Blog

ESLint Security Incident

Happily, the version my installed eslint contains is later:

% npm info eslint|grep scope
eslint-scope: ^4.0.0

Interesting attack: Collect one bad password, use that to get someone's npm credentials, push a virus that uploads more peoples' npm credentials. Soon they could have had every package infected. Only being watchful prevented catastrophe.

Repeating my Password lesson: Use strong passwords. Do not ever reuse passwords.

What I'm Watching: The Forest, Anthony Bourdain: Parts Unknown

  • The Forest: French gendarme captain arrives in a small town surrounded by wilderness just as a girl goes missing, presumably abducted in the Fay Woods. The cast includes a feral wolf-girl grown up into a sexy French teacher, woods people, nosy townspeople full of secrets, half-assed local flic, dead girl's moody and secretive friends. Very Twin Peaks-like, without being a direct ripoff as so many in the genre are. Beautifully shot, lovely music (tho not enough of it). ★★★★★
  • Anthony Bourdain: Parts Unknown: I only saw a handful of his shows in his lifetime, but always liked his Kitchen Confidential writing. The Tangier, Morocco, ep is fantastic. I love William Burroughs' writing and spoken-word-poetry albums, and Tangier was Burroughs' muse. The other beats and Tangiers expatriates are interesting, but perhaps less so. Bourdain was always polite and treated well in Muslim countries, despite his atheism and Jewish ancestry, but as another infidel I'm leery of such places, so his travelogue is as close as I'm likely to get. Randomly wandering thru other eps as long as Netflix has them. ★★★★☆

The Last Star Wars Movie

Star Wars, in descending order of quality/interest:

  1. Empire Strikes Back
  2. Star Wars
  3. Return of the Jedi: Tatooine only
  4. West End Games' Star Wars RPG, 1st Edition only
  5. Star Wars Holiday Special: Boba Fett cartoon only
  6. The Saga Begins, by Weird Al Yankovic: What a pity they never made this movie
  7. Marvel Star Wars comics
  8. Alan Dean Foster's Splinter of the Mind's Eye
  9. Brian Daley's Han Solo novels
  10. L. Neil Smith's Lando Calrissian novels
  11. Timothy Zahn's Thrawn novels
  12. Dark Horse Star Wars comics
    Below here there is only trash:
  13. The Droids cartoon
  14. The Force Awakens
  15. All Star Wars licensed media not otherwise mentioned
  16. The Ewoks cartoon & movies
  17. All the shitty new movies: Rogue One, The Last Jedi, Solo
  18. Prequels which I deny even exist

I can't tell you how important hundreds of viewings (some in theatre, rest on laserdisc) of Star Wars and Empire were to my young brain. And duels between little Luke and Vader action figures in cardboard and styrofoam sets I made. And weird and annoying rogues and freaks smuggling drugs and blowing things up for the Rebellion in SWRPG.

But I don't think it can ever be captured and repackaged again. The kids today are too whiny to be competent heroes or sympathetic villains, so it doesn't work. The original movies must look incredibly derivative because everyone's been ripping Star Wars off for 40 years.

It's OK to let old properties die out. Let it die with a whimper.

The same thing's happened with Dr Who. The original series (for me, Jon Pertwee, Tom Baker, Peter Davison) was low-budget, and you had to pay attention for a half-hour a day for a week (500% longer than modern attention spans), but it was actual science fiction with ideas; everything since the awful American TV movie and the reboot's been a dumb Hollywood action show with a magic wand and a lot of screaming and running around nice sets. They would have been better off making a new franchise, and sort of tried with Torchwood, but any pretense that NewWho has anything to do with an old man and granddaughter quietly investigating the past is nonsense.

Press X to Review

Picked up Life is Strange freebie episode on Steam. Super aggravating controls: Almost no control over the camera, even less over the cursor: Find the off-target mouse circle, drag slowly to a command. Running is not always available, let alone default as it should be for playability. Most cutscenes can't be skipped. I don't know if I'd like the story or the game, because the first few areas drove me insane.

