renedudfield

renedudfield, 13 days ago

@deshipu heh. I would watch a documentary on that.

Also, Thinking of a game…
Crystals VS Crates?

renedudfield, 20 days ago

Sound track: Wild Marmalade, core duo.

Mood: all peasants must die. (I did mention it's an evil castle right?)

renedudfield, 20 days ago

Well, a “Zanthor” pre release is up.

python -m pip install zanthor —pre
python -m zanthor

renedudfield, 20 days ago

In the end I tried out some wasm OpenGL code with Rust. Some folks went to the trouble of writing tutorials doing everything from scratch. There’s another repo that does OpenGL on windows from scratch… but I didn’t get to it.

Next I’d have to figure out how to do portable rust. Where it selects a library to use based on the platform and implements an interface.

I don’t want to fall into the trap of starting without an embedded low memory platform though. Needs to be low mem from the start.

renedudfield, 19 days ago

Uploaded a quick little video for #Zanthor.

https://youtu.be/vhgqkVwV3_o?si=hjaIg4Ll8F1zaUdk

It was made in a week with #python and #pygame for a game jam in 2006. Was pretty fun! Two of us in Melbourne, and two in Colorado.

renedudfield, 26 days ago

@deshipu Ah thanks. I'll have to look into nox. It's new to me.

renedudfield, 26 days ago

On reflection pyproject.toml scripts isn’t exactly what I’m after. It’s for install time scripts, not development time scripts. Whilst it’s probably fine to use it for development scripts in some cases, not for a library. Because for users of the library we don’t want to install the development scripts. For one package I maintain this will be fine though (I already use the scripts via setuptools for this).

I see how to use tox to run arbitrary commands now. Never knew it was used for that.

renedudfield, 26 days ago

For things like format, lint, and such... pre-commit is fine I guess. Not a "standard", but fine.

Which covers a lot of needs. But that still leaves out dev scripts which need to be run occasionally, not after every commit.

Anyway. A combination of pre-commit, scripts and tox covers my needs.

renedudfield, 1 month ago

@kandid I wonder if you are resizing the image first? If not that could reduce the memory usage. Cool foto/filter.

renedudfield, 1 month ago

@kandid it didn’t crash my safari. But the image seemed like only an approximation of the camera colors.

renedudfield, 1 month ago

@kandid not sure if you can use the safari dev tools from Debian. I’ve only done it before where you connect from a mac.

renedudfield, 1 month ago

@kandid ah, I read you can connect to iOS safari with chrome dev tools.

renedudfield, 1 month ago

@janl Have you seen the work done by and around OpenSSF?

See the scorecard for xz was rated at high risk: https://securityscorecards.dev/viewer/?uri=github.com/tukaani-project/xz

There's many other "features" than listed there if you look at the lower level tools(100s). But of those shown on the scorecard the one person part is captured in the commits without review "Code-Review".

Already these have been used to allocate funding and make decisions on dependencies in some orgs.

The idea is similar to spam tools which score many features.

renedudfield, 1 month ago

@webology

It has been used to direct funding to critical open source projects.

Designed by security experts, and used successfully, it is probably the best dataset/tool we have to improve and identify projects in need.

In Django it detects valid issues. Dependencies not pinned, token permission issues, no code security scanning tool used, not transparent about security practices used.

They’re doing good work helping to direct funding and make things more secure. They deserve kudos.

renedudfield, 1 month ago

@webology

I'm not sure what you mean about a screenshot tool? But deps in the build scripts/actions are not pinned. The setup.cfg has dependencies unpinned. requirements files also.

This includes unpinned deps that depend on xz btw. eg. Pillow which pins xz.

It detects a security policy and gives points for it. btw, this isn't a GH specific tool or from them. It supports other systems.

I agree with the tool that Django needs funding to fix real issues. 7.2/10 is not bad or average though.

renedudfield, 1 month ago

@webology yes that link shows the dependencies not pinned to a single version. There are other files with more unpinned dependencies too.

renedudfield, 2 months ago

@deshipu Nice. I’ve always wanted to do the exact same topic with a group week after week with rotating presenters. Each time something slightly new. I expect the presentation-motivation effect and feedback will continue, but you’d fill missed gaps and perhaps see new things. Plus add the sleep on it effect into the mix. Dunno if anyone would want to do that though?

renedudfield, 2 months ago

When quality is measured then you have a very different result. The consultant study, and the art student study come to mind. Consultants made more errors, and art students made worse results. By common measures of productivity was up! But the end result was damaging or bad.

Using quantity as a proxy measure for productivity at point of production is a bad idea. As is self reporting on quality (acceptance/thumbs up). All our standard quality techniques should be used.

renedudfield, 2 months ago

@deshipu Sure. “than required” is a good point. It’s also that higher quality can be cheaper. And that working at a higher quality can eventually be quicker. I don’t think old school generic management measurements work. Just simply measuring bums on seats, or activity is not a good proxy really. Knowing that a piece of code meets a goal or not is needed. Using self reported likes, tab completes accepted or even if code churn / defect counts are measured later doesn’t see if a goal is reached.