Category: open source

There are 5 posts filed in open source (this is page 1 of 1).

Replied to Proposal: Treat FLoC as a security concern (Make WordPress Core)

Google is rolling out Federated Learning of Cohorts (FLoC) for the Chrome browser. TL;DR: FLoC places people in groups based on their browsing habits to target advertising. Why is this bad? As the …

I’m responding to this on my own site because I can’t get the interface on the Make blog to do the click right when attempting to reply over there.

I 100% agree with this proposal. Users can only choose to opt in or out if they’re able to make an informed decision about this, and for better or worse, they can’t do that. I’m pretty sure Google will market this as some sort of user-beneficial feature, assuming they tell non-technical users anything at all about this. WordPress, according to its own “bragging”, (I’m using that loosely), powers something like 40% of the web. We can’t continue as a project to pretend we have no impact on it.

Congrats and thanks to everyone who helped ship 5.6, whether or not your name is on the credits page. John @whiskeydragon1 and I are looking forward to contributing to WordPress 5.7.
Read Long-Needed Date/Time Improvements Land in Core by Justin Tadlock

After more than a year and several WordPress updates, an overhaul of the core Date/Time component concluded. WordPress 5.3 will ship with fixes for long-standing bugs and new API functions.

Not all heroes wear capes.

The core Date/Time component is a rabbit hole which is not for the faint of heart, and I’m glad to see these changes coming to WordPress 5.3.

Read GitHub Free users now get unlimited private repositories

If you’re a GitHub user, but you don’t pay, this is a good week. Historically, GitHub always offered free accounts but the caveat was that your code had to be public. To get private repositories, you had to pay. Starting tomorrow, that limitation is gone. Free GitHub users now get unlimited private repositories.

I think this is over all a good thing, although I’m hesitant to take this as some sort of goodwill sign from Microsoft. I find that it’s easier to deal with the disappointment that inevitably arises when platforms remove or limit features if one keeps in mind that these are business decisions and nothing more. Plus, honestly, I still don’t trust Microsoft when it comes to free/open source software. Their newfound love for open source hasn’t been around long enough to erase their very long history of having an anti-open-source stance. This article opines that most developers have come to terms with Microsoft’s Github acquisition. Well of course we have. Most of us use Github either for our own projects or for projects we contribute to, and it’s easier to just come to terms than it is to spin up decentralized operations and move everything over to those. Decentralized is the better approach, although I think managing the social aspects of software contribution is still a hurtle. I need to look into this more.
Read De-facto closed source: the case for understandable software

Code is the only thing you can trust when you want to know what the software is doing, when the company goes belly up, or when your system isn’t the same system that the original authors were developing on.
Code is the only thing you can trust, and by not reading it, you’ve forfeited the most important benefit provided by this ecosystem: the choice of not having to trust the authors regarding behavior or continuity.

This is a good read regarding the event-stream ongoing saga, and I agree with it, but I also have some things to add to it. For those of you who may not be familiar, (non-developers), event-stream was pulled from Node Package Manager, (something that gets used pretty frequently when building software in order to manage dependencies, otherwise known as other code bits you need in order to run/build your code bit), because it relied on another package which was found to have vulnerabilities. It was then handed over to someone else, who promptly added a cryptocurrency iner to it, at which point the internets freaked out. Frankly I don’t completely blame the new maintainer for adding the cryptocurrency miner. There are very large corporations who have no problem using open source software for their benefit, all while not supporting the maintainers. See for example: Apple and Microsoft. And if you can’t be relied on to hit that donate button, well then we’ll just use your processing power because eating habbits need to be supported. I’d like to add to the post I’m linking to though that, while I think code does need to be simpler and thus easier to understand, I also think maybe we need to simplify our build processes. But back to the “understanding” point, reading code is a learned skill, and I think to a certain extent it’s on the users, (and in this case the users are developers), to learn how to read code. As much as I’d like code to be simpler, outside of everyone who writes code taking courses/reading books on best practice and then applying all that, I don’t see this happening.