Christopher Allan Webber

2016-09-30T08:56:48Z via Pumpa To: Public CC: Followers

TIL about "edible bird's nest", made from nests of saliva of a particular bird, often made into soup.

Postgres 9.6 released

2016-09-29T20:09:10Z via Pumpa To: Public CC: Followers

Another great looking release from a project with a solid history of solid releases.

Dan Scott likes this.

2016-09-29T08:50:28Z via Pumpa To: Public CC: Followers

GTK+'s versioning policy revised, clarified

Seems a lot clearer now than it was last time! Clearer indications on what's stable, also.

Mozilla to Boot2Gecko: You'll have to fork Gecko

2016-09-28T07:36:38Z via Pumpa To: Public CC: Followers

Today we are announcing the next phase in that evolution. While work at Mozilla on Firefox OS has ceased, we very much need to continue to evolve the underlying code that comprises Gecko, our web platform engine, as part of the ongoing development of Firefox. In order to evolve quickly and enable substantial new architectural changes in Gecko, Mozilla’s Platform Engineering organization needs to remove all B2G-related code from mozilla-central. This certainly has consequences for B2G OS. For the community to continue working on B2G OS they will have to maintain a code base that includes a full version of Gecko, so will need to fork Gecko and proceed with development on their own, separate branch.

-- Email from David Bryant and Ari Jaaksi (via LWN)

mnd , mnd shared this.

It took then 9 month to pull the trigger. Remember, they laid off people in March already. *laid off*.

Hubert Figuière at 2016-09-28T12:03:42Z

2016-09-27T08:11:58Z via Pumpa To: Public CC: Followers

Sudden insight this morning that while the GPL is activated upon distribution, the AGPL is activated upon execution (with any networked interaction involved in that execution).

While I don't think this is an impossible thing to manage, I do think it means that compliance is more difficult with the AGPL... if you are already distributing software, it's not generally hard to distribute source along those same channels. If you're just executing software and having an interaction with another network participant, you might not necessarily have a similar arrangement to do a distribution... you might not even really know what you're running. (That sounds like an odd statement, but "finding" the correct source to distribute in AGPL'ed applications is an unsolved problem.)

While I think this can be overcome with server->client interactions, with some difficulty, I'm still not sure that most client->server interactions, where the client is running AGPL'ed code, can be easily handled. For this reason, I've been avoiding using the AGPL for software which might be incorporated with client code. I find it worrying when compliance may become overly difficult.

I'd like to be wrong about these things!

Claes Wallin (韋嘉誠) likes this.

Claes Wallin (韋嘉誠) shared this.

Show all 7 replies

My most recent project, keysafe, is AGPLed, and the client and server are part of the same program, and a large amount of code is reused between them including http request generation/parsing, object queuing/storage, proof of work generation/checking, data types, and serialization.

So, I hope that there's not really a good reason to avoid using AGPLed code if it could end up running on the client. That would make development significantly less efficient when there's so much opportunity for server and client to share code.

Or it would limit the AGPLed parts to such a thin shell around the shared code that it might not be much of a barrier to creating a non-AGPLed server implementation. If keysafe's shared code was GPLed and only the server-specific code were AGPLed, a simple non-AGPLed server using the GPLed code be implemented by writing only 2 trivial functions; around 10 lines of code.

joeyh at 2016-09-27T14:13:07Z

Christopher Allan Webber likes this.

@joeyh @Charles ☕ Stanhope Note that you could call my post "spreading FUD": I don't have a real tested case of these things. But in moving towards implementing the systems I'd like (which move closer to peer to peer + actor model over time) I've thought about these concerns a lot.

I like the AGPL a lot, and so I debated quietly and cautiously not using it for the project I wanted to, or to discuss it publicly, or just discuss it privately. But I feel like private conversation hasn't gotten me far enough over time, so here's me kicking the shins or tires or something. Hopefully better than kicking the can down the road...

Christopher Allan Webber at 2016-09-27T14:32:09Z

Claes Wallin (韋嘉誠) , Charles ☕ Stanhope like this.

Of course, other projects will vary. My use of AGPL In git-annex is confined to its webapp, and there's still a significant amount of code there, that would take lots of effort to reimplement. There's very little chance any of the AGPLed code there would ever end up in a client either, and if

some part of it did, I'd relicense it GPL in any case.

