@movq@www.uninformativ.de Oh dear 😅 We’re starting to see this “garbage software” too over here 👈

It happened.

“Can you help me debug this program? I vibe coded it and I have no idea what’s going on. I had no choice – learning this new language and frameworks would have taken ages, and I have severe time constraints.”

Did I say “no”? Of course not, I’m a “nice guy”. So I’m at fault as well, because I endorsed this whole thing. The other guy is also guilty, because he didn’t communicate clearly to his boss what can be done and how much time it takes. And the boss and his bosses are guilty a lot, because they’re all pushing for “AI”.

The end result is garbage software.

This particular project is still relatively small, so it might be okay at the moment. But normalizing this will yield nothing but garbage. And actually, especially if this small project works out fine, this contributes to the shittiness because management will interpret this as “hey, AI works”, so they will keep asking for it in future projects.

How utterly frustrating. This is not what I want to do every day from now on.

@movq@www.uninformativ.de I submitted it via the form on their website (https://digital-markets-act.ec.europa.eu/contact-dma-team_en) and got the following response:

Dear citizen,

Thank you for contacting us and sharing your concerns regarding the impact of Google’s plans to introduce a developer verification process on Android. We appreciate that you have chosen to contact us, as we welcome feedback from interested parties.

As you may be aware, the Digital Markets Act (‘DMA’) obliges gatekeepers like Google to effectively allow the distribution of apps on their operating system through third party app stores or the web. At the same time, the DMA also permits Google to introduce strictly necessary and proportionate measures to ensure that third-party software apps or app stores do not endanger the integrity of the hardware or operating system or to enable end users to effectively protect security.

We have taken note of your concerns and, while we cannot comment on ongoing dialogue with gatekeepers, these considerations will form part of our assessment of the justifications for the verification process provided by Google.

Kind regards,
The DMA Team

@itsericwoodward@itsericwoodward.com No worries, all good, mate! We all have to start somewhere. Other software requests my feed several orders of magnitude more often.

I can confirm, the User-Agent header appears to be fixed. \o/

Two other things I noticed, though:

1. There’s now an OPTIONS request for my feed coming from something that claims to be Firefox, pointing to your feed URL in the query. No clue what this is about. In any case, it’s rejected with a 405 Method Not Allowed.

2. Not that these few requests bother me at all, but you might wanna implement caching next with either the If-Modified-Since or If-None-Match request headers. This way, if the feed hasn’t changed, the web server can reply with a 304 Not Modified and no body at all, saving unnecessary traffic. But again, this is really not an issue for me at all. I just wanted to make sure you’re aware of it, that’s all. It might be even already on your agenda. Or you might decide to never do anything about it, which is also fine for me. :-)

@prologic@twtxt.net I know we won’t ever convince each other of the other’s favorite addressing scheme. :-D But I wanna address (haha) your concerns:

1. I don’t see any difference between the two schemes regarding link rot and migration. If the URL changes, both approaches are equally terrible as the feed URL is part of the hashed value and reference of some sort in the location-based scheme. It doesn’t matter.

2. The same is true for duplication and forks. Even today, the “cannonical URL” has to be chosen to build the hash. That’s exactly the same with location-based addressing. Why would a mirror only duplicate stuff with location- but not content-based addressing? I really fail to see that. Also, who is using mirrors or relays anyway? I don’t know of any such software to be honest.

3. If there is a spam feed, I just unfollow it. Done. Not a concern for me at all. Not the slightest bit. And the byte verification is THE source of all broken threads when the conversation start is edited. Yes, this can be viewed as a feature, but how many times was it actually a feature and not more behaving as an anti-feature in terms of user experience?

4. I don’t get your argument. If the feed in question is offline, one can simply look in local caches and see if there is a message at that particular time, just like looking up a hash. Where’s the difference? Except that the lookup key is longer or compound or whatever depending on the cache format.

5. Even a new hashing algorithm requires work on clients etc. It’s not that you get some backwards-compatibility for free. It just cannot be backwards-compatible in my opinion, no matter which approach we take. That’s why I believe some magic time for the switch causes the least amount of trouble. You leave the old world untouched and working.

