No Food for Thought

I'm not the first one to observe that Reactive Extensions For JavaScript have quite a learning curve. It's likely that you will discover RxJS at the same time as you discover "Observables", reactive programming, Angular, and whatever software project using those you'll actually work on. Good luck. And you may also have to understand where your colleagues used RxJS correctly or incorrectly.

One would expect you could do better than your colleagues consulting documentation. Unfortunately, while that documentation exists, it was already criticized in 2017, even before going through a difficult rewrite.

So how many more years will this last? Judging from my own attempt at mitigating, quite a few.

Oh, RxJS surely is quite reactive. The same day I reported 3 bugs in the documentation, RxJS core team member OJ Kwon had already reacted to the reports. Unfortunately, more than a year later, to my knowledge, all of these issues persist. The one excuse provided? RxJS is free.

Well, unfortunately for RxJS and its "millions" of users, my time is not free. My employer certainly can't afford to waste any more resources in that way, so this will remain my last contribution to RxJS.

I honestly don't know if there is a superior alternative to RxJS. But if you are evaluating it, don't rely on its issue tracker to evaluate its status. Believe it or not, as if GitHub's Issues feature was not bad enough already, RxJS now has a Report issues other than bug[sic] discussion category... good luck filtering the outdated from that.

And if you have courage extensive enough to adopt and fix it, be aware you will first have to tame a surprisingly reactive—and in some aspects quite unreactive—community.

The height of the COVID-19 pandemic was an interesting social experiment, for a middle-aged adult like myself who has never lived through a major war. Watching even high quality mass media like CBC's televised news made me realize what propaganda really means. In times of crisis, with extreme polarization and a sense of "war against the virus", the same journalists which usually provide quite critical information, perhaps by fear of being labelled as anti-war, reached the point of providing exaggerated news which could almost be qualified as misinformation.

The pandemic and sanitary measures themselves caused important mental distress and increased misinformation. But could the excesses of mass media not have had a toll on their own? This evening's Tout le monde en parle featured an interesting interview with David Morin and Marie-Ève Carignan which answered that question. Propaganda from mass media pushed away many, which ended up into the arms of conspiracism. Repairing the damage will be a long and painful process.

Most importantly, as co-author David Morin mentions in the same interview, we are already forecasting major crises (some have already started). If even state media doesn't get enough resources, independence and nuance to remain reliable in times of even moderate crises, the future of information—and the societies who now depend on it—will be bleak.

A couple decades ago, free software was the target of much FUD, notably regarding its security. But free software evangelists could easily reply to Microsoft and other vendors that Mozilla's browser had much less flaws than Internet Explorer.

In fact, the reality was that many more flaws were being discovered in MSIE than in Firefox. Mostly because people had much less interest in finding flaws in Firefox than in MSIE. Firefox's rise would prove in just a few years that Mozilla was far from immune to security flaws.

The continued flood of free software has meant free software vulnerabilities now have an impact similar to those in proprietary software. Catastrophic flaws from the last decade in OpenSSL and Log4j have started to show some of the FUD was quite accurate.

KNP has been decrying software mediocrity for years, but things don't change overnight. I was involved in projects for which quality, including security, is - at best - an afterthought. Even (internally) known security flaws can remain for years, while fresh ones are being added.

There are lots of free software components which vary a lot in quality and in so many aspects, but most have something in common: either their quality is mediocre, or they don't exist. And while many users may be willing to put up with mediocre quality in many ways, organizations may have difficulty ignoring bad security track records.

Research suggesting some 40% of professionals have already scaled back their use of OSS may be worrying, but the timing matters, and the importance of that decline was not measured.
Better late than never. It's still time to react, and OpenSSF's promises are good reason for hope, but many open source projects need to perform a fundamental reprioritization.

When you hear about Ukraine's invasion, you can't help but wonder why some Russian soldiers won't quit and denounce. Pavel Filatyev may be the first one to quit completely, and have the courage and fortune to denounce successfully. And by doing so, he helps understand why so few will manage to do the same.

Pavel Filatyev had the fortune to get sick during the invasion and to be evacuated. He then managed to contact dissident organizations for help fleeing, and only succeeded to reach France after going through Tunisia. Western countries demonize suicide, but everything is relative. Filatyev's account makes me admire those of his comrades who—perhaps unable to leave the battleground—had the courage to shoot themselves instead.

Man can choose to become a monster, and Man can be raised as a monster. But even those made into monsters can turn into heroes. For following that path, Pavel Filatyev is my Hero of the month.

Filatyev's life may not resist the long-reaching arms of Russia's powerful secret services. But the reconciliation facilitated by his memoir Zov, and the inspiration of his bravery will always remain.

There are several ways to commute. By foot, by subway, by car, by bicycle, by bus, or by a mix of these. By tramway or boat, by skateboard, by motorcycle or scooter too.

As a resident of Quebec City who usually commutes by bicycle, I am often qualified as courageous for sticking to bicycle even in our cold and icy winters. And I got to admit that in a sense, winter cycling here does unfortunately require important determination.

Commuting by bicycle during winter used to be rare here back when I started, 20 years ago. Still, I don't feel so original if I compare myself with Brent Hobbs. Swimming wouldn't accelerate my current commute, but even if it did, I highly doubt I would be courageous enough for that.

Congratulations M. Hobbs!

Je n'ai pas de problème à ce que certains fassent rouler SETI@home sur leur PC. Ni à ce que certains plus tournés vers eux-mêmes utilisent toute l'électricité qu'ils veulent pour chercher des pièces de crhypeto. Tant qu'ils la paient. Chacun a droit à ses illusions, et on sait bien qu'on apprend beaucoup mieux en faisant des erreurs.

