@Di4na@hachyderm.io avatar

Di4na

@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French.
All Opinions are my own. And i have a lot.

Co-Founder and President Haruspex.dev

dom. He/him.

Blog: Softwaremaxims.com

This profile is from a federated server and may be incomplete. Browse more on the original instance.

grimalkina, to random
@grimalkina@mastodon.social avatar

"Randomized trials cannot address all causal questions of importance in medicine and health policy and may have limited generalizability; thus, investigators may need to use observational studies as a source of evidence to address causal questions. The challenge, then, is to balance the importance of addressing the causal questions for which observational studies are needed with caution regarding the reliance on strong assumptions to support causal conclusions."

A challenge of our time truly

Di4na,
@Di4na@hachyderm.io avatar

@grimalkina I regularly point out to people that the right way to think about science training is that it is more about teaching to be ok with saying "I Don't Know". Science is more about accepting that there are some answers we cannot adequately answer right now and living with it.

It is not about being right, it is about being ok with saying that we may not have a right answer rn.

looopTools, to rust
@looopTools@mastodon.social avatar

I keep looking at rust and thinking "Gods it seems to be an awesome language"... Then I read and hear about a lot of hassels moving from C or C++ to rust and never really any massive success stories... are the massive success stories out there?

Di4na,
@Di4na@hachyderm.io avatar

@looopTools AWS use a lot of Rust but does not talk a lot about it. Microsoft too, we know they ship it in Windows. Android moved a large part of new code to Rust and saw a drastic cut down in Critical vulnerability, probably biggest success story. Gnome shipping it more and more. Firefox ships a lot of it now. Iirc Chrome ship some now.

It is basically everywhere.

luis_in_brief, to random
@luis_in_brief@social.coop avatar

Very useful find from @tarkowski on the theorized relationship of #opendata and data spaces in the EU.
https://101010.pl/@tarkowski/112398533782766536

Di4na,
@Di4na@hachyderm.io avatar

@luis_in_brief @tarkowski I have been in the room listening to presentation about this. As a software engineer that do quite a lot of data analysis.

Never understood wtf they were trying to do or what was open about it

whitequark, to random
@whitequark@mastodon.social avatar

Several vulnerabilities have been discovered in the Linux kernel

(this lists 250 CVEs. I am not sure who this email is for anymore)

Di4na,
@Di4na@hachyderm.io avatar

@whitequark Work to Rule is always fun

cammerman, to random
@cammerman@mstdn.social avatar

I understand the advice to build a website for your thing rather than just using a Facebook page, and boy do I ever agree with every criticism of the Facebook path.

But...

From the standpoint of a non-technical independent business owner, I imagine that they don't feel particularly better or worse between the two common situations: Beholden to and constrained by Mark Zuckerberg versus beholden to and constrained by a freelance web dev/designer.

Di4na,
@Di4na@hachyderm.io avatar

@cammerman worse! Automation usually raise the amount of work humans have to do

renice, to random
@renice@hachyderm.io avatar

person: Amy how are you so confident?
me: I'm not really, but I have to pretend to be more confident than the guys with no reasoning to their confidence whatsoever

Di4na,
@Di4na@hachyderm.io avatar

@renice My answer is usually "I am not confident, but I shut my mouth when I do not have a quite solid backing in this domain, which you are not used to"

Di4na, to random
@Di4na@hachyderm.io avatar

Before writing a full blog post, I want to gather some reactions.

What if we made it legally obligated that if an employee can show (putting aside the validation mechanism here, lot of options with different tradeoffs) they contribute to open source a bit (and i really mean a low amount. Even an obscure package count, even a few PR to fix real bug) on their non work time.

Then the employer have to give them one more (paid) free day a week. 80% job for the salary of 100% one.

Di4na,
@Di4na@hachyderm.io avatar

The idea behind is that even that would massively multiply time spent by maintainers on foss, support space for learning, and benefit everyone.

Yes sure, it will be gamed. But would it still be worth it?

Limited risk for everyone, support a hobbyist schedule/wants and all. And a very distributed solution that would adapt relatively naturally to fill even the nichest parts.

Would the impact be worth it?

Di4na,
@Di4na@hachyderm.io avatar

And for everyone that will want to bring UBI: yes i get you but it does solve a slightly different problem. Not against it, but i think it would still have impact even in UBI world.

Also to everyone wanting to bring horter work week at all. I also agree with you. I picked the centrist "dealing with what i have in the moment" position for now, but I would take yours too.

Di4na,
@Di4na@hachyderm.io avatar

@jcaron that is cute, but the reality of foss is that rn the vast majority of it is made by hobbyists 2h per month.

