strugee.net

Blog

Show only posts from 2014 2015 2016 2017 2018 2019 or categorized in personal, development, politics and explanations

RC week 2

This is week 2 of being at the Recurse Center.

Want to become a better programmer? Join the Recurse Center!

Day 4

Arrived ~12:30; departed ~23:45; total time at RC 11h15m.

Today is day four because last week only had three days - Monday was off because of New Years.

Spent most of today working on Stratic. Paired with Ajay to fix a really nasty bug in stratic-paginate-indexes caused by some incorrect Vinyl documentation, during which he showed me how Array.prototype.map is a nice taste of functional programming available in JS, as well as Iron Node - I had only previously used the built-in node debug. (Spent hours on this bug at home but solved it in ~30 minutes while pairing.) Spent most of the rest of the day getting pagination to function properly on strugee.net, which was surprisingly hard due to there just being a lot of edge cases to handle. (That, plus the fact that it took a while for me to settle on a design I liked.) Spent some more time polishing or updating other parts of strugee.net.

In the evening, spent some time pairing with Jacqueline, teaching them to set up a cronjob using a DigitalOcean VPS.

Day 5

Arrived ~10:30; departed ~23:00; total time at RC 12h30m.

Worked on Stratic almost non-stop for literally the entirety of today (again). Started and (almost) finished stratic-indexes-to-rss and used the new feeds available on strugee.net to add myself to Blaggregator. Took a quick poll on Zulip asking what the threshold was for there being so many repositories in a project that it warranted its own GitHub repo; instead of getting any replies, talked to Stanley in person who convinced me when he said, "what are the cons?" and I said, "good question! I dunno." Hence, founded the straticjs GitHub org. From there, did a huge push towards a generator-stratic 1.0.0 release. It's very close - the core is done, but there are a lot of additional options that need to be added. I also can't release it before I fix up some TODOs currently in stratic-indexes-to-rss.

Additionally, took about a half hour break midday to give some ideas to Heather, who is teaching a workshop on Git tomorrow, and took another half-hour or so to watch non-technical lighning talks around 17:30(?).

Day 6

Arrived ~11:00; departed ~21:50; total time at RC 10h50m.

Spent a significant portion of the morning thinking about Zulip[1] design before and while filing this long bug proposing some improvements to the way unread counts and notifications work. Also reviewed a couple PRISM Break Pull Requests - I realize now I should've written about this on here (since it was extrmemely exciting to me!) but I'm now a comaintainer of PRISM Break. Thanks, @nylira!

Spent a little time polishing my security presentation for tomorrow. At first I spent a lot of time trying to find a style I liked on my own, but eventually I just threw in the towel and used bespoke-theme-cube which is what I had always previously used (since it's what generator-bespoke generates).

Finally, spent some time working on pump.io. Filed a couple bugs on future improvements, notably one proposing that we add code to automagically manage Let's Encrypt certificates, which I'm very excited about for several reasons. I also implemented HTTP Strict Transport Security which is a huge win for the network's security. The absence of HSTS was also the last remaining issue preventing me from gaining an A+ on SSL Labs for pump.strugee.net since I stopped using a reverse proxy setup, so that feels good.

Overall, I would say that this day was of average or slightly below average productivity. Also, while I got some useful stuff done, none of it was really related to RC (with the exception of the security presentation, thought that didn't take that much time).

[1]: for non-Recursers, Zulip is a really excellent realtime chat tool that RC uses for communication.

Day 7

Arrived ~12:20, departed ~22:30, total time at RC 10h10m.

Fixed a couple minor issues with my security presentation before deploying it to strugee.net in preparation for my presentation. The talk itself went really well; my audience seemed to follow most of what I was presenting and I got some really good questions. As I stated at the beginning of the presentation, security is a huge topic, so really I looked at the list of subtopics and basically just picked one that I thought was interesting. There's a huge amount that I didn't cover so (partly) prompted by Heather, I'm now planning on doing weekly security presentations. Next week's will be on web application security and is already on the RC calendar.

