Notices by Glyph (glyph@mastodon.social)

@zkat dang I had not heard this part of the story before https://en.wikipedia.org/wiki/Christopher_Columbus#Third_voyage_(1498–1500)

@whitequark skibidi rizz energy use reduction?

oh thank goodness https://youtu.be/aEWb1otLVPo

@brooke the date. put it

if you are writing a UI

that loads data

"the data is not loaded yet"

must be OBVIOUSLY VISUALLY DISTINCT from

"the data is loaded, and it is empty"

that is all

@whitequark why do the nazis gotta ruin everything fun

(I used to use Tolkien's Angerthas in various places, which is tied to the origin story for my name, and I gradually stopped mostly for this reason)

If you have seen folks talking about "Omarchy" or maybe seen a screenshot that looked neat, please be aware that it is an operating system for nazis, by nazis. DHH made a linux distribution with Hyprland, which is a tiling Wayland compositor for bigots, by bigots.

I am sorry if you'd seen some of the compelling aesthetics and I had to rain on your parade, I hope that this saves a few people from investing any emotional energy in this project

Apple should really be giving out free codesigning certificates to developers of open source apps. Normalizing the idea that any time you see a cool scrappy app outside the app store it's normal that step 1 to install it is going to be some janky thing that requires obscure command-line junk to live outside gatekeeper & xprotect just completely delegitimizes those systems

the biggest problem we *already have* in open source right now, which we have oversimplified into the term "supply chain security", is the lack of understanding that putting a dependency in your project's dependency set (package.json, pyproject.toml, requirements.txt, cargo.toml, etc) is not just "downloading some code", it is *establishing an ongoing trust relationship with a set of human beings*. this fact is *way* too obscured in all the tools we use.

this is why there is no such thing as "vibe engineering" and it is farcical to imagine a world where it even could exist. even with all the responsible code review and QA and cross-checking (which is like, literally impossible, given the amount of vigilance fatigue that AI systems provoke, and the metrics we have so far all bear that out), the long-term maintenance cost of a workslop infrastructure is going to be *devastating*

Python 3.14 is out!

Already using https://github.com/glyph/mopup to keep your Python security updates applied? `mopup --minor=True`, and you'll get 3.14. Remember to get updated to 3.13.8 as well, since I assume very few of you will be able to switch over to 3.14 for everything on day 1…

here's an "optimistic" thought

when I was starting out in the open source community, it was commonplace for people to re-implement proprietary solutions that were wildly too expensive for what they did, insanely restrictive in their licensing, and generally poor quality. this lead to a renaissance (or perhaps just a … naissance) of free clones of equivalent or greater quality proprietary stuff. many of these tools (linux, etc) are still around and in wide use, or even "won" their niche

this article is haunting me because it is much more correct than it knows https://www.wired.com/story/vibe-coding-is-the-new-open-source/

like there's a bunch of faff in here about security issues (and sure, fair enough, the context here *is* wired's "security" column) and quality problems, but there is a much darker interpretation of what's happening

corporations have been reluctant to "give back" because while it can produce good press, if you start "giving back" to the "community" too much, then the cost savings you got from externalizing your complement starts to erode; if you're going to give money to some tech, might as well own it

bluntly, POSIWID: "open source" is a social system for corporations to externalize infrastructure costs, and, materially, not much else. there are of course principles involved and possible future benefits, but *today*, that's mostly what is going on in the "community"

it doesn't actually work; a vibe-coded framework is never going to help structure your systems anywhere near as well as one that is the result of human judgement and discernment, even one with a hefty pile of legacy junk associated with it. but management is not going to be able to see this; structurally, managers see the benefits and have a much harder time measuring or even perceiving the costs

but the scary part of this article is the bit where vibe coding *reads* to corporate interests as an alternative to open source, in that you can externalize your infrastructure development and maintenance costs onto OpenAI's VC investors instead. slightly higher overhead per developer, but no need to deal with pesky human beings who might start to agitate for more resources, so the reduction in hassle is worth the cost

[remember to like and subscribe and support me on github sponsors and patreon and tidelift, thanks]

py𝛑