No Food for Thought

Food is something you should provide to your brain long before coming to this blog. You will find no food recipes here, only raw, serious, non-fake news for mature minds.

RxJS: unexpectedly reactive

admin Friday November 11, 2022

I'm not the first one to observe that Reactive Extensions For JavaScript have quite a learning curve. It's likely that you will discover RxJS at the same time as you discover "Observables", reactive programming, Angular, and whatever software project using those you'll actually work on. Good luck. And you may also have to understand where your colleagues used RxJS correctly or incorrectly.

One would expect you could do better than your colleagues consulting documentation. Unfortunately, while that documentation exists, it was already criticized in 2017, even before going through a difficult rewrite.

So how many more years will this last? Judging from my own attempt at mitigating, quite a few.

Oh, RxJS surely is quite reactive. The same day I reported 3 bugs in the documentation, RxJS core team member OJ Kwon had already reacted to the reports. Unfortunately, more than a year later, to my knowledge, all of these issues persist. The one excuse provided? RxJS is free.

Well, unfortunately for RxJS and its "millions" of users, my time is not free. My employer certainly can't afford to waste any more resources in that way, so this will remain my last contribution to RxJS.

I honestly don't know if there is a superior alternative to RxJS. But if you are evaluating it, don't rely on its issue tracker to evaluate its status. Believe it or not, as if GitHub's Issues feature was not bad enough already, RxJS now has a Report issues other than bug[sic] discussion category... good luck filtering the outdated from that.

And if you have courage extensive enough to adopt and fix it, be aware you will first have to tame a surprisingly reactive—and in some aspects quite unreactive—community.

The toll of medical wars and propaganda

admin Monday October 31, 2022

The height of the COVID-19 pandemic was an interesting social experiment, for a middle-aged adult like myself who has never lived through a major war. Watching even high quality mass media like CBC's televised news made me realize what propaganda really means. In terms of crisis, with extreme polarization and a sense of "war against the virus", the same journalists which usually provide quite critical information, perhaps by fear of being labelled as anti-war, reached the point of providing exaggerated news which could almost be qualified as misinformation.

The pandemic and sanitary measures themselves caused important mental distress and increased misinformation. But could the excesses of mass media not have had a toll on their own? This evening's Tout le monde en parle featured an interesting interview with David Morin and Marie-Ève Carignan which answered that question. Propaganda from mass media pushed away many, which ended up into the arms of conspiracism. Repairing the damage will be a long and painful process.

Most importantly, as co-author David Morin mentions in the same interview, we are already forecasting major crises (some have already started). If even state media doesn't get enough resources, independence and nuance to remain reliable in times of even moderate crises, the future of information—and the societies who now depend on it—will be bleak.

FLOSS Fall? Security reality catching up with free software

admin Sunday October 2, 2022

A couple decades ago, free software was the target of much FUD, notably regarding its security. But free software evangelists could easily reply to Microsoft and other vendors that Mozilla's browser had much less flaws than Internet Explorer.

In fact, the reality was that many more flaws were being discovered in MSIE than in Firefox. Mostly because people had much less interest in finding flaws in Firefox than in MSIE. Firefox's rise would prove in just a few years that Mozilla was far from immune to security flaws.

The continued flood of free software has meant free software vulnerabilities now have an impact similar to those in proprietary software. Catastrophic flaws from the last decade in OpenSSL and Log4j have started to show some of the FUD was quite accurate.

KNP has been decrying software mediocrity for years, but things don't change overnight. I was involved in projects for which quality, including security, is - at best - an afterthought. Even (internally) known security flaws can remain for years, while fresh ones are being added.

There are lots of free software components which vary a lot in quality and in so many aspects, but most have something in common: either their quality is mediocre, or they don't exist. And while many users may be willing to put up with mediocre quality in many ways, organizations may have difficulty ignoring bad security track records.

Research suggesting some 40% of professionals have already scaled back their use of OSS may be worrying, but the timing matters, and the importance of that decline was not measured.
Better late than never. It's still time to react, and OpenSSF's promises are good reason for hope, but many open source projects need to perform a fundamental reprioritization.

Pavel Filatyev and the courage to oppose and die

admin Friday September 16, 2022

When you hear about Ukraine's invasion, you can't help but wonder why some Russian soldiers won't quit and denounce. Pavel Filatyev may be the first one to quit completely, and have the courage and fortune to denounce successfully. And by doing so, he helps understand why so few will manage to do the same.