If these are general concerns, I’m completely with you. But I don’t think that they only apply to location-based addressing. That’s how I interpreted your message. I could be wrong. Happy to read your explanations. :-)

Great. Yet another messed up plain text e-mail part. The URL was actually HTML-escaped. Took me five attempts to figure this out, because of course it had to be several kilometers long. In fact, the e-mail stated: “Please do not be surprised that the link is particularly long. It contains your personal configuration.”

A normal person is completely lost (that’s why I got involved). Visting the broken URL opens a popup dialog suggesting to deactivate script blockers. Which I had already done upfront as a matter of prudence.

Fun bonus on top: The JWT in the link has identical iat (issued at) and exp (expiry) claims. The expiry is definitely not checked, it’s well in the past.

Medical software just has to be horrible. It’s a law.

@lyse@lyse.isobeef.org wouldn’t the PDF version be better? https://www.gnu.org/software/gawk/manual/gawk.pdf

Hmm, gnu.org is slow as heck. Shorter HTML pages load in about ten seconds. This complete AWK manual all in one large HTML page took a full minute: https://www.gnu.org/software/gawk/manual/gawk.html Is there maybe some anti AI shenanigans going on?

In any case, I find the user guide super interesting. My AWK skills are basically non-existent, so I finally decided to change that. This document is incredibly well written and makes it really fun to keep reading and learning. I’m very impressed. So far, I made it to section 1.6, happy to continue.

@lyse@lyse.isobeef.org Best logo ever made. 😅 (It’s partially proprietary software. Just for Epson scanners, I think? Not sure.)

@thecanine@twtxt.net I hate it when businesses do this. As well as being annoying and unreliable, Microsoft software is known to have a hell of a lot of security vulnerabilities, and the AI features increase the attack surface. One can use a client like Thunderbird for the email, but Teams doesn’t really have an alternative. Awful stuff.

@bender@twtxt.net That is a noble goal. We can talk about that – as long as it doesn’t mean giving up essential freedoms like choosing which software you can run on your device (without having to ask someone for permission).

@prologic@twtxt.net Yes, this is another instance of restricting “personal” computing. You won’t be able to install arbitrary software anymore (“sideloading”, as they call it).

It’s not unique, it’s not new. Boiling the frog alive.

We’re heading towards this: https://www.gnu.org/philosophy/right-to-read.html

RIP Android:

https://9to5google.com/2025/08/25/android-apps-developer-verification/

Since nobody is going to push back on this (I don’t even know if that would be possible), this is going to be a reality on every platform sooner or later.

I’d guess in 20, 30 years, there won’t be “PCs” anymore. No more home computing, no more “I just write my own software”. You won’t own devices anymore, it’ll all be rented and the landlord will tell you what you can do with it.

I hope that I’m wrong, but given where we are today, I don’t think that I will be.

The GPG signatures of my software tarballs have been wrong for years (because I’ve been using rsync wrong, funny enough, it wasn’t a GPG issue) and nobody ever noticed. (They still are wrong at the moment, because I haven’t pushed the fix, yet.)

This confirms that this is just a total waste of time. Nobody ever checks this. Maybe this matters if you’re a distro, but why even bother as a single person …

@kat@yarn.girlonthemoon.xyz If you’re willing to ignore that it’s proprietary software, then Windows used to be pretty good. Like, 25 years ago. After Windows 2000 (or maybe XP) it went downhill fast. Kind of makes me sad, actually. 😂

@kat@yarn.girlonthemoon.xyz On the one hand, all these programs have a very long history and the technology behind manpages is actually very powerful – you can use it to write books:

https://www.troff.org/pubs.html

I have two books from that list, for example “The UNIX programming environment”:

https://movq.de/v/c3dab75c97/upe.jpg

It’s a bit older, of course, but it looks and feels like a normal book, and it uses the same tech as manpages – which I think is really cool. 😎

It’s comparable to LaTeX (just harder/different to use) but much faster than LaTeX. You can also do stuff like render manpages as a PDF (man -Tpdf cp >cp.pdf) or as an HTML file (man -Thtml cp >cp.html). I think I once made slides for a talk this way.