Presented Stratic during the weekly Thursday 5-minute presentations. I got up and said, "I'm super nervous about this talk because it's literally all live demos" and the audience laughed. And sure enough, I'd forgotten to add a dependency, so my gulp serve demonstration failed. That was okay though, because I still got to show the really interesting bits, which is the Unixy design in the gulpfile.

Finally, spent a lot of the evening with Heather working on this sickass "made at Recurse Center" GitHub README badge:

"made at Recurse Center" GitHub-style badge

Whoohoo! \o/

Friday

Arrived ~13:15, departed ~22:20, total time at RC 9h5m. As always, Friday doesn't count as a day because RC is technically not in session.

Had a very nice time walking to RC this morning which took about an hour because I kept stopping to take pictures - that felt really really good; it's been way too long since I've taken any and I missed it far more than I realized. Spent some time having a very nice discussion (both on Zulip and in real life) about different approaches to managing dotfiles in version control. Also spent some time discussing the design of git (particularly history rewriting, which I've previously written about) and resolved that something I should work on at RC is getting experience with Mercurial. In between both of those I spent some time looking into where to put the badge that Heather and I made. Seems like the answer is swag.recurse.com so I started looking at the project setup and plan to send some more PRs in the future.

Throughout the day I also reported a couple minor Zulip issues as well as two Firefox bugs, one of which got marked as a duplicate and one of which is still UNCONFIRMED.

Executive summary

Pretty productive week but could've been better. In particular I didn't do a good job of working on "RC projects" and instead spent too much time on existing personal projects, primarily Stratic and pump.io.

Total time at RC 53 hours 50 minutes; cumulative time 95 hours 50 minutes (first week estimated).


RSS and pagination on strugee.net

RSS and pagination are now enabled on strugee.net's blog, thanks to stratic-indexes-to-rss and stratic-paginate-indexes respectively.

The pagination code is already pretty solid although there's always room for improvement - thanks to Ajay Tungare for pairing with me at the Recurse Center and helping me catch the bug! However, I'm not particularly confident in the RSS code, since RSS is actually somewhat tricky to properly handle. Because of that, I would seriously appreciate it if people tried adding the RSS feeds to their readers and seeing if anything breaks. If so, let me know!

Cheers!


New project! thanksmaintainer.com

So I've been thinking about a new project recently. It's called thanksmaintainer.com, and it helps you say, "thanks, maintainer!"

Basically this idea came about from this GitHub thread where some user comes and disparages the Gulp project for being "not actively developed" and complains that it's taking a long time to release despite the fact that a) Gulp 4 is being actively developed and b) the Gulp maintainers owe this ungrateful, presumptive person nothing. As @contra says:

@rbatllet 4.0 is being worked - if you took more than five seconds to look you'd see it in other repos (for example: #1604). This repo has almost no code in it, it's a wrapper around the other modules so the contribution graph should be completely flat except for doc updates and major releases. We've responded to these tickets so many times - we have lives too.

I've had to move across the country 3 times since the tweet you linked - had my business unexpectedly fail (startups!), had relationships fail, deaths, travel, poverty, etc. - where the fuck am I supposed to find time to work on this while I'm trying to pay rent and put food in my stomach? The attitude people have towards open source authors is disgusting - I don't owe you anything, nobody does. Unless you've done something for the open source community (hint: you haven't!) then you aren't entitled to shit. If you want something to happen then help make it happen, otherwise log off.

I read this comment and thought, that freaking sucks. I feel like there's a problem in the open source and freedom-respecting software community where consumers demand stuff from project maintainers like the maintainers owe them something or they deserve some feature/bugfix/etc. This is obviously complete and utter bullshit - most maintainers work on their projects in their spare time - and it can start to feel like maintaining a project is a waste of time because all you get from it is a drove of angry entitled haters.

thanksmaintainer.com is designed to solve this problem. Here's how you use it; it's very simple:

  1. You visit thanksmaintainer.com
  2. You sign in with GitHub
  3. You find projects that you use and are grateful for
  4. You click the "thanks, maintainer!" button

thanksmaintainer.com will keep track of all the good vibes people are sending towards projects. When it reaches a certain threshold, the website will (probably) find a way to contact the maintainers and let them know how many people's lives they've made better. Not sure how this last bit will work yet, or if it'll even work like that at all. But the core idea is there - hopefully it'll be an easy way to give some love back to maintainers who may really need it.

