icon I guess or image.
icon I guess or image.
icon I guess or image.
n
{
"name": "prologic",
"desc": "\"Problems are Solved by Method\" 🇦🇺👨💻👨🦯🏹♔ 🏓⚯ 👨👩👧👧🛥 -- James Mills (operator of twtxt.net / creator of Yarn.social 🧶)",
"key": "kex17m00vqjduqlf6j5xcvtpyhk2zg3shv2x8r5qzyancjlhgl4ytj8slvt7h0",
"links": [
{
"title": "My CV",
"href": "https://prologic.shortcircuit.net.au/"
},
{
"title": "My Projects",
"href": "https://git.mills.io/prologic"
},
{
"title": "My Github profile (@prologic)",
"href": "https://github.com/prologic"
}
],
"items": [
{
"id": "https://yarn.mills.io/permalink/xt2mrjwfmwlh6xrcoom7ywpmg6hdrduy56cvzjoi76ibdjjiycwa",
"hash": "xt2mrjwfmwlh6xrcoom7ywpmg6hdrduy56cvzjoi76ibdjjiycwa",
"sig": "3vdKTvI_WGDcM_cUUPGmWHPFpZ9IpORgFkhVFndcxbuUm3XF2w895nEvh2CIA0P3OekfmW6pWQP4wSsXZSCMAA",
"format": "text/markdown",
"time": "2023-04-16T11:04:28+10:00",
"content": "Hello World"
}
]
}
n
{
"name": "prologic",
"desc": "\"Problems are Solved by Method\" 🇦🇺👨💻👨🦯🏹♔ 🏓⚯ 👨👩👧👧🛥 -- James Mills (operator of twtxt.net / creator of Yarn.social 🧶)",
"key": "kex17m00vqjduqlf6j5xcvtpyhk2zg3shv2x8r5qzyancjlhgl4ytj8slvt7h0",
"links": [
{
"title": "My CV",
"href": "https://prologic.shortcircuit.net.au/"
},
{
"title": "My Projects",
"href": "https://git.mills.io/prologic"
},
{
"title": "My Github profile (@prologic)",
"href": "https://github.com/prologic"
}
],
"items": [
{
"id": "https://yarn.mills.io/permalink/xt2mrjwfmwlh6xrcoom7ywpmg6hdrduy56cvzjoi76ibdjjiycwa",
"hash": "xt2mrjwfmwlh6xrcoom7ywpmg6hdrduy56cvzjoi76ibdjjiycwa",
"sig": "3vdKTvI_WGDcM_cUUPGmWHPFpZ9IpORgFkhVFndcxbuUm3XF2w895nEvh2CIA0P3OekfmW6pWQP4wSsXZSCMAA",
"format": "text/markdown",
"time": "2023-04-16T11:04:28+10:00",
"content": "Hello World"
}
]
}
n
{
"name": "prologic",
"desc": "\\"Problems are Solved by Method\\" 🇦🇺👨💻👨🦯🏹♔ 🏓⚯ 👨👩👧👧🛥 -- James Mills (operator of twtxt.net / creator of Yarn.social 🧶)",
"key": "kex17m00vqjduqlf6j5xcvtpyhk2zg3shv2x8r5qzyancjlhgl4ytj8slvt7h0",
"links": [
{
"title": "My CV",
"href": "https://prologic.shortcircuit.net.au/"
},
{
"title": "My Projects",
"href": "https://git.mills.io/prologic"
},
{
"title": "My Github profile (@prologic)",
"href": "https://github.com/prologic"
}
],
"items": [
{
"id": "https://yarn.mills.io/permalink/xt2mrjwfmwlh6xrcoom7ywpmg6hdrduy56cvzjoi76ibdjjiycwa",
"hash": "xt2mrjwfmwlh6xrcoom7ywpmg6hdrduy56cvzjoi76ibdjjiycwa",
"sig": "3vdKTvI_WGDcM_cUUPGmWHPFpZ9IpORgFkhVFndcxbuUm3XF2w895nEvh2CIA0P3OekfmW6pWQP4wSsXZSCMAA",
"format": "text/markdown",
"time": "2023-04-16T11:04:28+10:00",
"content": "Hello World"
}
]
}
n
{
"name": "prologic",
"desc": "\"Problems are Solved by Method\" 🇦🇺👨💻👨🦯🏹♔ 🏓⚯ 👨👩👧👧🛥 -- James Mills (operator of twtxt.net / creator of Yarn.social 🧶)",
"key": "kex17m00vqjduqlf6j5xcvtpyhk2zg3shv2x8r5qzyancjlhgl4ytj8slvt7h0",
"links": [
{
"title": "My CV",
"href": "https://prologic.shortcircuit.net.au/"
},
{
"title": "My Projects",
"href": "https://git.mills.io/prologic"
},
{
"title": "My Github profile (@prologic)",
"href": "https://github.com/prologic"
}
],
"items": [
{
"id": "https://yarn.mills.io/permalink/xt2mrjwfmwlh6xrcoom7ywpmg6hdrduy56cvzjoi76ibdjjiycwa",
