• 7 Posts
  • 156 Comments
Joined 2 years ago
cake
Cake day: June 11th, 2023

help-circle
  • They were talking about hosting the git repository via sftp - so bare file transfer - a bare repository. And how that was enough for them.

    While that is also hosted, and hosted through a service, it’s only a file transfer service and hosting.

    That means specifically without a hosted service like a forge or gerrit.

    Which is why I was interested in how they handle stuff that is usually done through such forges and services / hosted software.









  • It is not a generic term for source-available software, and never was.

    The problem with that reasoning is that precedence and origin do not necessarily define language use after it. Language evolves. Society and communities make up new or change definitions.

    Misuse of the term is evidence that it’s not universally understood to be one way.

    I think it’s mainly because “open source” can be understood as accessible, readable source. And many people seem to intuitively understand it as such. The “free” terminology on the other hand has a more ambiguous meaning between freedom and no cost. And early on, the “freeware” terminology was established as a differentiation to “free software”. “Open source” does not have such an equivalent established differentiation (like “source-available”, which seems to be just not as prevalent, maybe because there have been much fewer products with that alone).

    I understand the desire to correct, specifically with the established OSD. But I have to wonder if it will ever bear fruit, given these circumstances. And in consequence, whether it’s even worth to point out.


  • I still hate the “vibe” terminology.

    What I would have liked it to mean: While coding, put on some music, and zone out to coding.

    What it means now: Prompt an AI to generate working code and solutions.

    I don’t get where the “vibing” comes in. I guess you don’t have to think about the technical details? And that’s vibing? Maybe it’s just unfamiliarity and lack of practice, but poking the AI via prompting and thinking about how you can influence it better doesn’t feel like you could zone in to or “vibe”.

    Maybe it’s about letting go of reasoning and just going for it? Vibing in the sense of going with the flow?

    It’s not the first terminology I find unfitting. I’m trying to accept that it is what it is, and that it just is what “we collectively” have decided to call it (or ran with).


  • really cool animations

    When will it launch?
    I’m not entirely sure yet. I’d love to get it out before the European summer this year.

    What if I want it right now?
    I’m going to do a pre-order, where you’ll get access to the chapters that are already written. You’ll get to see each chapter slowly take form as I push out new drafts.








  • The collaborative sharing nature of these platforms is a big advantage. (Not just VS Code Marketplace. We have this with all extension and lib and program package managers.)

    Current approaches revolve around

    • reporting
    • manual review
    • automated review (checks) for flagging or removal
    • secured naming spaces

    The problem with the latter is that it is often not necessarily proof of trustworthyness, only that the namespace is owned by the same entity in its entirety.

    In my opinion, improvements could be made through

    • better indication of publisher identity (verified legal entities like companies, or of persona, or owned domain)
    • better indication of publisher trustworthiness (how did they establish themselves as trustworthy; long running contributions in the specific space or in general, long standing online persona, vs “random person”, etc)
    • more prominent license and source code linking - it should be easy to access the source code to review it
    • some platforms implement their own build infrastructure to ensure the source code represents the published package

    Maybe there could be some more coordinated efforts of review and approval. Like, if the publisher has a trustworthiness indication, and the package has labeled advocators with their own trustworthiness indicated, you could make a better immediate assessment.

    On the more technical side, before the platform, a more restrictive and specific permission system. Like browser extensions ask for permissions on install and/or for specific functionality could be implemented for app extensions and lib packages too. Platform requirements could require minimal defaults and optional things being implemented as optional rather than “ask for everything by default”.





  • I love Nushell in Windows Terminal with Starship as an evolution and a leap of shell. Structured data, native format transformations, strong querying capabilities, expressive state information.

    I was surprised that the linked article went an entirely different direction. It seems mainly driven by mouse interactions, but I think it has interesting suggestions or ideas even if you disregard mouse control or make it optional.