Still, it seems a shame if AGPL could only usefully be applied to that style of client-server app, and not to ones that have a more svelte design, like keysafe, or presumably what @Christopher Allan Webber is doing with actors.

joeyh at 2016-09-27T16:21:30Z

@joeyh Note that I don't think that the AGPL can't apply to these systems... I'm just not sure of what the compliance implications are! :)

Christopher Allan Webber at 2016-09-27T16:57:58Z

Claes Wallin (韋嘉誠) likes this.

2016-09-26T08:26:19Z via Pumpa To: Public CC: Followers

Hello everyone! Morgan and I are in London, and it's also my birthday. I'm 32!

uıɐɾ ʞ ʇɐɯɐs , j1mc , Charles ☕ Stanhope , Scott Sweeny like this.

Show all 10 replies

@[email protected] Well, have a great time in the UK for your birthday.

[email protected] at 2016-09-26T14:06:34Z

Christopher Allan Webber likes this.

Wow, I'm just barely over one gigasecond old!

Christopher Allan Webber at 2016-09-26T14:10:02Z

Jason Self likes this.

@[email protected] happy birthday!

Diane Trout at 2016-09-26T15:03:33Z

Christopher Allan Webber likes this.

Happy birthday! Jan beat me to the 0x20 joke...

sazius at 2016-09-26T17:30:22Z

Christopher Allan Webber likes this.

Good morning, pumpiverse

2016-09-23T07:42:35Z via Pumpa To: Public CC: Followers

I'm sitting at TPAC in the room at which ActivityPub's fate will be decided!

Well okay, it's not quite that dramatic. Actually, the dramatic parts happen in two weeks. It looks like our transition to Candidate Recommendation will happen then. We're going to need "wide review" soon though... that means I'm going to call on you, dear readers, to help review the standards work we're working on!

Onwards and upwards! Here's hoping our last day at TPAC goes well... I'm optimistic :)

Charles ☕ Stanhope , Claes Wallin (韋嘉誠) , Tyng-Ruey Chuang , der.hans and 1 others like this.

der.hans , mnd , Claes Wallin (韋嘉誠) shared this.

ActivityPub stuff went well :)

Christopher Allan Webber at 2016-09-23T09:34:01Z

Ben Sturmfels , der.hans like this.

Go go go!

JanKusanagi at 2016-09-24T19:40:25Z

2016-09-21T10:32:53Z via Pumpa To: Public CC: Followers

Just did a live demo of ActivityPub client to server stuff and server to server federation in front of a well populated room at TPAC and it WORKED THANK GOODNESS

Sean Tilley , Craig Maloney , sazius , Alex Jordan and 6 others like this.

Alex Jordan , Claes Wallin (韋嘉誠) , Claes Wallin (韋嘉誠) , Claes Wallin (韋嘉誠) shared this.

Glad it went well... A live demo in a packed room is always a tense thing.

Freemor at 2016-09-21T11:35:13Z

congrats!

mray at 2016-09-21T11:54:58Z

@Christopher Allan Webber Is there a video?

Ben Sturmfels at 2016-09-21T12:34:45Z

mray likes this.

@Ben Sturmfels Unfortunately not. But now I have good material for some talks that are :)

Christopher Allan Webber at 2016-09-21T13:18:59Z

Ben Sturmfels , Claes Wallin (韋嘉誠) like this.

2016-09-19T17:21:00Z via Pumpa To: Public , rhiaro CC: Followers

"I need more hours," sighed @rhiaro. "I would use some of them for sleeping."

Claes Wallin (韋嘉誠) likes this.

"This is why I say things: in the off chance I may be quoted on social media." -- @rhiaro

Christopher Allan Webber at 2016-09-19T17:26:14Z

Claes Wallin (韋嘉誠) , Sean Tilley , Jason Self like this.

2016-09-19T15:49:49Z via Pumpa To: Public CC: Followers

The level of anxiety I can get when uncertain of what kind of logging level I should set is probably quite disproportional to any relevant risks. #INFOWARNERRORCRITICAL

der.hans likes this.

2016-09-19T13:27:42Z via Pumpa To: Public , rhiaro CC: Followers

Hanging out with friends csarven and @rhiaro doing some hacking in a hidden corner at TPAC.

>> Christopher Allan Webber:

“[...] csarven [...]”

@Sarven Capadisli? =)

JanKusanagi at 2016-09-19T13:36:15Z

Christopher Allan Webber likes this.

That's the one :)

Christopher Allan Webber at 2016-09-19T13:39:15Z

2016-09-18T17:01:21Z via Pumpa To: Public CC: Followers

Man, Lisbon is just broiling hot.

