Sven Slootweg (soft-deprecated) @joepie91@pixie.town
- Future new account
- @joepie91@slightly.tech
- Matrix
- @joepie91:pixie.town
- Pronouns
- they/them, he/him, whatever, it's not like I have any idea either 🙃
In the process of moving to @joepie91. This account will stay active for the foreseeable future! But please also follow the other one.
Technical debt collector and general hype-hater. Early 30s, non-binary, ND, poly, relationship anarchist, generally queer.
- No alt text (request) = no boost.
- Boosts OK for all boostable posts.
- DMs are open.
- Flirting welcome, but be explicit if you want something out of it!
- The devil doesn't need an advocate; no combative arguing in my mentions.
Sometimes horny on main (behind CW), very much into kink (bondage, freeuse, CNC, and other stuff), and believe it or not, very much a submissive bottom :p
My spoons are limited, so I may not always have the energy to respond to messages.
Strong views about abolishing oppression, hierarchy, agency, and self-governance - but I also trust people by default and give them room to grow, unless they give me reason not to. That all also applies to technology and how it's built.
Joined Aug 2019
Sven Slootweg (soft-deprecated)
boosted
imagine if my brain let me turn all the cool and viable ideas i have into shareable projects
@starless Already completed the latter, it was nice :D Never heard of the former though, will have a look, thanks!
@silvermoon82@tech.lgbt I have... strong feelings about this :) The main problem is that there's just currently no (credible) automated way to reliably assess the risk involved in dependencies, and it's unlikely that one can ever exist because of the nature of the problem. The best you can do there is pretty much "spotting known problems to look at", and that scope will be very limited.
*Ideally*, you would manually review every dependency. This is actually viable in practice in JS, *if* (and only if) you strictly stick to single-responsibility dependencies that have a very well-defined scope, but even then it's still a very time-consuming process, and there should really be good tooling for doing this collaboratively across the community, to spread the work.
But... there isn't. :|
I explicitly don't trust for-profit corporations to build such tooling, because "for-profit" and "public commons" don't go together and it'll invariably end in doing free labour for a commercial party rather than a genuine community project. But there's also very little ongoing work in this area in general.
The 'immediate' advice I generally give for JS nowadays is to stick strictly with single-responsibility dependencies regardless of how high it makes the dependency count go up. Because that way many of your dependencies will simply not *need* maintenance, and swapping out a dependency in the worst case is super cheap. It's also much easier to audit them manually because all code is 'local' instead of coupled to other parts of the stack.
(I wrote a bit more about the counterintuitive nature of JS deps over on the birdsite a while ago, if you're interested: https://twitter.com/joepie91/status/1065193459349446656)
@starless I do have a bit of a soft spot for the 'ragtag band of queer weirdos flying through space' subgenre, but I imagine that that might not be that big of a genre :)
@f0x Thanks! Will have a look
@silvermoon82@tech.lgbt Ahh, yeah. I guess they changed their pitch up quite a bit since I last looked at them - previously they were very much trying to be "the solution to funding OSS, pay once to pay everybody", which I really didn't like because they were essentially positioning themselves as a monopolistic OSS funding gatekeeper, intentional or not.
The current presentation does seem a lot better and a lot more measured. I have no idea how accurate their metrics are, though, and I do hope that it isn't just prioritizing Tidelift-affiliated packages...
@silvermoon82@tech.lgbt (I should note that my dayjob is basically "dependency auditing" and I've seen a loooot of bad software supply chain services, so that's where a lot of the skepticism comes from :p)
@silvermoon82@tech.lgbt Which vendor is this? I'm generally extremely suspicious of such vendors, because they tend to use simple (and very wrong) metrics that mostly just end up reinforcing harmful maintenance practices, but upstream support (also financially) does sound a bit better than usual.
@silvermoon82@tech.lgbt I'd argue that that'd be more 1.5 :p
I propose a new classification system for language proficiency:
0. Cannot speak it at all
1. Can swear and insult in it
2. Can understand linguistic jokes and puns
3. Can write toots in it to complain about stuff
4. Can understand bureaucratic government/tax stuff
5. Can understand legal texts
lmfao apparently there's a release group named PLZPROPER which is breaking automatic TV show downloaders left and right because their releases are incorrectly identified as propers
Love systems where the "disk full" failure mode is "guess I'm gonna delete your files then lmao"
work
@riley@toot.site Congratulations! You are now the designated Devops Disaster Response
@ckie we're all banned on this blessed day
@thufie so because of that post you are now banned, right
Sven Slootweg (soft-deprecated)
boosted
i hope that the london metal exchange never switches away from open outcry (having people trade face to face instead of electronically) because it results in absolutely fantastic photos
Anyone have any queer sci-fi recommendations? Especially books, though shows/movies are also OK :) :boosts_ok_gay:
food
@schratze Huh? I've generally found the opposite to be true here in NL
@kaasiand Ziet er nice uit!
- Future new account
- @joepie91@slightly.tech
- Matrix
- @joepie91:pixie.town
- Pronouns
- they/them, he/him, whatever, it's not like I have any idea either 🙃
In the process of moving to @joepie91. This account will stay active for the foreseeable future! But please also follow the other one.
Technical debt collector and general hype-hater. Early 30s, non-binary, ND, poly, relationship anarchist, generally queer.
- No alt text (request) = no boost.
- Boosts OK for all boostable posts.
- DMs are open.
- Flirting welcome, but be explicit if you want something out of it!
- The devil doesn't need an advocate; no combative arguing in my mentions.
Sometimes horny on main (behind CW), very much into kink (bondage, freeuse, CNC, and other stuff), and believe it or not, very much a submissive bottom :p
My spoons are limited, so I may not always have the energy to respond to messages.
Strong views about abolishing oppression, hierarchy, agency, and self-governance - but I also trust people by default and give them room to grow, unless they give me reason not to. That all also applies to technology and how it's built.
Joined Aug 2019