"hash": "xt2mrjwfmwlh6xrcoom7ywpmg6hdrduy56cvzjoi76ibdjjiycwa",
"sig": "3vdKTvI_WGDcM_cUUPGmWHPFpZ9IpORgFkhVFndcxbuUm3XF2w895nEvh2CIA0P3OekfmW6pWQP4wSsXZSCMAA",
"format": "text/markdown",
"time": "2023-04-16T11:04:28+10:00",
"content": "Hello World"
}
]
}
> If we were to decide to write a new spec/protocol, what would it look like?
Here's my rough draft (_back of paper napkin idea_):
- Feeds are JSON file(s) fetchable by standard HTTP clients over TLS
- WebFinger is used at the root of a user's domain (or multi-user) lookup. e.g:
prologic@mills.io -> https://yarn.mills.io/~prologic.json- Feeds contain similar metadata that we're familiar with: Nick, Avatar, Description, etc
- Feed items are signed with a ED25519 private key. That is all "posts" are cryptographically signed.
- Feed items continue to use content-addressing, but use the full Blake2b Base64 encoded hash.
- Edited feed items produce an "Edited" item so that clients can easily follow Edits.
- Deleted feed items produced a "Deleted" item so that clients can easily delete cached items.
#Yarn.social #Protocol #Ideas
> If we were to decide to write a new spec/protocol, what would it look like?
Here's my rough draft (_back of paper napkin idea_):
- Feeds are JSON file(s) fetchable by standard HTTP clients over TLS
- WebFinger is used at the root of a user's domain (or multi-user) lookup. e.g:
prologic@mills.io -> https://yarn.mills.io/~prologic.json- Feeds contain similar metadata that we're familiar with: Nick, Avatar, Description, etc
- Feed items are signed with a ED25519 private key. That is all "posts" are cryptographically signed.
- Feed items continue to use content-addressing, but use the full Blake2b Base64 encoded hash.
- Edited feed items produce an "Edited" item so that clients can easily follow Edits.
- Deleted feed items produced a "Deleted" item so that clients can easily delete cached items.
#Yarn.social #Protocol #Ideas
> If we were to decide to write a new spec/protocol, what would it look like?
Here's my rough draft (_back of paper napkin idea_):
- Feeds are JSON file(s) fetchable by standard HTTP clients over TLS
- WebFinger is used at the root of a user's domain (or multi-user) lookup. e.g:
prologic@mills.io -> https://yarn.mills.io/~prologic.json- Feeds contain similar metadata that we're familiar with: Nick, Avatar, Description, etc
- Feed items are signed with a ED25519 private key. That is all "posts" are cryptographically signed.
- Feed items continue to use content-addressing, but use the full Blake2b Base64 encoded hash.
- Edited feed items produce an "Edited" item so that clients can easily follow Edits.
- Deleted feed items produced a "Deleted" item so that clients can easily delete cached items.
#Yarn.social #Protocol #Ideas
I am not sure what to do about this. 🤔 I am quite confident that the hostility and sentiment is not held by all Twtxt users past and present 😢
This is a case of a few upset purists who prefer to mock, shame and behave passive aggressively instead of contributing to a healthy discussion and ecosystem.
