| --- Log opened Mon Nov 26 00:00:05 2018 |
| 00:18 | <&McMartin> | (For the record, the argument is '-fs HFS+') |
| 00:55 | | Degi [Degi@Nightstar-khsnul.dyn.telefonica.de] has quit [Ping timeout: 121 seconds] |
| 01:06 | | Derakon[AFK] is now known as Derakon |
| 02:24 | | celticminstrel [celticminst@Nightstar-l19e78.dsl.bell.ca] has quit [Ping timeout: 121 seconds] |
| 02:24 | | celticminstrel [celticminst@Nightstar-l19e78.dsl.bell.ca] has joined #code |
| 02:24 | | mode/#code [+o celticminstrel] by ChanServ |
| 02:56 | | Alek [Alek@Nightstar-o723m2.cicril.sbcglobal.net] has quit [Ping timeout: 121 seconds] |
| 03:05 | | Alek [Alek@Nightstar-o723m2.cicril.sbcglobal.net] has joined #code |
| 03:05 | | mode/#code [+o Alek] by ChanServ |
| 03:07 | | Omega [Alek@Nightstar-o723m2.cicril.sbcglobal.net] has joined #code |
| 03:08 | | Alek [Alek@Nightstar-o723m2.cicril.sbcglobal.net] has quit [NickServ (RECOVER command used by Omega)] |
| 03:08 | | Omega is now known as Alek |
| 03:08 | | mode/#code [+o Alek] by ChanServ |
| 03:21 | | Reiv [NSkiwiirc@Nightstar-ih0uis.global-gateway.net.nz] has quit [Connection closed] |
| 03:21 | | Reiv [NSkiwiirc@Nightstar-ih0uis.global-gateway.net.nz] has joined #code |
| 03:21 | | mode/#code [+o Reiv] by ChanServ |
| 04:05 | <&McMartin> | Argh dammit I swear this function was not deprecated last week |
| 04:08 | <&McMartin> | Oh right last week I was using the 10.13 SDKs |
| 04:40 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has joined #code |
| 04:40 | | mode/#code [+qo Vornicus Vornicus] by ChanServ |
| 05:10 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has quit [Ping timeout: 121 seconds] |
| 05:11 | | Derakon is now known as Derakon[AFK] |
| 05:18 | | celticminstrel [celticminst@Nightstar-l19e78.dsl.bell.ca] has quit [[NS] Quit: KABOOM! It seems that I have exploded. Please wait while I reinstall the universe.] |
| 05:36 | | Omega [Alek@Nightstar-o723m2.cicril.sbcglobal.net] has joined #code |
| 05:36 | | mode/#code [+o Omega] by ChanServ |
| 05:36 | | Alek [Alek@Nightstar-o723m2.cicril.sbcglobal.net] has quit [NickServ (RECOVER command used by Omega)] |
| 05:36 | | Omega is now known as Alek |
| 06:18 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has joined #code |
| 06:18 | | mode/#code [+qo Vornicus Vornicus] by ChanServ |
| 06:23 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has quit [Ping timeout: 121 seconds] |
| 06:34 | | Vorntastic [uid293981@Nightstar-6br85t.irccloud.com] has joined #code |
| 06:35 | | mode/#code [+qo Vorntastic Vorntastic] by ChanServ |
| 06:36 | | * McMartin hmms |
| 06:36 | | * McMartin wonders if there is a TheWatcher nearby |
| 06:37 | <&McMartin> | For I have perpetrated a Feat of the Fifth Camel, and he is one of the only people known to use that power for good instead of evil |
| 06:38 | <&McMartin> | https://sourceforge.net/p/vice-emu/code/HEAD/tree/trunk/vice/src/arch/sdl/macOS-copy-libs.pl actually works at its task and I'm disinclined to mess much further with it, but I would attempt to learn any lessons about What Not To Do when organizing Perl code. |
| 06:50 | | Alek [Alek@Nightstar-o723m2.cicril.sbcglobal.net] has quit [Ping timeout: 121 seconds] |
| 06:53 | | Alek [Alek@Nightstar-o723m2.cicril.sbcglobal.net] has joined #code |
| 06:53 | | mode/#code [+o Alek] by ChanServ |
| 07:08 | <&McMartin> | Aaand, that's it for this project. https://bumbershootsoft.wordpress.com/2018/11/26/unfiltered-cocoa-fit-and-finish/ |
| 07:13 | <&McMartin> | I got sick of writing up this project astonishingly quickly, but I guess it's been seen through~ |
| 07:13 | <&jeroud> | McMartin: I have macs running 10.8 and 10.10 if that helps. |
| 07:13 | <&McMartin> | Well, it will at various points, perhaps |
| 07:13 | <&McMartin> | Not for this most recent case, though, where 10.9 was the target |
| 07:13 | <&McMartin> | 10.10 is one of the major API breakpoints |
| 07:14 | <&McMartin> | Which is to say, while code targeting 10.9 is very likely to run on 10.8[*] code written for 10.10 won't run on anything earlier. |