Le problème devient réel quand des gens qu'on présumerait informés comme des banquiers choisissent d'investir dans le secteur crhypeto. Là, les illusions commencent à se transmettre à l'économie réelle. Et quand une institution publique investit des millions de dollars dans le secteur, ça devient sérieux. On me force à sacrifier mon capital.

Malheureusement, le Québec a nettement atteint ce stade. La Caisse de dépôt et placement du Québec annonçait en août des pertes d'environ 200 M CAD, suite à la faillite de Celsius Network. Eh oui, la CDPQ a directement placé des millions de dollars dans une société basée sur la crhypeto.

Si la nouvelle peut être difficile à digérer, la réaction du président Charles Emond semble rassurante :

À première vue, on reconnaît l'erreur et on s'assure d'éviter de la répéter. Mais les choses se gâtent par la suite :

M. Emond, on n'arrive jamais trop tôt dans une pyramide de Ponzi. On y arrive, tout simplement. Y « arriver tard », c'est encore pire que d'y entrer tôt.
On essaie même de jouer aux sauveurs :

À la lumière de ces commentaires, on peut réellement douter de la CDPQ. Est-ce du simple orgueil? A-t-on apprit de notre erreur? Quelles autres sommes la CDPQ a-t-elle déjà englouties en crhypeto? À quel coût viendra le réveil?

I played several violent video games during my childhood and early adulthood, and wasted several more person-weeks playing them. Despite playing America's Army, I was never recruited by any army, and besides sometimes wishing violent tyrans would taste their own medicine, I do not consider myself particularly violent.

If violent video games were a costly distraction for me, it seems they may have been a very different kind of distraction at a political level. For an even longer time, and at a much higher cost: human lives, as politicians blame games instead of focusing on efficient ways to reduce gun violence.

Thankfully, it seems that ignoring NRA-funded groups, this side of the distraction may be coming to an end.

Some may track their limit manually, but after a while, this usually gets quite complicated. Thankfully, WOWA's page on the topic helps in 2 ways. It first provides a calculator, which will unfortunately be inconvenient for many. But as the page then explains, you can also get (somewhat) that information directly from the CRA!

That is, of course, if you've already used the CRA's My Account... or if you're willing to go through an Insane (and half-broken) process involving some 15 minutes of wondering how a national G7 government can make such a simple thing so complicated, in 2022. I for one have been lucky enough to survive the resulting head-banging and get access to the precious amount.

I suppose simplifying a complicated complication will always be somewhat complicated.

Update: Once you receive - of course by paper mail - you CRA security code, you can go back to the website. Once you will manage to remember how you connected, and once that authentification method starts to work again, you will be able to enter your security code. But not before entering again all of the same strange information CRA asked you hoping to authenticate you before you signed up. For the last time, hopefully... until your security code's expiry, not even 1½ year after you signed up!

8 years ago, Heartbleed was estimated to have cost at least 500 million USD. Since then, many more vulnerabilities were granted infamous names, including a few whose damages are estimated at the same magnitude. And yet, despite everything which was written about EU-FOSSA and the Core Infrastructure "Initiative", only roughly 10 million € were spent on all these projects.

For some time, hope in OpenSSF has started appearing, thanks to its approach and reasonable orientations. When Log4Shell erupted, OpenSSF's future was quite questionable. But this year, while some big challenges remain, it is acquiring an unprecedented credibility, with involvement from the White House, and a plan whose ambition would have been unthinkable prior to Heartbleed.

The main question now is whether it can find enough funding for these ambitions. Tens of millions of USDs would have been miraculous before the advent of crhypetocurrencies, but we remain far from the short-term target.

148 M USD may be little in comparison to the costs of the ongoing software chaos, yet the tragedy of the commons will most likely prevent even reaching that, once again. Unless - perhaps - the EU and the USA can join and demonstrate what collaboration can make possible?

2024-04-02 Update

How far have we come to that, almost 2 years later? OpenSSF's website doesn't even prominently list its contributors. Wikipedia's article only mentions the initial 30M $ in pledges. OpenSSF's 2023 annual report merely mentions that Alpha-Omega was "awarded over $4.9M in grants toward securing open source in 2023".

As OpenSSF's efforts remain mostly a plan, reality has started hitting, with professionals scaling back on FLOSS.

I grew up strongly rooted in the economy. My father was a merchant, I worked in his store, and I knew his employees earned 6 CAD per hour. For me, this minimum wage was generous.
A few years later, I got a first job. Thanks to some good fortune, I always found my wages generous, and even more when I started working in IT.

It turns out my story may not be the norm. A recent survey confirms an old phenomenon: highly distorted economical expectations by some of the people which we could think of as most educated, i.e. students of colleges in the USA. Even students in psychology − yes, psychology − overestimate their starting salary by more than 100%!

I find the amplitude of this distortion puzzling, and am curious about its causes. Is this a case of exceptionalism? Would students better estimate the starting salary of their peers? Is the USA's private education system to blame for this perception? Or are we encouraging education so much that we overvalue it?
Hopefully, research on this can help mitigating student debt.

2024 Update

A 2024 study found that half of college graduates remain underemployed! Real Estate Witch's methodology is not documented well enough to exclude that the main cause could be trivial: a large share of graduates just not getting a qualified job. It does seem likely that young people may fail to factor in that risk in their expectations.