So... Nice world you describe but not ours

Di4na,
@Di4na@hachyderm.io avatar

@thisalex government. And equivalent exist for a lot of professions

Di4na,
@Di4na@hachyderm.io avatar

@thisalex this already exist for a lot of them. Feel free to offer that if it does not in your case. I go for narrow because i go for what i can get and support politically

Di4na,
@Di4na@hachyderm.io avatar

@thisalex this has not been my experience with government. Policy makers tend to prefer super targeted bills, because then noone outside of the domain hear about it. It really simplifies the policy making work.

The larger it gets, the harder it gets to do anything.

HalvarFlake, to random
@HalvarFlake@mastodon.social avatar

Waiting for a delayed flight, some idle thoughts on what Google needs to fix itself:

  1. Find a replacement for Sundar. This person needs to be both able if articulating a coherent vision for Google as a company, and inspire great engineers to want to work on great problems.
Di4na,
@Di4na@hachyderm.io avatar

@HalvarFlake tbf this is all of SF VC scene....

Di4na, to random
@Di4na@hachyderm.io avatar

I know we don't talk about it in the software field that much but.

We should all read the Horizon Enquiry transcripts. Really

https://www.bbc.com/news/articles/c1d4j5m3l08o

https://postofficeinquiry.dracos.co.uk/

Di4na,
@Di4na@hachyderm.io avatar

@ohmrun I mean. We are only talking of hundreds of people which life were destroyed in part because of bugs in accounting software

luis_in_brief, to random
@luis_in_brief@social.coop avatar

"if everything is X, nothing is X" - in my brain, that is usually "if everything is critical, nothing is critical". Is there a good explainer/history for this phrase? Trying to explain it to some folks who are trying to evaluate open source packages and keep coming back to "we have identified a serious problem with open source packages!" "how many packages have it?" "about 99%" "then it isn't a serious problem, or at least you can't treat it as one".

Di4na,
@Di4na@hachyderm.io avatar

@luis_in_brief not directly the "everything is X" part, but I call it Work as Imagined vs Work as Done from
https://humanisticsystems.com/2016/12/05/the-varieties-of-human-work/

Di4na, to random
@Di4na@hachyderm.io avatar

For everyone that calls for ways to make open source more secure, or for all their magical solutions that will provide money and resources to FOSS maintainers, please read this.

This is a rare account of the reality of maintainers, things that are hard, but also how much knowledge and niche expertise you need for anything in there.

That is why just giving money to experts will not help that much. It is too hard to train experts in this. But we may make it easier

http://rhaas.blogspot.com/2024/05/hacking-on-postgresql-is-really-hard.html

Di4na,
@Di4na@hachyderm.io avatar

Like, whatever your scheme is, it needs to take something like this into account
"There's one particular patch I remember committing - I won't mention which one - where I spent weeks and weeks of time reviewing the patch before committing it, and after committing it, I lost most of the next six to nine months fixing things I hadn't caught during review"

Di4na,
@Di4na@hachyderm.io avatar

@Paxxi I mean maybe, but the problem is that once you do the maths on how much money you need to get there, the sustainability become... Surprisingly hard.

Di4na,
@Di4na@hachyderm.io avatar

@nicemicro I mean possibly, but then are you sure we would keep paying for the 9 months of fixing mistakes?

Also once you do the maths on the amount of money needed to get there, will we still be able to get that money sustainably?

Di4na,
@Di4na@hachyderm.io avatar

@stevel and even with lot of really rigorous reviews, it is still massively demanding to stabilize features.

We cannot consider reviews enough, it demands too much of the humans

Di4na,
@Di4na@hachyderm.io avatar

@Paxxi that is all of them?

Di4na,
@Di4na@hachyderm.io avatar

@Paxxi reread the post. Realise what you just said.

We cannot. The job is so hard that a single commit can be months of full time fixing after.

Maintaining multiple cannot be squared with that

Di4na,
@Di4na@hachyderm.io avatar

@ljs we have yet to find anything supporting that "talent" view, at least that hold to scrutiny

Di4na,
@Di4na@hachyderm.io avatar

@Paxxi yes. And it is not enough by any mean. Openssl is well known to be a nightmare of a codebase

  • All
  • Subscribed
  • Moderated
  • Favorites
  • tester
  • InstantRegret
  • vwfavf
  • Youngstown
  • thenastyranch
  • slotface
  • rosin
  • hgfsjryuu7
  • Durango
  • kavyap
  • khanakhh
  • ngwrru68w68
  • DreamBathrooms
  • PowerRangers
  • anitta
  • magazineikmin
  • cubers
  • tacticalgear
  • osvaldo12
  • GTA5RPClips
  • ethstaker
  • everett
  • mdbf
  • Leos
  • normalnudes
  • modclub
  • cisconetworking
  • provamag3
  • All magazines
    •