| 07:15 | <&McMartin> | [*] Unless it uses C++; 10.9 is when the toolchain deprecated libstdc++ in favor of libc++ |
| 07:16 | <&McMartin> | The git repo does evolve from "requires 10.12" through to "requires 10.10" and finally "requires 10.7"; I don't have the older versions of Xcode to test on but you could in principle see if they worked. |
| 07:16 | <&McMartin> | IIRC the Requires 10.7 code won't *compile* on 10.7 because array literals weren't added to Objective-C until the 10.8 SDK, but they work on any edition of the runtime. |
| 07:22 | <&Reiver> | What made you lose interest in writing it up, McM? |
| 07:23 | <&McMartin> | It's horrible and tedious and mostly reminders of the aggravating parts of my other open-source work if not my day job. |
| 07:23 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has joined #code |
| 07:23 | | mode/#code [+qo Vornicus Vornicus] by ChanServ |
| 07:24 | <&McMartin> | To quote a bit at the end of that post where I discuss what's important but that I didn't discuss and won't... |
| 07:24 | <&McMartin> | "The install_name_tool application lets you manipulate the binaries after copying them, but this is a large and extremely painful topic that is the one that is most likely to bite open-source developers hoping to get Macintosh relases for their notionally platform-independent software. I should probably write a proper article on this at some point, but I’ve just finished wrangling this for the VICE |
| 07:24 | <&McMartin> | project and if I wrote it now it would just be several thousand words of despairing rage-froth. Maybe later next month." |
| 09:29 | | Alek [Alek@Nightstar-o723m2.cicril.sbcglobal.net] has quit [Ping timeout: 121 seconds] |
| 10:19 | | himi [sjjf@Nightstar-v37cpe.internode.on.net] has joined #code |
| 10:19 | | mode/#code [+o himi] by ChanServ |
| 14:24 | | Vorntastic [uid293981@Nightstar-6br85t.irccloud.com] has quit [[NS] Quit: Connection closed for inactivity] |
| 14:58 | | Kindamoody is now known as Kindamoody|afk |
| 15:17 | | Degi [Degi@Nightstar-d1p662.dyn.telefonica.de] has joined #code |
| 17:04 | | Emmy [Emmy@Nightstar-9p7hb1.direct-adsl.nl] has joined #code |
| 17:44 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has quit [Ping timeout: 121 seconds] |
| 17:45 | | Alek [Alek@Nightstar-o723m2.cicril.sbcglobal.net] has joined #code |
| 17:45 | | mode/#code [+o Alek] by ChanServ |
| 19:22 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has joined #code |
| 19:22 | | mode/#code [+qo Vornicus Vornicus] by ChanServ |
| 19:46 | | himi [sjjf@Nightstar-v37cpe.internode.on.net] has quit [Ping timeout: 121 seconds] |
| 21:20 | | himi [sjjf@Nightstar-1drtbs.anu.edu.au] has joined #code |
| 21:20 | | mode/#code [+o himi] by ChanServ |
| 21:48 | | Kindamoody|afk is now known as Kindamoody |
| 22:17 | <@Mahal> | https://pbs.twimg.com/media/DsvWktdVYAAz0pD.jpg:orig |
| 22:19 | <@Tamber> | hee |
| 22:20 | <&McMartin> | Glorious |
| 22:21 | <&McMartin> | Significantly more glorious than the other bug making the rounds |
| 22:21 | <@Mahal> | mmm? |
| 22:21 | <@Mahal> | what's the other one? |
| 22:21 | <&McMartin> | https://twitter.com/KrauseFx/status/1067124100332744704 |
| 22:23 | | * Mahal facepalms. |
| 22:24 | <&McMartin> | This has been making me think about the C ecosystem, which is likewise very much not batteries-included, but which does not seem to fall prey to stuff like this |
| 22:29 | <&ToxicFrog> | Isn't this the second or third time this has happened to NPM? |
| 22:31 | <@Mahal> | so the one thing I /am/ puzzled by with that. |
| 22:32 | <@Mahal> | the original developer seems ... surprised ..? that people think this is partly their responsibility. |
| 22:41 | <&McMartin> | Well, the closest I can get to this having a C equivalent would be something like |
| 22:41 | <&McMartin> | (a) I use package C, which depends on package Y |
| 22:41 | <&McMartin> | (b) package Y hasn't gotten an update in years |
| 22:41 | <&McMartin> | (c) someone else 'takes over' package Y and a distro includes their patches, which I install automatically as one does |
