Monday, August 03, 2020

Saturday, July 04, 2020

The Geek and the pseudo inclusive peer pressure

Discrimination based on social skills and social groups exists and geeks experience it a lot.

One facet of it is the pseudo inclusive peer pressure.

The desire to belong to a group is strong in anyone so people would accept many things just to fit in.

At the same time, a few understand this game quite well, can get meta about it and specifically target geeks to mock them by appearing to be inclusive.

Nothing causes more pleasure to such dark 'master minds' than tricking a geek into ridiculing itself!

Not only for the ridicule but for the mere fact that the geek believed they would thus become part of the in-group: this was never on the table! They will never be part of the in-group!

After a few such experiences some geeks develop a good sense for this situation.

There is no surprise then that some react quite hard in the grown up world. Their senses are screaming: it's a trap!

But the master minds are also grown ups now, and they want small things, all in the name of being inclusive.

Tuesday, June 30, 2020

Open Source sustainability is not about the individual

There was a lot of buzz a while back about Open Source sustainability. Small and large companies as well as individuals discovered it's near impossible to survive financially doing Open Source.

It occurred to me that this might be an emergent property of Open Source and a reason why many foundations (like Apache) as well as users intuitively look at the "community" first.

The community is like a swarm, a Redundant Array of Individual Contributors (RAIC) that carries on regardless if a particular individual drops out. So, a "good" Open Source project is one where the community achieved this chain reaction while the others are at a stage where individual contributors make or break the project.

This conclusion is quite ruthless about a specific company or individual though: the better your Open Source project is, the more precarious your position.

The role of BDFL (Benevolent dictator for life) might be the only one guaranteeing some stability for an individual, but this means the swarm can only sustain one queen (I mean, dictator). Conceptually this role might be required to provide some coherence to the swarm.

Thursday, June 04, 2020

Instant Thought: another open source supply chain attack

It seems not a day goes by without another open source supply chain attack.

The latest, uncovered by the security researcher "JK" is called "Instant Thought" and was noticed in the most popular Java IDE, combined the the very popular build system Gradle.

One might assume that just opening a Gradle project to read the source code is a safe operation, but Instant Thought shows this is not the case.

Gradle projects might have an unassuming settings.gradle file with a tiny block which gets executed by the IDE as soon as the project is loaded.

Root cause analysis showed the problem is the gradle.projectsLoaded hook which is able to run code with the full permissions of the user account:

gradle.projectsLoaded { g ->
  // do bad things

"This is not unlike the Word macro viruses seen in late '90s" said another analyst. "Which just shows how behind the times the IDEs are with security".

It is not clear how widespread Instant Thought is but suffice to say developers have to think long and hard before executing or even opening unknown projects.

According to the vendor, this is a low priority issue: "[Our IDE] automatically configures the project during the import (which is quite similar to executing gradle command) and it causes the code execution. The current behaviour seems not to be a high severity security problem thus it won't be fixed in the near future."

Thursday, January 23, 2020

Roam Like at Home is a regression for Romania

On June 15th 2017 the EU launched "Roam Like at Home", a set of rules that removed roaming charges. It was a great idea to harmonise telecom infrastructure and remove another invisible border separating people within the EU.

Romania was hit particularly bad by these rules. They introduced new borders where before there were none.

Previously, roaming was available to any telecom user either on a subscription plan or on a pre-paid card in Romania. The only limitation was that, rarely, the operator might ask for a warranty (say, 100 euro) so you don't rack up too many fees while abroad.

Internet and mobile services are particularly cheap in Romania and fast. We used to be ranked on the 5th place world wide based on internet speed alone.

So, by having such cheap prices a problem for Romanian telecom operators was that this might encourage abuse from Romanians going abroad and downloading too much, or by other EU people buying Romanian SIM cards to use instead of their expensive national SIM cards.

In order to contain this potential problem the EU was flexible with the "Roam Like at Home" rules and allowed a "fair use policy".

But the biggest blow was that the EU allowed contracts without roaming services. Guess what all Romanian telecom operators started rolling out immediately? They removed roaming from all the subscription plans under a price they considered acceptable!

A reasonable, entry-level, subscription plan that would have had roaming before 2017 suddenly became useless when crossing the border.

Note that without roaming nothing works! You have no data but no calls or SMS either. You are stranded with a non-functioning telephone in another EU country. This was an "interesting" experience for Romanian tourists early 2018. All they could call is 112.

Getting roaming temporarily on a subscription plan is just not possible anymore. Either you upgrade the whole plan to a more expensive one, forever, or you have no phone abroad.

A pre-paid card has more advantages. You can activate a more expensive roaming plan at any time, but you are still penalised by losing all the benefits you had until then, regardless how much the 'national' plan costed or how much you used from it.

In conclusion Roam like at Home reduced the quality of the telecom offer in Romania and introduced a quite visible border separating Romanians from the rest of the EU. One cannot imagine under what scenario the concept of 'roaming services' for SIM cards sold within the EU to EU citizens should even exist.

Another change that this measure did introduce in Romania is a bigger churn on SIM cards and operators. If Romanians manage to separate their identity from the SIM number and the operator is just a dumb carrier then it will not have been all for nothing.

Friday, August 16, 2019

Wayback Machine Downloader

Internet Archive's Wayback Machine is a gift to the world. For quick checks you just enter the URL and you get the archived version going years back.

A whole little cottage industry seems to have been formed around the Wayback Machine. They offer you whole-site download and conversions for the low price of $5 or $15 or $45 or however much they can convince you their service is worth.

Among these busy bees, the free Ruby based Wayback Machine Downloader is a little gem.

You just install it then run

wayback_machine_downloader -c 10 -s

and you get everything! Total cost: $0.

Installing the actual gem on macOS as a non-admin user seems to have contradicting info online. There's a `gem install --local` command but it doesn't seem to do what one expects -- installing in the home folder of the current user.

What did the trick for me was:

gem install -i ~/.gem/ruby/2.3.0/ wayback_machine_downloader

and this after I manually downloaded the proper .gem file from

Some were even recommending to add a http (versus the default https) source to gem but that seemed foolish and even gem itself complained about using http in 2019.

Whatever road you pick with downloading from Wayback Machine, remember all the work the Internet Archive is doing for all this to be available to you and donate to them.

Global ecosystem report 2020: Java text editors and IDEs

The JChoice Global Ecosystem Report 2020 is looking good: Apache NetBeans at 50% of the free Java tools, Eclipse at 45% and vi / Emacs a...