@carol@crabby.fyi
@carol@crabby.fyi avatar

carol

@carol@crabby.fyi

Cis. Author of The Rust Programming Language book. Crates.io team. Integer 32 co-founder. Pittsburgher. Elated and gassy.

I'm probably not going to approve your follow request unless we've interacted IRL.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

carol, to random
@carol@crabby.fyi avatar

what would it look like if forking an oss project wasn't seen as hostile, but was an acceptable way of making a family of projects that choose different tradeoffs?

carol, to random
@carol@crabby.fyi avatar

the lesson I'm choosing to take from xz, as an oss maintainer, is that anyone trying to pressure or guilt me into doing something should immediately be told no, for security reasons

timClicks, to random
@timClicks@mastodon.nz avatar

The coolest thing about Rust Nation UK 2024 confirmed all my worst fears about software supply chain security (and then xz made things worse) https://tim.mcnamara.nz/post/746402277639782400/supply-chain

carol,
@carol@crabby.fyi avatar

@timClicks what sort of checks would you like to have seen?

luis_in_brief, to random
@luis_in_brief@social.coop avatar

🔥 it’s a core mistake of the movement that OSI (and maybe Creative Commons, though it is differently situated) emphasized licensing so disproportionately over community in the early 2000s.
https://hachyderm.io/@mattdm/112134152636307431

carol,
@carol@crabby.fyi avatar

@luis_in_brief does this point to a need for an organization to be created that does have a human+community-centric vision?

carol, to rust
@carol@crabby.fyi avatar

I'm on the program committee for #RustConf this year, and the CFP is open now until April 25! https://sessionize.com/rustconf-2024

You should submit a talk! Yes, you!!

#RustLang

carol,
@carol@crabby.fyi avatar

Here's my Top Secret™️ tip for writing a great talk proposal:

Be as specific as possible about what an attendee of the talk will get out of it.

That's it. Lots of proposals don't do this, and because the proposals are reviewed without identifying information about the submitter, it's sometimes hard to tell if a talk is going to provide useful info, be a vendor pitch, or not have anything substantial to say.

carol, to random
@carol@crabby.fyi avatar

the RMS trash picker, for all your RMS trash picking needs. or as i've recently taken to calling it, RMS plus trash.

carol, to rust
@carol@crabby.fyi avatar

I'm pleased to announce that @chriskrycho has agreed to join me as a co-author of The Rust Programming Language book! 🎉

I'm incredibly excited to work with Chris-- we're going to be adding a chapter on async, at long last 😁

#RustLang

epage, to rust
@epage@hachyderm.io avatar

Hot take: The #rustlang community is wrong in their MSRV (minimum supported Rust version) policies, making things harder on maintainers without helping their users.

Generally, maintainers follow an "N-M" policy, meaning they support a fixed number of versions back from stable (e.g. with stable at 1.76, an N-2 policy would support 1.74).

What we should instead be doing is specifying fixed versions (N%M==0), maybe with a grace period (e.g. "N%5 for MSRV with upgrades deferred by a release").

carol,
@carol@crabby.fyi avatar

@epage i'm feeling spicy, might delete later, but:

  • crate MSRVs don't mean much without a rustc LTS
  • anyone asking an OSS crate for something other than what the maintainer feels like doing (either upgrading faster or supporting further back) should be paying the maintainer for it
carol, to rust
@carol@crabby.fyi avatar

The #RustLang Foundation is hiring another infrastructure engineer! https://foundation.rust-lang.org/careers/

timClicks, to random
@timClicks@mastodon.nz avatar

Them: The endpoint returns a 200 OK response with no body
Me: ಠ_ಠ
Them: ...?
Me: HTTP 204 was right there

carol,
@carol@crabby.fyi avatar

@timClicks which would you rather have: 200 with no body, or 204 WITH a body (which I encountered recently)?

kurtseifried, to random

Do you know who is to blame for bad passwords in the 23andme hack? Find out with @joshbressers and me on the #osspodcast https://opensourcesecurity.io/2024/01/21/episode-412-blame-the-users-for-bad-passwords/ TL;DR: It's complicated.

carol,
@carol@crabby.fyi avatar
luis_in_brief, to random
@luis_in_brief@social.coop avatar

Put out a post trying to explain the #vizio case to normies. Lots of nuance lost in a post of this length, of course, but the tldr is that @conservancy had a very significant win. Some more details, a lot of which wouldn't fit in the post, in 🧵.

https://blog.tidelift.com/will-the-new-judicial-ruling-in-the-vizio-lawsuit-strengthen-the-gpl

carol,
@carol@crabby.fyi avatar

@luis_in_brief courts will look favorably on us software folks filing a bunch of lawsuits, with the only change being the license involved, in order to fuzz the laws, right? right??? 😉

fasterthanlime, to random
@fasterthanlime@hachyderm.io avatar

Starting to think that CEOs using sport metaphors is a red flag

Thinking back on personal experience it certainly seems to be a signal 😬

carol,
@carol@crabby.fyi avatar

@fasterthanlime military metaphors too imo

carol,
@carol@crabby.fyi avatar

@fasterthanlime currently on my list for "most cringe" is "left of boom"

kurtseifried, to random

To put it bluntly: barcodes are a miracle and underappreciated.