On the other hand, traditional manpages (i.e., ones that are not written in mandoc) do not use semantic markup. They literally say, “this text is bold, that text over here is italics”, and so on.

So when you run man foo, it has no other choice but to show it in black, white, bold, underline – showing it in color would be wrong, because that’s not what the source code of that manpage says.

Colorizing them is a hack, to be honest. You’re not meant to do this. (The devs actually broke this by accident recently. They themselves aren’t really aware that people use colors.)

If mandoc and semantic markup was more commonly used, I think it would be easier to convince the devs to add proper customizable colors.

Twtxt as a network is so neat. Sucks it isn’t more widely adopted ): I feel like it’d be way easier to host than say, mastodon or GTS. & would require WAYYYY less resources. Not a diss on GTS, I love GTS , just saying because it’s text files, I assume the minimum amount of ram needed to host any of the twtxt server software is very low.

I could be super wrong though lol. Idk shit about anything ^^”

@prologic@twtxt.net Too bad, no FLOSS software. :-/ But thanks! :-)

@prologic@twtxt.net Yeah, it’s not a strong sandbox in jenny’s case, it could still read my SSH private key (in case of an exploit of some sort). But I still like it.

I think my main takeaway is this: Knowing that technologies like Landlock/pledge/unveil exist and knowing that they are very easy to use, will probably nudge me into writing software differently in the future.

jenny was never meant to be sandboxed, so it can’t make great use of it. Future software might be different.

(And this is finally a strong argument for static linking.)

@lyse@lyse.isobeef.org dmenu is a great example.

There have been several attempts at porting dmenu from X11 to Wayland. Well, not exactly “porting” it, more like rewriting it from scratch. Turns out: It’s not that easy.

dmenu is super fast and reliable. None of the Wayland rewrites are (at least none of the popular ones that I know of). They are either bloated and/or slow.

It takes a lot of discipline and restraint to write simple software and not blow up the codebase. This is much harder than people think. It’s a form of art, really.

@lyse@lyse.isobeef.org I do my timetracking in a little Python script, locally. Every now and then, I push the data to our actual service. Problem solved – but it’s a completely unpopular approach, they all want to use the web site. I don’t get it. Then, of course, when it’s down, shit hits the fan. (Luckily, our timetracking software is neither developed nor run by us anymore. It’s a silly cloud service, but the upside is that I’m not responsible anymore. 🤷)

Some of our oldschool devs tried to roll out local timetracking once, about 15 years ago. I don’t remember anymore why they failed …

This is developed inhouse, I’m just so glad that we’re not a software engineering company. Oh wait. How embarrassing.

Oh to be anonymous on the internet. That must be nice. 😅

@movq@www.uninformativ.de Yeah, it’s a shitshow. MS overconfirms all my prejudices constantly.

Ignoring e-mail after lunch works great, though. :-)

Our timetracking is offline for over a week because of reasons. The responsible bunglers are falling by the skin of their teeth: https://lyse.isobeef.org/tmp/timetracking.png

1. The error message neither includes the timeframe nor a link to an announcement article.
   
2. The HTML page needs to download JS in order to display the fucking error message.
   
3. Proper HTTP status codes are clearly only for big losers.
   
4. Despite being down, heaps of resources are still fetched.
   

I find it really fascinating how one can screw up on so many levels. This is developed inhouse, I’m just so glad that we’re not a software engineering company. Oh wait. How embarrassing.

For example, I reckon software should treat stdout and stderr with care and never output logs or other such garbage to stdout that cannot possibly be useful in a UNIX pipeline 😅

@movq@www.uninformativ.de Yeah that’s why I’m striking this conversation with you 😅 Not only do I respect your opinion quite highly 🤣 But like you say (and I’ve read their philipshpy) it can be a bit “elitism” for sure. I’m genuinely interested in what we think of as software that “doesn’t suck”. Tb be honest I haven’t really put thought to paper myself, but I reckon if I did, I’d have some opinions/ideas…

@prologic@twtxt.net Hm, I wouldn’t say that. Go code could fall into that category as well.