I've played and enjoyed a lot of walking simulators, like Proteus, Dear Esther, Gone Home (had to massively increase mouse sensitivity), and Connor Sherlock's games. These mostly use standard FPS WASD controls, mouse crosshair, and E to use.

And a lot of story games, like David Cage's Heavy Rain & Beyond Two Souls. Cage's games make heavy use of dual-stick controllers and "mash X now!" quick-time events, have minimal free will to go off the rails, but they aren't frustrating to play.

And physics toys, like Garry's Mod and Goat Simulator. These have dead standard FPS controls and total player freedom.

LiS is the first game in a long time I can't progress in.

Bring Out the Type System

By the way, about void-safety: for a decade now, Eiffel has been void-safe, meaning a compile-time guarantee of no run-time null pointer dereferencing. It is beyond my understanding how the rest of the world can still live with programs that run under myriad swords of Damocles: x.op (…) calls that might any minute, without any warning or precedent, hit a null x and crash.
—Bertrand Meyer, Why not program right?

I knew this would be exasperating, but really now. At this point, my eyes rolled completely out of my head and I no longer have eyes. ?

References don't just randomly become null without warning. You chose to call a function that might return null, and didn't bother to put in an if or assert when that's a possibility. Typically the exception system catches it if you do miss it.

The Objective-C model of nil messaging just returning nil or 0 was theoretically dangerous, but in practice incredibly useful. Crashing out in Javascript means I have to wrap everything with (x ? x.op() : null) to get the same effect, which might require a lot of temp vars.

Do type devotees actually believe in randomly-appearing errors, or that dynamic programmers just flail our limbs on a keyboard until something manages to pass tests, or do they just exaggerate a rare edge case they saw once, or are they completely fabricating this stuff to justify their waste of time/perversion?

Type systems are self-inflicted BDSM, and it is not self-evident that everyone wants to wear a gimp suit.

Talking on the Internet

Or—more likely—a wide variety of nasty computer viruses. If Hiro reaches out and takes the hypercard, then the data it represents will be transferred from this guy’s system into Hiro’s computer. Hiro, naturally, wouldn’t touch it under any circumstances, any more than you would take a free syringe from a stranger in Times Square and jab it into your neck.
And it doesn’t make sense anyway. “That’s a hypercard. I thought you said Snow Crash was a drug,” Hiro says, now totally nonplussed.
“It is,” the guy says. “Try it.”
“Does it fuck up your brain?” Hiro says. “Or your computer?”
“Both. Neither. What’s the difference?”
Hiro finally realizes that he has just wasted sixty seconds of his life having a meaningless conversation with a paranoid schizophrenic. He turns around and goes into The Black Sun.
—Neal Stephenson, Snow Crash, ch. 5

Not always, but sometimes.

Minimally Competent Linux Apps

Yesterday's question and the Linux user response bugs me:

"because they are writing actually useful software, and not bells-and-frippery bullshit."
@dgold

That's just a horrific anti-user attitude. I want nothing but suffering for the developers & maintainers of Linux, but the poor bastards using it are still people, and people deserve software that doesn't suck.

So I duckduckwent for some clickbait and picked out some non-system apps.

Sources:

I'm going to mark these X for Cross-Platform, L for Linux-only, or NL for Not on Linux, and a completely biased first impression (unless I've used it) star rating:

