bentomn

bentomn, 1 month ago

Maybe, possibly. Better get up to the ridge for a better look.

bentomn, 1 month ago

Found dark sky along the ridge top.

Around midnight in Oakland, California. #aurora

bentomn, 1 month ago

@mikeyp Yeah, I do it twice and that tends to work. This year will be three or four. The fire inspector likes to visit 4th of July weekend, which can be a surprise. It seems like I’m always racing up a ladder to clear the roof before going out of town. Now, they post the fire inspection date to the city permit website sometime in June. It helps to know the deadline for their photo shoot.

bentomn, 1 month ago

“No, actually we don’t get any GM PHEV models in the United States," I told him. "Only a few GM Ultium-based EVs and they’re not doing all that well."

I was embarrassed. Here I was in China, trying to empathize with Western brands, thinking they were being pushed out of China due to politics and things that were no fault of their own.”

bentomn, 1 month ago

“In reality, it felt like it was the late 1980s again, when American manufacturers felt like they could sell whatever underdeveloped models its accounting department had cooked up to the public, and we’d just have to deal with it. Now that I’ve seen a glimpse of what’s going on in China, the Western manufacturers, particularly the American ones, don’t seem like they’re trying at all. “

bentomn, 1 month ago

“If the U.S. and Europe get what they want—a crackdown on Chinese imports—it doesn’t feel like it would result in better cars. It feels like it would keep buyers of those markets locked to cars that aren’t executed as well. It’s nakedly protectionist because deep down, all of the Western auto executives and some hawkish China pundits understand that Chinese EV and PHEV models are more compelling than what European, other Asian, and American brands have come up with.”

bentomn, 1 month ago

“At times, this could make it difficult to write about Shellac, as Pothast discovered when she almost persuaded bassist Bob Weston to play her some of To All Trains down the Zoom call, ahead of its imminent release. In the end, Weston couldn't be persuaded. "It just sounds like another Shellac record, he offered. "It's the same three guys in the same studio."”

https://shellac.bandcamp.com/album/to-all-trains

The Wire - Shellac Feature
https://www.thewire.co.uk/issues/484

via
https://thequietus.com/articles/34131-steve-albini-obituary

#Shellac #SteveAlbini

bentomn, 1 month ago

@docpop Absolutely. Albini had this tendency to tell stories, and be extemporaneous during shows. One of the pieces for pitchfork mentioned he trained as a journalist before finding this outlet as a chronicler of live sound. It was also nice to catch a glimpse of Electric Audio, his recording studio, in some of the videos that are making the rounds. In those he talks about all the things he and his team came up with to record drums, that contributed to so many recordings over the years.

bentomn, 1 month ago (edited 1 month ago)

Reading this blog, it seems my concerns from the outside looking in were somewhat valid.

Here a developer of thirty years, with fifteen years of experience on the project, relates how difficult it is to carry a feature all the way through, and land with reliable tests.

http://rhaas.blogspot.com/2024/05/hacking-on-postgresql-is-really-hard.html

bentomn, 1 month ago

Read this again, and it says unless you’re able to give six months a year, you can’t realistically participate.

Few will find that time outside a corporate or academic sponsorship.

Can a different code review platform, or forum software, reduce time obligations for contributors?

Watching python core, I see a similar sunk cost to their mailing list. Also a big turn off.

For key committers/reviewers, the mailing list just works.

This is why process change is hard.

bentomn, 1 month ago

@acdha @ben It’s worth talking about because it showcases that dependencies need regular review. What code can you remove this quarter? Can you drop a complex dependency that no longer has an owner? In the case of systemd loading xz as a shared object with elevated privileges, and xz being the vector to obtain remote code execution, it gives security teams and responders a nice case study for where to focus audit efforts.👀

bentomn, 1 month ago

@acdha @ben the m4 stuff and the tar packages retrieved from the servers being different than what’s on github demonstrates you can’t prevent some motivated groups. if it’s your system, you could just not load that dependency, maybe. perhaps the stability of a smaller auditable code is better than that lightly maintained github package accepting PRs. dependencies are added early and often stick. if your org doesn’t greenfield, adopting a posture for legacy remediation can help.

bentomn, 1 month ago

@acdha @ben that’s certainly the hope, yes, I believe we agree on much of this. Socializing and celebrating by lines removed is easy to implement and understand. Other areas are rationalizing browser like code, build artifact caches, pdf pipelines, legacy code build tools, jobs hanging off ci/cd, terraform. Some will get lower privs, sandboxing because the audit and remediation can’t be completed in acceptable time. The end goal of this work is increased ownership of the critical paths.

bentomn, 2 months ago (edited 2 months ago)

@gregly following a few hashtags can improve the mix of good, thematic posts.

bentomn, 2 months ago

@mikeyp parent in marketing, perhaps.

bentomn, 2 months ago

@hbuchel “statistics” didn’t test well in focus groups.