I am uncertain what Yarn should do here 😢
I am not sure what to do about this. 🤔 I am quite confident that the hostility and sentiment is not held by all Twtxt users past and present 😢
This is a case of a few upset purists who prefer to mock, shame and behave passive aggressively instead of contributing to a healthy discussion and ecosystem.
I am uncertain what Yarn should do here 😢
I am not sure what to do about this. 🤔 I am quite confident that the hostility and sentiment is not held by all Twtxt users past and present 😢
This is a case of a few upset purists who prefer to mock, shame and behave passive aggressively instead of contributing to a healthy discussion and ecosystem.
I am uncertain what Yarn should do here 😢
yarnd doesn't shit a shit what you type for your password 😅
yarnd doesn't shit a shit what you type for your password 😅
yarnd doesn't shit a shit what you type for your password 😅
https://twtxt.net -- I'm also worried that if you have "Skip SSL verification" in your code (from reading @lyse's comments) that things will fail on my pod as I'm pretty sure Cloudflare will chuck a hissy fit at you 🤣
https://twtxt.net -- I'm also worried that if you have "Skip SSL verification" in your code (from reading @lyse's comments) that things will fail on my pod as I'm pretty sure Cloudflare will chuck a hissy fit at you 🤣
https://twtxt.net -- I'm also worried that if you have "Skip SSL verification" in your code (from reading @lyse's comments) that things will fail on my pod as I'm pretty sure Cloudflare will chuck a hissy fit at you 🤣
Companies that use open source component freely without paying for them or contributing back should absolutely be held liable when things go wrong, NOT the open source developers. Why? Because those companies are often exploiting their end-users and often making them pay for something that is largely otherwise free (-some conveniences added on top).
Companies that use open source component freely without paying for them or contributing back should absolutely be held liable when things go wrong, NOT the open source developers. Why? Because those companies are often exploiting their end-users and often making them pay for something that is largely otherwise free (-some conveniences added on top).
Companies that use open source component freely without paying for them or contributing back should absolutely be held liable when things go wrong, NOT the open source developers. Why? Because those companies are often exploiting their end-users and often making them pay for something that is largely otherwise free (-some conveniences added on top).
I find the current situation highlights the fact that large corporations build Paid-for products and services to consumers and makes Millions or Billions of $ £ € often without as much as either a) contributing back to open source or the projects from which they borrow and depend on b) or pay for what they use or support it in any financial way.
A large part of the Open Source Model in my view is often confused with "FREE" as in $0, but this is total bullshit. Companies need to understand that reusing a piece of open source software, library or component does not imply it is FREE to you. Companies today DO NOT vet, understand, review or even remotely contribute (_in many cases_) bug fixes, security fixes, etc, of the component they freely take and use and profit from.
I find the current situation highlights the fact that large corporations build Paid-for products and services to consumers and makes Millions or Billions of $ £ € often without as much as either a) contributing back to open source or the projects from which they borrow and depend on b) or pay for what they use or support it in any financial way.
A large part of the Open Source Model in my view is often confused with "FREE" as in $0, but this is total bullshit. Companies need to understand that reusing a piece of open source software, library or component does not imply it is FREE to you. Companies today DO NOT vet, understand, review or even remotely contribute (_in many cases_) bug fixes, security fixes, etc, of the component they freely take and use and profit from.
I find the current situation highlights the fact that large corporations build Paid-for products and services to consumers and makes Millions or Billions of $ £ € often without as much as either a) contributing back to open source or the projects from which they borrow and depend on b) or pay for what they use or support it in any financial way.
A large part of the Open Source Model in my view is often confused with "FREE" as in $0, but this is total bullshit. Companies need to understand that reusing a piece of open source software, library or component does not imply it is FREE to you. Companies today DO NOT vet, understand, review or even remotely contribute (_in many cases_) bug fixes, security fixes, etc, of the component they freely take and use and profit from.
Thank you for testing!
Key point here: a line has to be drawn.
Right now the EU proposed laws don't distinguish between dangerous software and non-dangerous nor free lowly lone non-paid developer vs. commercial company that profits from open source and has no liability despite making millions or billions.
Key point here: a line has to be drawn.
Right now the EU proposed laws don't distinguish between dangerous software and non-dangerous nor free lowly lone non-paid developer vs. commercial company that profits from open source and has no liability despite making millions or billions.