Pavel Filatyev had the fortune to get sick during the invasion and to be evacuated. He then managed to contact dissident organizations for help fleeing, and only succeeded to reach France after going through Tunisia. Western countries demonize suicide, but everything is relative. Filatyev's account makes me admire those of his comrades who—perhaps unable to leave the battleground—had the courage to shoot themselves instead.

Man can choose to become a monster, and Man can be raised as a monster. But even those made into monsters can turn into heroes. For following that path, Pavel Filatyev is my Hero of the month.

Filatyev's life may not resist the long-reaching arms of Russia's powerful secret services. But the reconciliation facilitated by his memoir Zov, and the inspiration of his bravery will always remain.

Atypical commuting

admin Sunday September 11, 2022

There are several ways to commute. By foot, by subway, by car, by bicycle, by bus, or by a mix of these. By tramway or boat, by skateboard, by motorcycle or scooter too.

As a resident of Quebec City who usually commutes by bicycle, I am often qualified as courageous for sticking to bicycle even in our cold and icy winters. And I got to admit that in a sense, winter cycling here does unfortunately require important determination.

Commuting by bicycle during winter used to be rare here back when I started, 20 years ago. Still, I don't feel so original if I compare myself with Brent Hobbs. Swimming wouldn't accelerate my current commute, but even if it did, I highly doubt I would be courageous enough for that.

Congratulations M. Hobbs!

Celsius : Une douche froide pour la CDPQ. Mieux vaut s'y habituer

admin Sunday September 11, 2022

Je n'ai pas de problème à ce que certains fassent rouler SETI@home sur leur PC. Ni à ce que certains plus tournés vers eux-mêmes utilisent toute l'électricité qu'ils veulent pour chercher des pièces de crhypeto. Tant qu'ils la paient. Chacun a droit à ses illusions, et on sait bien qu'on apprend beaucoup mieux en faisant des erreurs.

Le problème devient réel quand des gens qu'on présumerait informés comme des banquiers choisissent d'investir dans le secteur crhypeto. Là, les illusions commencent à se transmettre à l'économie réelle. Et quand une institution publique investit des millions de dollars dans le secteur, ça devient sérieux. On me force à sacrifier mon capital.

Malheureusement, le Québec a nettement atteint ce stade. La Caisse de dépôt et placement du Québec annonçait en août des pertes d'environ 200 M CAD, suite à la faillite de Celsius Network. Eh oui, la CDPQ a directement placé des millions de dollars dans une société basée sur la crhypeto.

Si la nouvelle peut être difficile à digérer, la réaction du président Charles Emond semble rassurante :

Charles Emond wrote:
les équipes de la Caisse qui ont procédé aux analyses et à la vérification diligente requise pour un tel investissement seront imputables de leurs décisions

À première vue, on reconnaît l'erreur et on s'assure d'éviter de la répéter. Mais les choses se gâtent par la suite :

Charles Emond wrote:
On est arrivés trop tôt dans un secteur qui était en transition avec une entreprise qui avait à gérer une croissance extrêmement rapide, même une crise de croissance, qui était en développement, qui s'est fragilisée financièrement juste avant la crise et tout ça a été trop rapide pour que la nouvelle direction puisse exécuter le plan [de redressement].

M. Emond, on n'arrive jamais trop tôt dans une pyramide de Ponzi. On y arrive, tout simplement. Y « arriver tard », c'est encore pire que d'y entrer tôt.
On essaie même de jouer aux sauveurs :

Charles Emond wrote:
Ce qui nous intéressait, c'était de saisir le potentiel de la technologie des chaînes de bloc et de contribuer également à réglementer ce secteur.

À la lumière de ces commentaires, on peut réellement douter de la CDPQ. Est-ce du simple orgueil? A-t-on apprit de notre erreur? Quelles autres sommes la CDPQ a-t-elle déjà englouties en crhypeto? À quel coût viendra le réveil?

Violent video games: significant distractions

admin Friday June 24, 2022

I played several violent video games during my childhood and early adulthood, and wasted several more person-weeks playing them. Despite playing America's Army, I was never recruited by any army, and besides sometimes wishing violent tyrans would taste their own medicine, I do not consider myself particularly violent.

If violent video games were a costly distraction for me, it seems they may have been a very different kind of distraction at a political level. For an even longer time, and at a much higher cost: human lives, as politicians blame games instead of focusing on efficient ways to reduce gun violence.

Thankfully, it seems that ignoring NRA-funded groups, this side of the distraction may be coming to an end.