Some design notes: it'll only work with GitHub to begin with, but eventually I hope to expand support to e.g. GitLab. Also, the fact that it's focused on projects and not maintainers is intentional - being thankful for a person instead of a project isn't as meaningful because you're not specifying why you're thankful. In contrast, the project-centric design lets you say, "these particular lines of code impacted my life in a meaningful way." Plus, a lot of projects have more than one maintainer, and it seems foolish to only thank some of the project maintainers, and not others.

I would love to hear feedback on this idea. So, if you have any thoughts, get in touch with me and let me know.

Stay happy <3


Where we're headed (a.k.a. I'm worried)

(These are some thoughts I've had after reading To Combat Trump, Democrats Ready a G.O.P. Tactic: Lawsuits in the New York Times.)

I'm worried.

I'm worried about my country.

Believe it or not, I'm not talking about Trump. Of course he's horrible, and he's something to be seriously worried about, but I think he's really only a symptom of a much deeper issue in America, which is this: we are in an arms race with ourselves. (One might also describe it as civil war.)

I mean, think about it. Republicans (I'll get to Democrats in just a sec) have spent the last 8 years creating and perfecting tools to block legislation from going through. Government is about compromise, and they refuse to compromise. They shut down the government for cheap political points[1], continually and covertly passed almost-but-not-quite-unconstitutional antiabortion laws, and topped it all off with a taxpayer-funded lawsuit againt President Obama - just to name a few malicious maneuvers they've used.

Now that Republicans control both Congress and the White House, Democrats are gearing up to use those exact same tactics against Republicans. It's shameful behavior, and it's unbefitting for a democracy. This country is supposed to be about elected officials finding ways to compromise with each other so that everyone's as happy as possible, but instead it's turned into a situation where everyone is laser-focused on pushing through their full political agenda, no matter how unproductive it is and no matter what the cost.

Here's the big problem: I may think it's shameful behavior, but that doesn't mean I don't support the Dems. I completely support it, because the incoming administration's agenda is completely horrific to me. I support the Democrats' intent to utilize lawsuits because I don't think politics is just a game; it's life-or-death. Somewhere out there, there's a kid who's dying because conversion therapy has pushed them to the brink of suicide. It's a glaring human rights abuse, and Mike Pence wants to fund it.

Republicans may have invented the do-nothing Congress, but now they can't put the genie back in the bottle. The Democrats and the Republicans are now stuck in a legal arms race, and neither of them can turn back because then the other side would destroy them. And that makes me very worried, because if we're in an arms race, that begs the question: what's the breaking point? And what happens when we hit it?

I don't have the answer to these questions. I don't know how to stop us from reaching that breaking point. I dunno, maybe if we were all just... more patient? But sadly, that seems extremely unlikely. Sometimes I wonder if there simply isn't anything to be done - if America is the great experiment in democracy, maybe this is just the inevitable failure of that experiment.

All I really know is that we need to do something, and soon. Because if we don't, we will grind ourselves out of existence.

Footnotes:

[1]: we actually know for a fact - from staff present at an early meeting - that none of those orchestrating the shutdown believed it would accomplish anything. They just wanted to score points with their base. This is fact.


Friendly reminder: protect yourself while protesting

In light of the recent protests against Donald Trump's nomination, I wanted to write up some tips for people going out and protesting on how to protect themselves from retribution, both physical and legal. These guidelines are especially critical given the almost unfettered power the federal government and (through the federal government) local governments have to surveil citizens exercising their constitutional right to free assembly.

This is not a laughing matter: recall that President-elect Trump has repeatedly called for greater surveillance of mosques, indicating that he will have no problem expanding and abusing the power of the federal government's mass surveillance network. In this Guardian article, Thomas Drake (an NSA whistleblower predating Snowden) says it far better than I could:

The electronic infrastructure is fully in place – and ex post facto legalised by Congress and executive orders – and ripe for further abuse under an autocratic, power-obsessed president. History is just not kind here. Trump leans quite autocratic. The temptations to use secret NSA surveillance powers, some still not fully revealed, will present themselves to him as sirens.