Key point here: a line has to be drawn.
Right now the EU proposed laws don't distinguish between dangerous software and non-dangerous nor free lowly lone non-paid developer vs. commercial company that profits from open source and has no liability despite making millions or billions.
The question is to what extent should lowly free time non-paid open source developers be liable vs. say large corporations that commercially benefit and profit from open source and don't contribute a dime back?
The question is to what extent should lowly free time non-paid open source developers be liable vs. say large corporations that commercially benefit and profit from open source and don't contribute a dime back?
The question is to what extent should lowly free time non-paid open source developers be liable vs. say large corporations that commercially benefit and profit from open source and don't contribute a dime back?
Seatbelts and cars are so much simpler than software. It is easy to see that you might crash your car into a tree and that a belt will help you here (if you’re going slow enough, yadda yadda).
If I write a library for a compression algorithm, how can I ever prepare for someone using this in, I don’t know, a medical device in a hospital, but then my code has a bug, crashes that device and a person dies? There are so many more indirections here than with cars and seatbelts. It is completely out of my control.
Anyway, I think we both made our points clear. I’m out, cheers! 👋 🥃
Seatbelts and cars are so much simpler than software. It is easy to see that you might crash your car into a tree and that a belt will help you here (if you’re going slow enough, yadda yadda).
If I write a library for a compression algorithm, how can I ever prepare for someone using this in, I don’t know, a medical device in a hospital, but then my code has a bug, crashes that device and a person dies? There are so many more indirections here than with cars and seatbelts. It is completely out of my control.
Anyway, I think we both made our points clear. I’m out, cheers! 👋 🥃
Seatbelts and cars are so much simpler than software. It is easy to see that you might crash your car into a tree and that a belt will help you here (if you’re going slow enough, yadda yadda).
If I write a library for a compression algorithm, how can I ever prepare for someone using this in, I don’t know, a medical device in a hospital, but then my code has a bug, crashes that device and a person dies? There are so many more indirections here than with cars and seatbelts. It is completely out of my control.
Anyway, I think we both made our points clear. I’m out, cheers! 👋 🥃
It will improve shortly. I had not thought about quotes in password, so that was a nice catch that needs to be fixed.
> I still think it would be better to put the burden of liability on the users – no matter if they’re private individuals or big companies.
Before seatbelts and other safety equipment was required in cars by law, what you say above was the exact argument used by carmakers against adding safety measures. The responsibility should be put onto the drivers--the users of cars--not the car manufacturers. Many people died needlessly, compared to today. Is this *really* the position you're taking?
Thirdly, are you sure about disabling TLS certificate checking? And one last remark: personally, I like early returns, it makes the code more readable in my opinion than deeply nested control structures. Especially, when the code gets longer, questions like "here's an
else, what if did it belong to a few pages up?" are greatly reduced. Some people even say that grouping stuff into functions avoids long functions altogether.Enjoy your pizza! I'll have some tomorrow. Dough is proving overnight.
Yeah, we probably have to agree to disagree here.
I still think it would be better to put the burden of liability on the users – no matter if they’re private individuals or big companies. (And isn’t that already the case? Do we even have to solve a *legal liability problem*? Not talking about software quality here, that’s a whole other issue.)
> Trust me, if people got sued or went to jail, the tech industry would figure out really fast how to make these determinations.
Yeah, they would. It’s simple: No more free software, no more publicly available projects. The only software that would ever exist is software made by large corporations who can afford the appropriate insurances and lawyers.
What you’re proposing is either classifying software in advance as “dangerous” or “harmless” (I’d argue that’s impossible – as an extreme, think of libraries, they’d *all* be “potentially dangerous”), or threatening free software projects with lawsuits if, at some point in the future, these projects caused an accident.
Why would anyone publish free software or contribute to it under these conditions?
> Why should open source software development be any different?
IMHO because you can make software publicly available and anyone can use it for whatever they want, which the author has zero control over.
Anyway, have a good night, I’m gonna enjoy a couple of movies now. 👋 😊
Yeah, we probably have to agree to disagree here.