  • X ★★★☆☆: VLC Media Player: Generally quite awful but it works, sometimes the only thing that does on random torrented videos.
  • X ★★★☆☆: Firefox: Meh. The Meh of browsers, leftover squeezings from the corpse of Netscape/Mozilla. The old rendering engine was good, but then the web moved on, and the new engine struggles to keep up. But not unusable.
  • X ★☆☆☆☆: GIMP: Now you're just being mean, Techradar. Nobody deserves to be GIMPed, and it may be against the Geneva Conventions.
  • X ★★☆☆☆: Deluge actually looks kind of decent for a generic torrent client. Hate those stock GNOME(?) toolbar icons.
  • X ★★☆☆☆: Thunderbird: Oh, I remember that. I briefly used it between mutt on BSD, and Apple Mail once I trusted the Mac. I'm sure it's as annoying to use as ever, but it works.
  • X ★☆☆☆☆: LibreOffice: "Because libre is free, man" (tokes). Sure, it barely opens Office documents and often corrupts them, and its feature set is spartan to nonexistent, and it looks like ass, but… uh… I guess it's all you got on Linux? Microsoft Office now runs on Mac, iOS, and Android, so maybe you could run the Android Office instead?
  • X ★★★☆☆: Pidgin: I think this is developed first on Windows, and then they also have a Gtk+ port that runs on Mac & Linux. There's just kind of an antiseptic, joyless smell to Windows software even with a filthy pigeon mascot.
  • X ★★☆☆☆: Audacity: Hideously ugly, impossibly awkward, but often the only audio editor that solves quick editing of multi-track WAVs. I loathe Audacity but use it a couple times a week.
  • X ★★★★☆: Chrome: Competent Google behemoth browser, if there was no Safari I guess I'd use Chrome. Instead it's my Flash-running trash silo.
  • X ☆☆☆☆☆: Copay: I don't consider Ponzi scams legitimate software. How do intelligent people fall for this shit?
  • X ★☆☆☆☆: Fucking Skype: Fucking Skype, can you hear me? Can… Can you hear me calling? Shit everyone hang up and call back in. No, now you sound like a robot, too. FUCKING SKYPE.
  • L ★★☆☆☆: Corebird: No shit, a Linux-only, Gtk+ Twitter client. Supposedly full-featured, at least until Twitter shuts off the API. I hate the big buttons and the weird padding and text boxes that don't fill all horizontal space, it's simultaneously claustrophobic and agoraphobic, which is amazebad. Icon is a bird with its brain exposed like Hannibal Lector is about to scoop it out. I… This is a work of comedy genius, or insanity. But kudos, Linux guys, on your first app.
  • L ★★★☆☆: Evince: Like Preview on Mac, a thing you don't realize is even software. Which is about as high praise as you're gonna get.
  • X ★★☆☆☆: Clementine: I've tried this on the Mac during one of my fits of temper at iTunes. It's functional but not as nice as iTunes (!!!), but for Linux I'm sure it's intolerable since they can't play music without it stuttering or being interrupted, because Linus is an incompetent bozo who doesn't realize real-time audio matters. Also hasn't had an official release or news in 2 years, tho the github repo shows more recent activity. Have fun compiling and running from HEAD!
  • NL: Dropbox: Linuxhint tells people to use Dropbox website despite having no Linux app. That may be the saddest thing I've seen all day, and I just watched a TV show where a man saw two of his sons shot dead, and then he was shot dead and his other son is in prison now. This is the weeping song
  • L ★★★★☆: Cumulus QT: Real-time weather in a nice UI. No web site, just a github repo, but seriously, the first good thing I've seen in this entire mess.
  • X ★★★★★: Krita: A cross-platform but really excellent paint program, somewhat in the style of Fractal Design Painter or any of those. I wasn't even aware it ran on Linux, it's been around in the Mac & Windows world for a while. Doesn't really replace Photoshop/GIMP/Acorn/GraphicConverter for pixel-fucking, but for painting on the computer it's quite good.
  • X ★★☆☆☆: OpenShot: Video editor, awful generic UI and more GNOME icons, and I've heard it described as slower than paint drying, but not my kind of thing to even evaluate.

So that was a parade of mostly the shittiest cross-platform apps ever, that I wouldn't allow on my computer. A couple are respectable. It looks like Cumulus and maybe some GNOME people are the only decent desktop devs on Linux? There are good cross-platform apps not listed, so I suspect "Linux users have no aesthetic sense" is a big part of this, no recognition for even trying.

I'm not going to attempt this for Windows, ain't enough whiskey in the world for that.