the fastest progress if you start the exercise with a weight that you can actually lift a few times in a row. Fortunately there is a way to decrease your effective weight when doing pull-ups - tie a resistance band on the pull-up bar and rest your knee against the bottom part of the loop. Start with a heavy resistance band and progress towards light and finally none.

I was a TA for a freshman college class that would deliberately give homework assignments on things not covered in lectures. We were told to direct the students to resources that would help them learn these things, but not teach them directly. You should have heard the wailing and gnashing of teeth! The general consensus among those students a few years later was that they were glad for the wake-up call: most things you'll have to learn are not entirely handed to you in class, and the sooner you learn to get on with your life in such a world, the better off you are.

(We down-weighted those assignments in the grading, of course, so that people with GPA requirements for scholarships didn't suffer.)

Author here. Thanks for your comments! I would like to, in the future, write articles going into more detail about how to explore new codebases.

I spent hours last night figuring out why some base64 PNGs wouldn't render. That used to be a classic example of something that would frustrate me to my wits end. But this time it was so much fun to understand the problem intimately.

It helps that I have the flexibility to dig in instead of feeling the timeline pinch.

> For most however, they need someone to hold their hand through all the steps

Part of intellectual maturity is learning how to not need the hand.

This used to called a “can do” attitude. Back then I think it meant you were willing to roll up your sleeves and do the hard physical work needed to put things right. Now that the world is more technical than mechanical, “can do” requires delving into circuits and SLOC, hacking far less visible and more complex entities. It's only when those circuits and apps are open that “can do” has a hope of staying alive.

In the closed worlds of today's mobile infractructure (i.e. iOS and Droid “walled gardens”), remaining “can do” is getting harder. If I could trade mine in for a truly open smart phone, I'd do it in a heartbeat.

I'm still using Nokia N900, which is pretty close. I've used Openmoko Neo Freerunner pretty long, but unfortunately its performance was hard to stand anymore. For development, I also have Samsung Galaxy S3, which was the last one to have its baseband separated from the CPU. Replicant works there, so it might be a good choice in this regard as well. Looking forward for Librem 5, Neo900 or Pyra Phone now - whichever happens first. You need to make some sacrifices (hopefully less and less as the time passes), but the choice is there.

Once I was interested in obscure code base because my motivation was to discover smth which a few people would know about. But these days, I see github repo with large number of contributors, who are smarter than me (often), it's an instant motivation killer. I rarely checkout other's code unless it's related to the problem I am solving.

If you work at a company with a large code base, you quickly come to realize that few people know how everything works. Most people only know a single part of the code that they are working on intimately. It's this intimately part that scares some people. Because each person working on the code intimately creates the picture that each person knows everything about the code. Which just isn't true.

Start small and make sure you talk to the maintainers and make sure they are comfortable with you and what you want to work on. Introduce tiny patches to begin with. You'll disarm any gatekeepers this way, and get people on your side with you. The larger the project, the more politics involved generally.

What's 'smth' ?

"something" I think.

I actually suffer from an extra problem. I no longer trust any program you can download off the internet, except for trusted repositories (ie most of canonical's ubuntu repos, debian etc). That has been a massive drag for me, because I can't just download super convinient programs on my work computer. It pretty much stalled my interest in (amateur/hobby) programming alongside with stopping the use of pirated software, except in VMs, which are slow and inconvenient enough to not bother running them very often.

I'm almost at the same stage that you are. I think that as powerful as traditional desktop operating systems have been, they are clearly less secure than mobile operating systems which sandbox applications. People have sensitive data on their devices, and it is simply far too easy to get harmful malware on your machine. Whether from an external developer becoming compromised, or actual malicious behaviour.

I still download popular 3rd-party programs (i.e. not in the OS repos), especially if they are open-source (i.e. just GitHub), and there is evidence of active maintenance with a significant number of contributors to the project, or if it is from a reputable, popular real-life person.

I think it is a real shame. I should be able to download any program and know that they aren't just going to be trawling through the files on my PC without the OS at least asking me (and so on). It's a tricky balance between sandboxed "useless" apps, and god-mode, but something that I feel desktop OS's need to focus on if their platform is to survive.

Sounds like there's a story behind this. What happened?

"You don't know what you don't know until you go looking." Every good problem solver starts with the drive to want to solve the problem. People's motivations can vary from person to person, but these motivations are what drive them forward to want to solve the problem. Success is always a natural outcome of any problem solving technique used because even if the problem is not solved per the requirements needed, the experience of failing is still in many ways a success. The lessons learned from struggling and failing are committed to memory and can be used on another future problem. "Instead of looking for the answer, try to find a solution."