I still think it would be better to put the burden of liability on the users – no matter if they’re private individuals or big companies. (And isn’t that already the case? Do we even have to solve a *legal liability problem*? Not talking about software quality here, that’s a whole other issue.)
> Trust me, if people got sued or went to jail, the tech industry would figure out really fast how to make these determinations.
Yeah, they would. It’s simple: No more free software, no more publicly available projects. The only software that would ever exist is software made by large corporations who can afford the appropriate insurances and lawyers.
What you’re proposing is either classifying software in advance as “dangerous” or “harmless” (I’d argue that’s impossible – as an extreme, think of libraries, they’d *all* be “potentially dangerous”), or threatening free software projects with lawsuits if, at some point in the future, these projects caused an accident.
Why would anyone publish free software or contribute to it under these conditions?
> Why should open source software development be any different?
IMHO because you can make software publicly available and anyone can use it for whatever they want, which the author has zero control over.
Anyway, have a good night, I’m gonna enjoy a couple of movies now. 👋 😊
Yeah, we probably have to agree to disagree here.
I still think it would be better to put the burden of liability on the users – no matter if they’re private individuals or big companies. (And isn’t that already the case? Do we even have to solve a *legal liability problem*? Not talking about software quality here, that’s a whole other issue.)
> Trust me, if people got sued or went to jail, the tech industry would figure out really fast how to make these determinations.
Yeah, they would. It’s simple: No more free software, no more publicly available projects. The only software that would ever exist is software made by large corporations who can afford the appropriate insurances and lawyers.
What you’re proposing is either classifying software in advance as “dangerous” or “harmless” (I’d argue that’s impossible – as an extreme, think of libraries, they’d *all* be “potentially dangerous”), or threatening free software projects with lawsuits if, at some point in the future, these projects caused an accident.
Why would anyone publish free software or contribute to it under these conditions?
> Why should open source software development be any different?
IMHO because you can make software publicly available and anyone can use it for whatever they want, which the author has zero control over.
Anyway, have a good night, I’m gonna enjoy a couple of movies now. 👋 😊
> How do you really know if a project has been used in dangerous situations? (If this changes in the future, are programmers that contributed in the past – when this project was not yet used in dangerous situations – also liable?)
Trust me, if people got sued or went to jail, the tech industry would figure out really fast how to make these determinations. The only reason this is puzzling at all is that software development is almost entirely unregulated, and has enjoyed the equivalent of a child's life, without a care in the world.
But really, it's a silly question isn't it? You're supposed to list the licenses of open source software you use in your projects. Devices and systems that have caused harm are documented by the legal system, by regulatory regimes, by people who've been harmed, etc. All the necessary data is there to connect the dots. Those dots aren't usually connected, though, because people pretend that software developers should be free of responsibility.
> How do you really know if a project has been used in dangerous situations? (If this changes in the future, are programmers that contributed in the past – when this project was not yet used in dangerous situations – also liable?)
Trust me, if people got sued or went to jail, the tech industry would figure out really fast how to make these determinations. The only reason this is puzzling at all is that software development is almost entirely unregulated, and has enjoyed the equivalent of a child's life, without a care in the world.
But really, it's a silly question isn't it? You're supposed to list the licenses of open source software yo uuse in your projects. Devices and systems that have caused harm are documented by the legal system, by regulatory regimes, by people who've been harmed, etc. All the necessary data is there to connect the dots. Those dots aren't usually connected, though, because people pretend that software developers should be free of responsibility.
>> Firstly, contributing software to an open source project cannot be a blanket “get out of jail free” card. That’s a sociopathic stance, on its face, and just cannot be accepted.
> I don’t understand. Why is that sociopathic? (Language barrier here? I really don’t get what you mean.)
Imagine an open source software project that is designed, from day 1, to produce software to drive a planet-destroying weapon. The fact that it is an open source project does not allow the software developers involved to freely make the software for the planet-destroying weapon without any responsibility for the consequences of using the weapon. They are directly involved in an activity that will destroy the planet, and they should be treated as such.
That is extreme, obviously, but the point is that there is a line somewhere. A hobby project is obviously not dangerous to anyone. A planet-destroying weapon is. It is sociopathic--literally, deadly to society--to pretend otherwise. I *all other sphere of life*, we are careful to distinguish which behaviors are dangerous from which behaviors are not. Why should open source software development be any different?