| 22:41 | <&McMartin> | (d) that patch was malware |
| 22:41 | <&McMartin> | In that circumstance, I would indeed place basically 100% of the blame on the distro admins |
| 22:42 | <&McMartin> | And none of the author who stopped updating years ago |
| 22:42 | <&McMartin> | This is complicated here because (a) the old author is the one who handed the baton over and (b) the old author kept their name on the account despite literally removing their ability to commit to it |
| 22:42 | <@Mahal> | Right, so I feel like blame still goes to the old author? |
| 22:43 | <@Mahal> | because they handed it over... ? |
| 22:43 | <&McMartin> | So, that's the other thing, which is that "handing it over" is apparently a thing you cooperate in doing |
| 22:43 | <&McMartin> | As opposed to, say, UQM HD, which the UQM project has zero input into |
| 22:43 | <@Alek> | I may have misread it, but it seemed like the old author added commit ability to the other person, the other person removed commit ability from the old author. but yours makes more sense, I guess. |
| 22:44 | <&McMartin> | Like, in a very real sense, open source contributors cannot be sanely vetted outside of old-boys networks |
| 22:44 | <&McMartin> | That's why it's on the people assembling the distribution to have a team that vets what goes into the release |
| 22:44 | <&McMartin> | But apparently in npm you blindly update thousands of components in stuff that goes straight to production? |
| 22:46 | | * TheWatcher readsup |
| 22:46 | <@TheWatcher> | Oh, npm |
| 22:46 | <&McMartin> | The problem with this overall of course is that the people saying that it's the original author's responsibility suffer in my eyes, because I'm inclined to say that it was the people doing the blaming's fault *for trusting npm at all in the first place* |
| 22:47 | <@TheWatcher> | And people wonder why I prefer to stay the everliving fuck away from node in general |
| 22:48 | <&McMartin> | Speaking of languages that are not JavaScript, TheWatcher, I nickpinged you about 14 hours ago about some Perl stuff |
| 22:54 | <@TheWatcher> | So I saw. I heartily approve of the code doumentation. I have some personal objections to the use of implicit variables - that's one of those Holy Wars that I come down on the side of 'use explicit variables whenever possible', simply from a clarity point of view, but I appreciate that this is purely personal preference. |
| 22:54 | <@TheWatcher> | I would also be inclined to sub the bejibbers out of it, but again that's another personal preference thing. |
| 22:55 | <&McMartin> | Yeah, I went back and forth as I was writing it on the implicit vs explicit |
| 22:55 | <&ToxicFrog> | McMartin: re "handing it over" -- in this case, yes, that involves the original author explicitly doing stuff with github's UI to not just give the blackhat commit access but give them admin access to that project (as otherwise they wouldn't have been able to revoke the original author's access) |
| 22:56 | <&ToxicFrog> | They may have transferred ownership outright, I don't know if it's possible to do that without changing the project namespace (which didn't happen here), but in the case of "sole admin" vs. "owner" that's entirely a distinction without a difference AFAICT. |
| 22:56 | <&McMartin> | Right |
| 22:57 | <&McMartin> | But this then means that programming with npm means building your program predominantly out of tiny components that you then let third parties of which you are entirely unware arbitrarily evolve |
| 22:57 | <&McMartin> | And I'm having real trouble apportioning any blame beyond "the person who decided that this was OK" |
| 22:58 | <&ToxicFrog> | Fair. |
| 22:58 | <&McMartin> | This question gets a lot more pointed when it's not a code snippet but instead an entire shrinkwrapped product. |
| 22:58 | <&ToxicFrog> | Although AFAICT this is also how the Maven ecosystem (and things built on it like Leiningen) works and for some reason that doesn't have the same problem |
| 22:58 | <&McMartin> | Or digitally shrinkwrapped one. |