It's not a "how to" like I thought it was going to be. It's a "do it" with some tips.

Where "do it" is go ahead and hack & submit a patch on that open source project you rely on instead of working around it, get past that fear.

I've never really understood why this is hard for people, especially in the era of Github where anyone and everyone can open an issue or pull request and generally be taken seriously.

I've found it easy with python recently.

- Go on github, find the repo

- Fork the repo

- git clone https://github.com/me/forked_repo

- cd into the repo, and 'git checkout -b me_myfix'

- write your change

- cd ..

- 'pip uninstall forked_repo' so that you can work with your fork's clone instead

- Sometimes, if the repo has a setup.py, some symbolic linking needs to be setup so we can easily do 'import forked_repo'

- use 'import forked_repo'

- later, you can do 'git push origin me_myfix' and submit a pull request from Github.

I think there is a better way but I did not think about this problem much. It would be nice if someone could outline how to go about this properly. And there's almost no chance I could do this with another language since I am not as comfortable with the building/packaging with other languages.

Sometimes you don't even need to do a pull request if you have your fork on the same platform.

A while back I needed py3k support in pybindgen so hacked it in and it magically got merged into the main branch. Surprisingly, as is -- I guess I can hack on the python good enough ;)

That should mostly apply to other languages. Only the pip/import parts differ, and those generally have straightforward counterparts since most package management systems these days are pretty similar.

For some it is the fear of delivering ugly/subpar code.

It is possible for your contribution to be so bad that it is actually harmful that you tried in the first place - but that's a pretty extreme situation.

For the benefit of both the maintainers and the contributors, projects should really have advanced, comprehensive, automated code linting/style-checking/safety/etc. It should be possible to run it locally, and it should also integrate with GitHub's Pull Requests with automated comments (e.g. Travis CI).

This should instil confidence in the contributor, they know they have at least passed the basic checks.

I wonder if there's a fear under that of being mocked because someone else has different aesthetic preferences.

Well, in this day and age, that kind of thing gets called out pretty quickly.

“Do everything without fear” is also good advice. :-)

I think this article is fundamentally very bad, for one specific reason.


Me: "Hi! I just found a bug in your program. If you do A, B and C, X doesn't work properly."

Maintainer: "Our test case covers A and B and works perfectly."

Me: "Yes, C is an edge-case your testcase didn't include, and which is what breaks everything horribly. You know more about modifying your testcase than I do, but I guarantee you that when you make the change, this will fail consistently."

Maintainer: "You must provide us a new testcase."

Me: "I don't know how to do that."

Maintainer: "Our existing test cases work fine."

Me: [ Gives up before frustration turns to anger ]

This happened. https://github.com/rg3/youtube-dl/issues/7872


Me (on a sadly now-defunct forum): "I think it would be awesome if we ported my favorite application to this new OS"

Owner of application, unexpectedly: [ Long rant about the difficulty of porting things and that my ideas are going to affect him personally ]

Me: [ Freaks out ]

Forum maintainers: [ Words of comfort ]

Sadly there are no copies of the post in the Web Archive (I just downloaded the entire forum to check), but I remember the conversation well.


New contributor: "Here's a patch to this program. It fixes this and that problem."

Long-term maintainer: "We don't do things that way."

New contributor: "It'll improve performance and simplify the code."

Long-term maintainer: [ Blah blah blahblahblahblahblahblahblahblah(...) ]

New contributor: "...?!"

This is what came to mind when I thought about systemd.


The thing the article is completely missing is the political element.

It exists, it's real, I wasn't warned I'd get bitten, and I have cognitive issues and don't know how to resolve confrontation in some situations.

I generally avoid open source communities nowadays. My experiences discussing closed-source software have consistently been less toxic!

What is actually in that GitHub issue does not match your story. For example, what we can see there is you providing an example with the concrete information all replaced with "(removed)", the other person asking for said concrete information, and you replying that you don't know it, even though you clearly did and removed it from your test case.

I must admit that I did have second thoughts about posting this after I'd properly typed it out. It sounded less pointed in my head.

You are technically right. The specific issue was that youtube-dl had a bug downloading WAVs from soundcloud. The WAV in question was privately linked to me, and it was the first WAV I'd ever encountered. It's not possible to search for "has WAV" on soundcloud. I had no idea how to find one, and was unsure how to go about uploading test media (eg if it would be taken down etc).

I'll admit that yeah there was some laziness and "just fix it" and unimpressedness in there. I'm at fault to an extent.

Patch politics aside, you can at least understand the problem and come up with workarounds based on your understanding.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact