Notices by Ludovic Courtès (civodul@toot.aquilenet.fr), page 8

Embarrassing: only today did I learn that “archival” is an adjective, not a noun.

I’ve been using it wrong for so long that I’m considering patching dictionaries.

My friends, I made a terrific (terrible?) discovery that goes by the name ‘sdlpop’:
https://packages.guix.gnu.org/packages/sdlpop/1.22/

I spent hours on this as a kid and it was great, even though I’m not sure I ever went past level 2 (I didn’t today).

When I’m on the verge of completing a programming task, I find myself taking my time, slowly polishing things.

It’s a bit like when you’re getting close to the end of a book and start slowing down just to enjoy.

(Am I the only one to have this pathology?)

“We don’t want #reproducibility because we’ll get a badge.
We want reproducibility because being sure of what we run makes us more productive.”

Anne Fouilloux on #ReproducibleResearch at ORAP Forum.

Time to upgrade the #Guix daemon, people 👇
https://guix.gnu.org/en/blog/2024/fixed-output-derivation-sandbox-bypass-cve-2024-27297/

Many thanks to @puckipedia for discovering the vulnerability in Nix, and to @picnoir and Théophane of Nix for the heads-up!

Dear LLVM, maybe you shouldn’t make strong assumptions about what you’ll find in /opt/rocm, /usr/local, and whatnot.

https://github.com/ROCm/llvm-project/blob/f3e174a1d286158c06e4cc8276366b1d4bc0c914/clang/lib/Driver/ToolChains/AMDGPU.cpp#L274

New section on getting started with #Guix System:
https://guix.gnu.org/manual/devel/en/html_node/Getting-Started-with-the-System.html

UN Special Rapporteur reports on human rights violations against environmental activists (including sleep deprivation and denial of access to food and water) and obstruction to the freedom of press by French police:
https://unece.org/sites/default/files/2024-02/UNSR_EnvDefenders_Aarhus_End_of_mission_statement_Tarn_29.02.2024_ENG.pdf

Guile-Git 0.6.0 is out!
https://gitlab.com/guile-git/guile-git

What’s new 👇
https://gitlab.com/guile-git/guile-git/-/blob/35a9701c5ff3191482e581e58d83cc635c525d34/NEWS

#Guile

Guile-Git uses the FFI to wrap libgit2, and libgit2 exposes C structs (as opposed to pointers to opaque structs as is often the case with “modern” C libraries).

Making sure we’re still targeting the right ABI when those structs change is a challenge…

Maybe time to use the nyacc’s ffi-helper?

@alxlg I challenge the assertion that “Guix is overkill” for your research. What would that even mean? That it makes your computational workflow “too” reproducible⁈

Not the first time I read that. I tried to answer this question, namely “Is reproducibility practical?” 👇
https://hpc.guix.info/blog/2022/07/is-reproducibility-practical/

Also, there may be other ways to implement that, but opaque container images are not one of them.

@adamhsparks @zimoun

@alxlg A container image is a bunch of bytes, itself the result of a complex computational process: running ‘apt install’, building software, etc.

If all you have are those bytes, you cannot tell where they come from—just like when given a cake, you can at best guess what ingredients it contains, but you cannot tell whether it contains Novichok nor derive its recipe.

@zimoun @adamhsparks

Entretien très clair et structuré avec Friot sur le salaire à vie (26 min) :
https://www.arte.tv/fr/videos/113629-009-A/et-si-on-etait-paye-a-ne-rien-faire/

I do LaTeX a bit like I do JavaScript (though I rarely do JS): I type stuff in a search engine, copy one-liners, and add packages to get the job done.

In a way, I feel like LaTeX/Lout is a bit like JavaScript/Scheme: a choice between a wealthy environment and semantic clarity.

@olasd @nono2357 Super exposé ! @nono2357, tu parles de 20 à 200 transactions, c’est toujours d’actualité ?

Avec 12 ans de recul, qu’est-ce qu’on peut dire sur les attaques, aussi bien sur la vie privée que pour utiliser une carte pour des paiements en ligne ?

En tout cas la non-conformité à PCI-DSS n’a visiblement eu aucun effet et la CNIL n’a pas non plus fait appliquer l’obligation de moyens de protections…

I recently learned that, without authentication, a bank card can send information such as: the card holder’s name, the expiration date, the last three transactions (or more depending on the model; this is used to allow payment and control in public transports).

All this can be done “contactless” for NFC cards.

I’m not sure the consequences on #privacy are widely understood.

@AilesGrises The ISO standards are all paywalled and with complex interdependence so I couldn’t find a primary source (I learned this from a discussion with someone from the field).

The ‘siunitx’ LaTeX package and Wikipedia are trying to convince me that an accepted typographical convention in English is to separate digits with “narrow gaps” instead of commas, like “12 000” instead of “12,000” (twelve thousands):
https://en.wikipedia.org/wiki/Wikipedia:Manual_of_Style/Dates_and_numbers#Grouping_of_digits

I don’t remember ever seeing narrow gaps for grouping in English but is it… common? preferred?

(LC_NUMERIC for en_* in glibc uses commas.)

@khinsen I also have that feeling that we all too often remain in “small circles” in those open science events.

I really think that #ReproducibleResearch and #OpenScience should be framed in terms of user autonomy: individuals should be able to share their articles, their experimental protocols, and their computational experiments, without relying on third-party services.

@khinsen I don’t think users of proprietary software have their needs heard just because they pay, though. There’s AFAIK hardly any communication between customers and producers of that software.

This is the opposite of free software where users can talk to developers. Granted, it’s an investment, and users and developers need to find a “common language”, which can be hard—e.g., scientific Python.

But what if we insisted on autonomy instead of customer relationships?