| 22:58 | <&ToxicFrog> | I'm not sure what the significant difference is there |
| 22:59 | <&McMartin> | I in fact have Concerns re: Cargo as well |
| 22:59 | <&McMartin> | (The nasty consumer-level case is 'make a popular mobile application, sell it to someone who then packs it full of malware and pushes an update to all users') |
| 22:59 | <&ToxicFrog> | Except perhaps that getting malware into NPM means it potentially runs on lots and lots of browsers, not just on machines where the package is explicitly installed |
| 22:59 | <&ToxicFrog> | (that I have also seen happen) |
| 23:00 | <&McMartin> | (Yes, this is a Known Issue and is also a case where Google and apple get the blame, and not the guy who sold his company) |
| 23:00 | <&McMartin> | (But this is also a case where unlike the NPM case I would not be blaming the *end user* per se) |
| 23:01 | <&McMartin> | Now, one thing Cargo does that Maven/Lein *might* do is that when you set your dependencies unless you go out of your way to say otherwise you also end up version-locking them. |
| 23:01 | <&McMartin> | So your artifact does not change unless you make an explicit decision to upgrade, and perhaps you take a look at the history of the project before you do. |
| 23:02 | <&ToxicFrog> | Lein also does that. I don't know if mvn does but it seems likely. |
| 23:02 | <&McMartin> | TheWatcher: Ah yes. Admittedly this is because I was returning to Perl after a vast absence and had forgotten about subs for some time while writing |
| 23:03 | <&McMartin> | (But also because this usecase was IMO a glorified bash script and as a result I wanted to make sure it didn't do anything complex enough to require repeating itself more thororughly than iterating through a loop) |
| 23:04 | <&McMartin> | ToxicFrog: So, yeah, then it would seem that either npm does *not* version-lock your imports, or that standard practice is to use whatever the latest version happens to be |
| 23:04 | <&McMartin> | I would propose that this is spectacularly reckless |
| 23:04 | <&McMartin> | Even before we get into things like left-pad being a module, or certain frameworks' propensities for defining one module per function, and then sometimes one function per expression. |
| 23:07 | <&ToxicFrog> | |
| 23:08 | <&McMartin> | If you missed the left-pad debacle two years ago, here is a brief summary: https://www.davidhaney.io/npm-left-pad-have-we-forgotten-how-to-program/ |
| 23:09 | <&ToxicFrog> | I had not in fact missed it, but "one function per expression and one module per function" as a general pattern is new |
| 23:12 | | gnolam_ [lenin@Nightstar-ghphrt.cust.bahnhof.se] has joined #code |
| 23:15 | | gnolam [lenin@Nightstar-ego6cb.cust.bahnhof.se] has quit [Ping timeout: 121 seconds] |
| 23:17 | <&McMartin> | ToxicFrog: Ah. |
| 23:17 | <&McMartin> | That would be lodash, which autopublishes every single function in it as a separate module |
| 23:17 | <&McMartin> | So your module dependencies are also your call graph, I guess, hooray? |
| 23:17 | | * iospace hugs McMartin |
| 23:17 | <&ToxicFrog> | [horrified screaming intensifies] |
| 23:18 | <&McMartin> | These are the kinds of things that when I learn them make me feel more justified in doing assembly language programming to relax |
| 23:18 | <&McMartin> | Really the only question is why more people wouldn't! |
| 23:18 | <&ToxicFrog> | Because I find bash programming more relaxing, because it's easier to draw pretty pictures on the terminal with~ |
| 23:19 | <&McMartin> | https://www.npmjs.com/package/lodash.noop |
| 23:19 | <&McMartin> | 503,538 weekly downloads |
| 23:19 | <&McMartin> | also five versions |
| 23:27 | <@Tamber> | Burn it all down. |
| 23:28 | | * Tamber retreats from the nightmares, for sleep; perchance to dre...okay, no, probably more nightmares. |
| 23:33 | <@TheWatcher> | :( |
| 23:48 | | Degi [Degi@Nightstar-d1p662.dyn.telefonica.de] has quit [[NS] Quit: Leaving] |
| 23:53 | | Emmy [Emmy@Nightstar-9p7hb1.direct-adsl.nl] has quit [Ping timeout: 121 seconds] |
| --- Log closed Tue Nov 27 00:00:06 2018 |