But I'm here for TPAC!

Hacking Pubstrate from my lodgings RN.

Carol Chen , der.hans , Tyng-Ruey Chuang , Douglas Perkins and 3 others like this.

Oh, welcome to the Iberian Peninsula then =)

JanKusanagi at 2016-09-18T20:54:35Z

Christopher Allan Webber likes this.

Hope everything goes well!

Alex Jordan at 2016-09-19T05:12:13Z

Christopher Allan Webber likes this.

In Lisbon I tasted the most delicious food in my life

catonano at 2016-09-20T19:30:38Z

good luck

roy at 2016-09-24T20:50:50Z

Cords, cords everywhere

2016-09-15T21:12:08Z via Pumpa To: Public CC: Followers

And none of them connect to this port

seriously where did I put it

Alex Jordan , Douglas Perkins like this.

Alex Jordan , Alex Jordan shared this.

BEHIND YOU!!

JanKusanagi at 2016-09-15T21:21:13Z

Daniel Koć , Sarah Elkins like this.

it is the one you are holding.

Hubert Figuière at 2016-09-16T02:48:35Z

You left it at work.

Douglas Perkins at 2016-09-16T05:40:45Z

When in doubt, try another hole. https://www.thinkgeek.com/product/a651/

Alex Jordan at 2016-09-16T19:24:32Z

2016-09-15T18:48:13Z via Pumpa To: Public CC: Followers

Got my ThinkPenguin mini computer, which I'm going to be using as my local network server/backup machine. It's pretty cute!

bthall , Carol Chen , Claes Wallin (韋嘉誠) , Tyng-Ruey Chuang and 3 others like this.

Cool! The Penuin Pocket Wee seems quite expensive to me, but probably worth it for certain applications.

EricxDu at 2016-09-15T18:55:03Z

@EricxDu It's a bit expensive, close to $500. Which isn't so bad for a computer, but seems expensive for a mini-computer maybe. I had a hard time figuring out whatever else might be reasonably free software compatible and decided, "you know what? the thinkpenguin people do a good job, and this looks better than fretting over trying to figure out how to reduce the price and never setting up my backup machine again."

Christopher Allan Webber at 2016-09-15T20:36:59Z

Claes Wallin (韋嘉誠) , Charles ☕ Stanhope , Mike Linksvayer like this.

Also you can save a lot on electricity. And ThinkPenguin does a great job, seconded. :-)

Douglas Perkins at 2016-09-16T05:43:34Z

On "Someone is Learning to Take Down the Internet"

2016-09-15T18:27:33Z via Pumpa To: Public CC: Followers

"Someone is Learning to Take Down the Internet" is an article by Bruce Schneier. And it sounds serious.

It sounds like it's the really big pieces of infrastructure being probed for vulnerabilities: the DNS system, ISPs, and SSL CA's.

Remember that most encrypted communication uses DNS and SSL CA's, which are both highly centralized systems. You only need to really compromise one "trusted" CA and MITM DNS, and you can do anything on almost all systems these days.

It would be different if we were using something "web of trust" like, but even the most popular ~decentralized systems in public use rely on what's in reality a lot of centralization.

So yeah, I think we're very vulnerable.

Alex Jordan , EricxDu like this.

Claes Wallin (韋嘉誠) , Kesara shared this.

I was thinking it was either for warfare or to disrupt civil unrest.

There's http://named-data.net/ which provides a new content centric set of network protocols that might be more robust to DDoS style attacks. (Since it replicates heavily accessed resources.)

Or at least self hosting video files should be safer with named data.

Diane Trout at 2016-09-16T03:34:50Z

If the general message is "the Internet can be disrupted, especially by state actors, so just be aware of that", then OK, great, we all know that. But citing anonymous sources? That's just FUD.

Maybe the problem is real, but if companies won't talk about it, I really don't care if they get burned later. (Although it could suck if when they get burned the rest of us are burdened, too, and then I would care, but only about the damage to the rest of us, not the damage to them.)

Douglas Perkins at 2016-09-16T05:51:10Z

Some Pubstrate and soci-el screenshots

2016-09-14T16:43:00Z via Pumpa To: Public CC: Followers

Here's a Pubstrate screenshot, showing items in a feed. (It includes a little bit of a sappy micro-love-note. I was demo'ing to Morgan, sorry!) But the cool part is...