So, here are some tips on how to protect yourself while engaging in a political protest:

General guidelines

  • Don't talk to police
  • If possible, leave your phone at home
    • If this isn't possible, leave your phone in Airplane Mode or even better, turn it off. It is not enough to not post anything; you cannot connect to the cell network at all. See IMSI catchers.
    • Use a passcode on your phone - this gives you a better position under the 5th Amendment for resisting a search of your phone
    • If police try to force you to give up the passcode of your phone, they are probably breaking the law
    • Disable fingerprint unlock, as police are legally allowed to force you to unlock the phone via your fingerprint (note: this link is insecure; consider visiting it in Tor Browser)
    • Disable face unlock (or any other form of biometric authentication) since the police may be able to force you to unlock the phone for the same reason they can do this with fingerprint unlock
    • Make sure full-disk encryption is enabled on your phone
      • iPhone users: this is already on if you're using iOS 8 or later
      • Android users: this is often enabled by default, but you should check by going to Settings > Security and looking under "Encryption"
      • Windows Phone users: not available. Leave your phone at home.
  • Do not bring laptops or tablets - the 5th Amendment protections above do not necessarily apply to these devices, so they can be seized and searched even without a warrant
  • Seriously do not talk to the police
  • Use strong encryption for everything you do online
  • Don't post anything on social media about the protest, including photos, checkins, and text, either during or after. (Remember: the protest lasts one night, but metadata lasts forever.)
  • Under the First Amendment you have the right to film police officers but be extremely careful because some police departments are extremely hostile towards this behavior anyway, to the point of physical violence. See the ACLU's guide for more information.

What do do if you're stopped by the police

If you're stopped by the police and they start questioning you, be polite but invoke the Fifth Amendment (i.e. say: "I don't want to answer any questions unless my lawyer is present", and keep saying it if the officer presses you). Ask if you're under arrest. If not, great! The police officer cannot legally detain you and you're free to go - do so calmly and silently.

If you are under arrest, here are the things you should do right away:

  • Say: "under what grounds am I under arrest?" The officer is only allowed to arrest you if they believe you are about to commit or are in the act of committing a crime. (Remember, photographing officers is not a crime; if they say something about this, remind them that it's protected under the First Amendment.)
  • Immediately ask for a laywer. If you don't have one, the government is required to provide you with one.

Then, keep these tips in mind:

  • Stay calm
  • Be polite
  • Don't run
  • Don't lie
  • Do not resist, argue, or be rude, even if you are innocent
  • No matter what the officer asks you or tells you, always say: "I invoke my right to remain silent until I can talk to my lawyer." Do not answer any questions, no matter how innocuous. Your lawyer will tell you to remain silent but it is important that you make it clear you're requesting a lawyer anyway, because it will look better in case you end up in front of a jury.
  • If you do answer questions, you're allowed to stop at any time. But still don't do it in the first place.
  • Under some states, you can be compelled to give your name (but nothing else). Before you leave your house, look up whether your state has this policy. These are sometimes called "Stop and Identify" laws.
  • If possible, write down the details of what's happened.
  • Do not physically resist the officer, even if they're violating your rights. Instead, write down the violation. Then file a written complain later and/or contact a lawyer or your local ACLU.
  • Useful things to write down in this case: the officer's name, their badge and patrol car numbers, the agency the officer is from, contact information for witnesses
  • If you're injured, photograph the injuries
  • You don't have to consent to searches of your person or your car. If you don't, make it very clear that you don't. The officer may pat down your clothes for a weapon, but anything beyond that requires your consent.

The ACLU also provides additional information for non-citizens, people taking photos or videos, young people (e.g. college students) and deaf people.

More resources

A lot of the above is based on the ACLU's excellent "Know Your Rights" booklet. The ACLU also has a page specifically devoted to rights violations at demonstrations and protests.

PRISM Break is a good resource for technology that will help you resist mass surveillance. Signal is on that list and is very, very good and extremely easy to use; it's what I recommend. Keep in mind, however, that following recommendations from PRISM Break is not a substitute for leaving your phone at home.

If you have more resources or tips that should be listed here, contact me (or edit this on GitHub) and I'll be sure to add them.


~