oxy's recent activity

  1. Comment on Cryptocurrency is an abject disaster in ~finance

    oxy
    (edited )
    Link
    One of the things that stand out to me, and something that I can relate to from my peers, is how cryptocurrency has encouraged people to abuse CI infrastructure to try and make a quick buck, at...

    One of the things that stand out to me, and something that I can relate to from my peers, is how cryptocurrency has encouraged people to abuse CI infrastructure to try and make a quick buck, at the detriment to many free tiers, and to many open source projects.

    A non-insignificant amount of time now has to be spent in the arms-race between CI/free tier spammers who are trying to make money off of your infrastructure, and then engineers who could otherwise be working on features to try and write detections - this has been a thing for VPS providers with free trials, for CI providers, for other service providers like cloud IDEs (my company used to be in this space, but we exited.) (EDIT: we exited the consumer hosted space for a while, we still provide software for enterprises to host.) I keep hearing about the wasted resources mining crypto, and the engineering time spent writing detections.

    In addition to this, there's also the added pressure on open-source maintainers because of spam PRs that add cryptominers to GitHub Actions, which has led to running actions requiring manual approval, and maintainers having to deal with spam...

    Attaching value to CPU time doing nothing but crunching hashes is probably one of the worse things to happen for services that provide CPU time to open source projects as an act of gratitude.

    10 votes
  2. Comment on Proctoring tools and dragnet investigations rob students of due process in ~tech

    oxy
    Link Parent
    My running theory is that the exam spyware industry self-selects these kinds of horrible people. Mike Olsen in the WSJ, 4/13/21: "The goal of the software isn’t to police or surveil people." Mike...

    My running theory is that the exam spyware industry self-selects these kinds of horrible people.

    Mike Olsen in the WSJ, 4/13/21: "The goal of the software isn’t to police or surveil people."

    Mike Olsen in the Washington Post, 4/1/20: "We're the police."

    In addition to him:

    With all the things I've done and said about them, I'm actually slightly surprised they didn't go after me yet.

    10 votes
  3. Comment on Proctoring tools and dragnet investigations rob students of due process in ~tech

    oxy
    Link Parent
    Not intending this as an attack towards your statement specifically, but a general observation: I've had a lot of work in the exam spyware space for a while now, and in my experience "depends on...

    Not intending this as an attack towards your statement specifically, but a general observation:
    I've had a lot of work in the exam spyware space for a while now, and in my experience "depends on the settings" is the go-to response to "isn't this feature bad for privacy/dangerous/basically broken?", from many CEOs in this space.

    "Isn't room scanning privacy-invasive?" "That's a setting the university chooses to enable, you should talk to them." As an example, while all too conveniently sweeping under the rug that they wrote the code for the feature and provided the switch to the university in the first place. If they had any concern about student privacy, they have the individual freedom to not implement that feature. In my opinion, "just an option" is only used by these providers to dodge accountability for their broken, invasive software.

    Source for Proctorio's CEO making a statement like this.

    Regarding the power to scan students’ rooms via webcam, Mike says: “Well, that’s a setting that the institution turns on. It’s not on by default. We actually don’t have any defaults. They wanted that. If there’s a problem with it, well we’re just the provider, you need to talk to the institution”.

    (Worth a read in general, that article has several other comments that I cannot quantify in words; such as "It’s hilarious, students pretending to care where their data goes.")

    13 votes
  4. Comment on Microsoft enables Linux GUI apps on Windows 10 for developers in ~tech

    oxy
    Link Parent
    I agree with the 'asterisk required' part of it, but not necessarily with it being just another reality. There are definitely cases with at least some explanations (such as Live Share depending on...

    Regarding Microsoft's role as a steward, I take your point that some of their projects require an asterisk beside "OSS". And I think that's probably just another reality of doing this at scale.

    I agree with the 'asterisk required' part of it, but not necessarily with it being just another reality. There are definitely cases with at least some explanations (such as Live Share depending on MS infrastructure, or the C/C++ extension possibly depending on years of proprietary code ported over from Visual Studio), I just don't buy it for every product.

    For example, deliberately having src/vs/server be proprietary (which backs the remote extensions and Codespaces) in my opinion was just a move to make it harder to compete with Codespaces in the space; and similar with Pylance - it was a new project, started from the ground up; it did not have a "proprietary legacy" or anything of the sort.

    The first of those two feels definitely weird at least: Nearly all of the plumbing for the server exists in the OSS code, but its poorly documented, and the server itself does not - which leads to both duplicated work (see code-server, Gitpod), and dead code for anyone looking to fork VSCode and not reimplement the remote features.

    (On a lighter note, my wages are paid in part because we're just duplicating the work in the open in the first place, so... I would be shooting myself in the foot in an individual sense if I pushed for them to release the code :P)

    6 votes
  5. Comment on Microsoft enables Linux GUI apps on Windows 10 for developers in ~tech

    oxy
    Link Parent
    Disclaimer: I'm paid to work on an open-source "fork" of VSCode that lets you use it from a browser. Think of it as Codespaces, but self-hosted. See our GitHub repo. Also, my opinions are my own,...
    • Exemplary

    Disclaimer: I'm paid to work on an open-source "fork" of VSCode that lets you use it from a browser. Think of it as Codespaces, but self-hosted. See our GitHub repo. Also, my opinions are my own, and not my employer's.

    Microsoft, like all large companies, doesn't really have a single direction. Some departments at MS could very well be following the old adage, while some are not.

    While VSCode's core is "open source", the components that make up GitHub Codespaces or the remote extensions (in src/vs/server) are proprietary. In addition, many of Microsoft's official extensions, including the C/C++ extensions, Pylance (the new Python extension), IntelliCode, and services like Live Share are proprietary too, with a license that prevents you from using it on anything other than the proprietary "distro" - as in the "Visual Studio Code" product.

    The API surface to reimplement stuff like Codespaces and tie it into the editor still exists in the open source version, but is woefully underdocumented or undocumented, and has frequent churn. (A recent example: the RemoteTerminalChannel API went from registering one $onEvent for each terminal that handled every event, to registering several $on*Events on the channel itself, and then match which terminal it corresponds to with an ID. None of this was cleanly documented, so we had to look at the commit log and the code and figure it out.)

    In fact, I feel particularly bummed with how LSP was initially pushed as "solving the matrix problem" for compatibility; only for the matrix to be raised from the dead by license instead of by compatibility.

    Keeping all of this in mind, you might expect me to say Microsoft in general is not a good open-source steward, and is using open-source as a marketing tool in their embrace/extend/extinguish game of yore. But I don't really buy that.

    There's another Microsoft project we use in code-server: Playwright, Microsoft's web app testing framework. The community they built around Playwright is surprisingly helpful; we've had several Playwright developers/contributors help us along writing end-to-end tests for code-server. (Keep in mind we technically "compete" with a proprietary MS product!)

    I think when companies grow to Microsoft-esque scale, its very difficult to imagine a top-down "ideology", embrace-extend-extinguish included. A cynic would again say that projects where they're a good steward (like Playwright) is just smoke-and-mirrors for the long term game; I leave that to you, the reader.

    11 votes