Here's a screenshot of soci-el, the emacs ActivityPub client I've been writing. The neat thing is that you see that on the right side, the *soci-compose* buffers I composed the messages from (yes, it's using org-mode, yes I'm using comments to hackily handle the "headers" section). These were then sent across the wire using the ActivityPub protocol. On the left side you can see my outbox rendered, also pulled down through the ActivityPub API.

Fun!

der.hans , illyria , Gary Edwards , Alex Jordan and 3 others like this.

Alex Jordan shared this.

Show all 6 replies

\o/

JanKusanagi at 2016-09-15T00:18:27Z

I am SO. INTO THIS.

YESSSSSSS. It gets cooler every time I see it, NO JOKE. So excited for the future of the federated web! :)

Alex Jordan at 2016-09-15T06:26:36Z

Claes Wallin (韋嘉誠) , Christopher Allan Webber like this.

Is Pubstrate currently available for testing?

Would love to play with it locally. :)

Sean Tilley at 2016-09-15T17:43:24Z

Claes Wallin (韋嘉誠) likes this.

@Sean Tilley It could be, if you are brave, you can try it now. However, I recommend you wait a few weeks until I make a public release... there are huge gaps missing in the application, and there is no documentation. For example, there is no "registration" page; I load users into the database via the scheme REPL. That's not good external UX. ;) It's also probably harder to install, currently, if you're not using Guix, because of an obscure library (irregex) which isn't really needed, so I'll be removing soon.

It's close to a "download and try it" alpha, but not there quite yet. But the foundations are good. After my demonstrations at TPAC I'll work on making it into a package that others can try out.

I'm glad others are excited! :)

Christopher Allan Webber at 2016-09-15T20:35:15Z

Claes Wallin (韋嘉誠) , Sean Tilley like this.

New ActivityPub Working Draft published

2016-09-13T19:47:53Z via Pumpa To: Public CC: Followers

Get it here!

Alex Jordan , Ben Sturmfels , Kyosuke , Tyng-Ruey Chuang and 1 others like this.

Iñaki Arenaza , GNU MediaGoblin shared this.

2016-09-13T19:17:07Z via Pumpa To: Public CC: Followers

Drained.

2016-09-13T04:09:09Z via Pumpa To: Public CC: Followers

Finally cut el-get out of my .emacs'ing, and down to only 3 packages using emacs' package interface... everything else I'm pulling out of Guix. Great!

Claes Wallin (韋嘉誠) , Alex Jordan , Ben Sturmfels like this.

Claes Wallin (韋嘉誠) shared this.

Show all 6 replies

@Christopher Allan Webber ah, okay. That makes a lot of sense.

WRT security, that's a very good point. I use different computers often enough that not having my package list under version control is something that's unsustainable, but you're totally right. (MELPA in particular didn't even do TLS for a long time, although that's thankfully not the case these days.) *sigh* I guess I should add "make ELPA have better security" to my endless TODO list :)

I've also never really regretted upgrading a package, even though I'm not even on MELPA Stable. How many packages do you use? (I'm sure it's more than me!) Or perhaps that's the wrong question - a better one might be, how many SLOC do you have in your .emacs that customize packages, and how complex are the customizations (e.g. just setq or something more complicated)?

Alex Jordan at 2016-09-15T06:24:23Z

@Alex Jordan My emacs config is public, but a little it crazy. You can view it here. There's a README.org that shows how I set it up. Not all the files inmodes are currently used. You're on your own. Have fun exploring some emacs lisp wilderness!

Christopher Allan Webber at 2016-09-15T20:44:31Z

That's 2520 lines of emacs lisp configuration. Not all of it is very good.

For a much more impressive .emacs, see @Karl Fogel's gigantic but heavily documented .emacs

Christopher Allan Webber at 2016-09-15T20:47:11Z

@Christopher Allan Webber thanks! Will check both of them out when I get the time. So, you know, Real Soon Now™ :P

Alex Jordan at 2016-09-16T22:01:47Z

2016-09-12T15:15:20Z via Pumpa To: Public CC: Followers

Less than 9 ActivityPub issues left as of this morning. Hope to get as close to 0 as I can today.

Sean Tilley , Jason Self , der.hans , Claes Wallin (韋嘉誠) and 3 others like this.

Claes Wallin (韋嘉誠) , Alex Jordan shared this.

5 left, and 4 of them are json-ld context related... writing the context now...

Christopher Allan Webber at 2016-09-12T22:23:34Z