It should not be different. Some open source software development is dangerous, and should be treated appropriately.
> Firstly, contributing software to an open source project cannot be a blanket "get out of jail free" card. That's a sociopathic stance, on its face, and just cannot be accepted.
I don’t understand. Why is that sociopathic? (Language barrier here? I really don’t get what you mean.)
> But thirdly, […] And the same should happen in software. […]
How do you *really know* if a project has been used in dangerous situations? (If this changes in the future, are programmers that contributed in the past – when this project was not yet used in dangerous situations – also liable?)
> Firstly, contributing software to an open source project cannot be a blanket "get out of jail free" card. That's a sociopathic stance, on its face, and just cannot be accepted.
I don’t understand. Why is that sociopathic? (Language barrier here? I really don’t get what you mean.)
> But thirdly, […] And the same should happen in software. […]
How do you *really know* if a project has been used in dangerous situations? (If this changes in the future, are programmers that contributed in the past – when this project was not yet used in dangerous situations – also liable?)
> Firstly, contributing software to an open source project cannot be a blanket "get out of jail free" card. That's a sociopathic stance, on its face, and just cannot be accepted.
I don’t understand. Why is that sociopathic? (Language barrier here? I really don’t get what you mean.)
> But thirdly, […] And the same should happen in software. […]
How do you *really know* if a project has been used in dangerous situations? (If this changes in the future, are programmers that contributed in the past – when this project was not yet used in dangerous situations – also liable?)
Firstly, contributing software to an open source project cannot be a blanket "get out of jail free" card. That's a sociopathic stance, on its face, and just cannot be accepted.
Secondly, the fact that software licenses state that the software is provided without warranty/liability is meaningless until those clauses are tested in court cases. If judges say "bullshit" to the "no warranty" clauses, and hold developers accountable anyway, then those clauses become meaningless (at least in the US, where case law and precedent matter).
But thirdly, and most importantly, there is always context that absolutely has to be taken into consideration. Sure, you'd be foolish to jump into a random person's for-rent car thinking it'll be a good ambulance. But if the car has "Ambulance" painted on it, and the driver repeatedly tells you they also drive ambulances for the city hospital, and there's a siren on top, that person can and should be held liable for falsely presenting themselves as an ambulance. Even if they do have a tiny little note somewhere that says "not an actual ambulance".
And the same should happen in software. If people are working on an open source project that has been used in dangerous situations, and they are fully aware that this could happen again, then they absolutely should face liability if their code kills somebody (for instance). We literally do this *in almost every other aspect of life*, so why should software developers be free from all responsibility? Engineers who design buildings have to take out liability insurance because they can be personally sued if their designs cause harm. Doctors take out malpractice insurance in case their advice causes harm. But software developers get to commit all manner of bullshit, and never face any consequences? No way, that's stupid.
Firstly, contributing software to an open source project cannot be a blanket "get out of jail free" card. That's a sociopathic stance, on its face, and just cannot be accepted.
Secondly, the fact that software licenses state that the software is provided without warranty/liability is meaningless until those clauses are tested in court cases. If judges say "bullshit" to the "no warranty" clauses, and hold developers accountable anyway, then those clauses become meaningless (at least in the US, where case law and precedent matter).
But thirdly, and most importantly, there is always context that absolutely has to be taken into consideration. Sure, you'd be foolish to jump into a random person's for-rent car thinking it'll be a good ambulance. But if the car has "Ambulance" painted on it, and the driver repeatedly tells you they also drive ambulances for the city hospital, and there's a siren on top, that person can and should be held liable for falsely presenting themselves as an ambulance. Even if they do have a tiny little note somewhere that says "not an actual ambulance".
And the same should happen in software. If people are working on an open source project that has been used in dangerous situations, and they are fully aware that this could happen again, then they absolutely should face liability if their code kills somebody (for instance). We literally do this *in almost every other aspect of life*, so why should software developers be free from all responsibility? Engineers who design buildings have to take out liability insurance because they can be personally sued if their designs cause harm. Doctors take out malpractice insurance in case their advice causes harm.