Complicating complications: TFSA contribution limit

admin Saturday June 18, 2022
In the early 21st century, some Canadian politicians were worried that the federal government's debt was only a few hundreds of billions of CAD-s. The conservatives—perhaps also worried about unemployment among accountants—had the great idea of creating tax-free savings accounts, accessorily succeeding in making an excessively complicated personal income tax system even more complicated.1

A few years later, the conservatives—probably worried that the federal debt would fall under a trillion dollars—increased the yearly contribution limit from 5500$ to 10 000$. When they finally lost power, the liberals brought it back to 5500$. Unfortunately, no other government with enough courage to do the right thing has come after, so TFSA has persisted to this day. If you don't want to be the one financing stupid governments, you still need to understand TFSA rules and continuously know your contribution limit.

1: Unless, of course, they would simply have been trying to leave their mark, by reminding us forever of how good the PPC CPC is at taking populist measures.

Some may track their limit manually, but after a while, this usually gets quite complicated. Thankfully, WOWA's page on the topic helps in 2 ways. It first provides a calculator, which will unfortunately be inconvenient for many. But as the page then explains, you can also get (somewhat) that information directly from the CRA!

That is, of course, if you've already used the CRA's My Account... or if you're willing to go through an Insane (and half-broken) process involving some 15 minutes of wondering how a national G7 government can make such a simple thing so complicated, in 2022. I for one have been lucky enough to survive the resulting head-banging and get access to the precious amount.

I suppose simplifying a complicated complication will always be somewhat complicated.

Update: Once you receive - of course by paper mail - you CRA security code, you can go back to the website. Once you will manage to remember how you connected, and once that authentification method starts to work again, you will be able to enter your security code. But not before entering again all of the same strange information CRA asked you hoping to authenticate you before you signed up. For the last time, hopefully... until your security code's expiry, not even 1½ year after you signed up!

Open Source Security Foundation gains recognition... and funding?

admin Saturday May 28, 2022

8 years ago, Heartbleed was estimated to have cost at least 500 million USD. Since then, many more vulnerabilities were granted infamous names, including a few whose damages are estimated at the same magnitude. And yet, despite everything which was written about EU-FOSSA and the Core Infrastructure "Initiative", only roughly 10 million € were spent on all these projects.

For some time, hope in OpenSSF has started appearing, thanks to its approach and reasonable orientations. When Log4Shell erupted, OpenSSF's future was quite questionable. But this year, while some big challenges remain, it is acquiring an unprecedented credibility, with involvement from the White House, and a plan whose ambition would have been unthinkable prior to Heartbleed.

The main question now is whether it can find enough funding for these ambitions. Tens of millions of USDs would have been miraculous before the advent of crhypetocurrencies, but we remain far from the short-term target.

148 M USD may be little in comparison to the costs of the ongoing software chaos, yet the tragedy of the commons will most likely prevent even reaching that, once again. Unless - perhaps - the EU and the USA can join and demonstrate what collaboration can make possible?

And you call that educated? The USA's overestimated education ROI

admin Wednesday May 11, 2022

I grew up strongly rooted in the economy. My father was a merchant, I worked in his store, and I knew his employees earned 6 CAD per hour. For me, this minimum wage was generous.
A few years later, I got a first job. Thanks to some good fortune, I always found my wages generous, and even more when I started working in IT.

It turns out my story may not be the norm. A recent survey confirms an old phenomenon: highly distorted economical expectations by some of the people which we could think of as most educated, i.e. students of colleges in the USA. Even students in psychology − yes, psychology − overestimate their starting salary by more than 100%!

I find the amplitude of this distortion puzzling, and am curious about its causes. Is this a case of exceptionalism? Would students better estimate the starting salary of their peers? Is the USA's private education system to blame for this perception? Or are we encouraging education so much that we overvalue it?
Hopefully, research on this can help mitigating student debt.

If you think you have answers, thanks for commenting.

Fully Free

Kune ni povos is seriously freethough not completely humor-free:

  • Free to read,
  • free to copy,
  • free to republish;
  • freely licensed.
  • Free from influenceOriginal content on Kune ni povos is created independently. KNP is entirely funded by its freethinker-in-chief and author, and does not receive any more funding from any corporation, government or think tank, or any other entity, whether private or public., advertisement-free
  • Calorie-free*But also recipe-free
  • Disinformation-free, stupidity-free
  • Bias-free, opinion-free*OK, feel free to disagree on the latter.
  • Powered by a free CMS...
  • ...running on a free OS...
  • ...hosted on a server sharedby a great friend for free