Software package identifiers are much harder, which is probably why everyone complains about every existing solution to some degree because they are all. in fact. not great. Because it's a really hard problem. Find out with @kurtseifried and @joshbressers on the #osspodcast https://opensourcesecurity.io/2024/01/07/episode-410-package-identifiers-are-really-hard/

TL;DR: CISA did a REALLY Interesting thought experiment about 4 possible outcomes and you should probably read the paper they produced talking about them.

P.S. I wish I could @cisa

carol,
@carol@crabby.fyi avatar

@kurtseifried
@joshbressers just finished listening to this episode, but I haven't read the PURL spec or the CISA paper about how package ID interacts with DNS buuuut... I would LOVE to see people host their Rust crates on their own domain (Cargo supports installing from wherever; hosting a crate index could be easier)! If you meant crates.io should add DNS verification though, yeah no, I'd rather not 😅

kurtseifried, to random

Good news: radios are getting really cheap and low power, heck we stuck one on the cats collar. Bad news: we're sticking radios in everything new, and relying on them, maybe too much? Also, it's amazing that things like GPS even work at all considering how weak the signals are. Find out more with @joshbressers on the #osspodcast https://opensourcesecurity.io/2023/12/10/episode-406-the-security-of-radio/ Also Kurt totally doesn't do illegal things with stuff that isn't legal to turn on, but he does know what happens when you turn on a GPS signal jammer.

carol,
@carol@crabby.fyi avatar

@kurtseifried
@joshbressers "I'm going to admit to a felony:" aaaaand any lawyer listening to this has segfaulted.

carol, to random
@carol@crabby.fyi avatar

You put your Altman in,
You take your Altman out,
You put your Altman in,
And you shake him all about,
You do the hokey-pokey and you move VC around,
That's what tech's all about

luis_in_brief, to random
@luis_in_brief@social.coop avatar

A legal brief on the definition of “double spacing”, with not-so-gratuitous swipes at Microsoft Word, is total catnip to me. https://matthewbutterick.com/pdf/jones-line-spacing-motion.pdf

#LawFedi

carol,
@carol@crabby.fyi avatar

@luis_in_brief "Defendants conveniently omit
from their paper that Defendants themselves have filed documents with the Court in 24-point
spacing." OOOOOOH BURN🔥 !

carol, to random
@carol@crabby.fyi avatar

@ekuber I just accidentally typed let_variable_name = instead of let variable_name = and rustc suggested let let_sort_key_columns = sort_key... do you think a missing let with a variable starting with let_ is worth special casing to suggest let variable_name instead?

filippo, to random
@filippo@abyssdomain.expert avatar

Cool cool, every GitHub repo is 404ing. Panicked I had deleted FiloSottile/age.ts for a second, and then that my whole account had been nuked.

carol,
@carol@crabby.fyi avatar

@filippo
@ashley with this toot that came across my timeline as i was also experiencing said problem, I declare that fedi has Made It™️ as the more-honest-status-page that Twitter once was for me. Thank you ❤️

kurtseifried, to random

So @joshbressers thinks my Spider-Man documentary would be terrible. But I think it’s important to document what happens to all the leftover webbing as he swings through the city. We’re talking a super high strength tensile cable, also super sticky. So are people getting tangled up in it? Decapitated? What’s it doing to the buildings and structures? At a minimum it has to be discoloring things, more likely it’s causing structural damage, you can’t apply that that much force to that small of an area and not expect something to get damaged.

carol,
@carol@crabby.fyi avatar

@kurtseifried I have been wondering the same sort of thing for the Frozen universe: when Elsa makes a winter wonderland in the ballroom before she knows how to melt stuff, what poor servants wake up and find out their day is going to be spent shoveling out the ballroom for the umpteenth time???
@joshbressers

Di4na, to random
@Di4na@hachyderm.io avatar

Open question to possible FOSS lawyers out there.

Would a "license" that provide all the classic open source tenets but give fines for ever contacting the authors be possible and enforceable?

I don't think it is a good idea, but i am wondering about some things.

carol,
@carol@crabby.fyi avatar

@Di4na I am cackling. I want this.

carol,
@carol@crabby.fyi avatar

@Di4na call it the "shut up or pay me" license

timClicks, to random
@timClicks@mastodon.nz avatar

Hey dev, have you ever walked away from a job because the build system and related tooling is terrible?

carol,
@carol@crabby.fyi avatar

@timClicks a startup I worked for got acqui-hired and the acquiring company wanted us to work on their product. I tried for three days to get their site to build on my machine. I couldn't do it and their devs couldn't get it working, so I quit. (There were other issues too)

  • All
  • Subscribed
  • Moderated
  • Favorites
  • bokunoheroacademia
  • kavyap
  • Durango
  • thenastyranch
  • magazineikmin
  • InstantRegret
  • mdbf
  • khanakhh
  • Youngstown
  • slotface
  • rosin
  • GTA5RPClips
  • tacticalgear
  • DreamBathrooms
  • anitta
  • modclub
  • osvaldo12
  • everett
  • ethstaker
  • cisconetworking
  • cubers
  • relationshipadvice
  • lostlight
  • normalnudes
  • Leos
  • tester
  • HellsKitchen
  • sketchdaily
  • All magazines