Maybe this topic could use a blog post / article, that explains what it’s about. I’m finding it hard to really define what “suckless-like software” is. 🤔 (Their own philosophy focuses too much on elitism, if you ask me.)

@prologic@twtxt.net Ah, I’m referring to software that’s similar to that of suckless.org: Small, minimal codebases, small tools, but still useful. dmenu is probably the best example and also farbfeld.

Here’s the author of Anubis talking about some of their experiences:

https://xeiaso.net/blog/why-i-use-suckless-tools-2020-06-05/

(You can skip the long config and keybinds part.)

@movq@www.uninformativ.de Curious what you would define as “suck less” software? (language agnostic of course!)

The lack of suckless-like simple, hackable software these days is appalling.

In all fairness, GOG says that Forsaken is only supported on Ubuntu 16.04 – not current Arch Linux. If you ask me, this just goes to show that Linux is not a good platform for proprietary binary software.

Is it free software, do you have the source code? Then you’re good to go, things can be patched/updated (that can still be a lot of work). But proprietary binary blobs? Very bad idea.

Ted Unangst’s snarky (and entertaining) remarks this month:

• https://flak.tedunangst.com/post/modern-software-2025-edition
  
• https://flak.tedunangst.com/post/killing-X11
  
• https://flak.tedunangst.com/post/forbidden-secrets-of-ancient-X11-scaling-technology-revealed

@movq@www.uninformativ.de Interesting internal education sessions are way too infrequent here as well. There are a bunch of “knowledge transfer” meetings actually, but 90% of the topics already sound totally boring to me. The other 9% talks turned out to be underwhelming, sadly. I only attended a single one where it was delivered what has been promised. They’re all talks, not real hands-on trainings like you did.

Once a year the security guys organize a really great hacking event, though. Teams can volunteer to hand in their software dev instances and all workmates are invited to hack them and report security vulnerabilities. That’s a lot of fun, but also gets frustrating towards the end when you don’t make any progress. :-) There’s also some actual hands-on training in advance for preparation of the two days. Unfortunately, I missed the last event due to my own project being very stressful at the time.

When I had a Do What You Want Day I also show my direct teammates what I learned in the hopes of this being interesting to them as well. I’m the only one in my team using this opportunity, sadly.

think i’m gonna use this license on my git repos going forward. it kicks ass https://anticapitalist.software/

Saw this on Mastodon:

https://racingbunny.com/@mookie/114718466149264471

18 rules of Software Engineering

1. You will regret complexity when on-call
   
2. Stop falling in love with your own code
   
3. Everything is a trade-off. There’s no “best” 3. Every line of code you write is a liability 4. Document your decisions and designs
   
4. Everyone hates code they didn’t write
   
5. Don’t use unnecessary dependencies
   
6. Coding standards prevent arguments
   
7. Write meaningful commit messages
   
8. Don’t ever stop learning new things
   
9. Code reviews spread knowledge
   
10. Always build for maintainability
    
11. Ask for help when you’re stuck
    
12. Fix root causes, not symptoms
    
13. Software is never completed
    
14. Estimates are not promises
    
15. Ship early, iterate often
    
16. Keep. It. Simple.
    

Solid list, even though 14 is up for debate in my opinion: Software can be completed. You have a use case / problem, you solve that problem, done. Your software is completed now. There might still be bugs and they should be fixed – but this doesn’t “add” to the program. Don’t use “software is never done” as an excuse to keep adding and adding stuff to your code.

@movq@www.uninformativ.de That sounds great! (Well, they actually must have recorded the audio with a potato or so.) You talked about pledge(…) and unveil(…) before, right? I somewhere ran across them once before. Never tried them out, but these syscalls seem to be really useful. They also have the potential to make one really rethink about software architecture. I should probably give this a try and see how I can improve my own programs.

@movq@www.uninformativ.de I hear you! I’d also love to forbid any use in military software (development). Even though I cannot imagine anything of my stuff ending up there.

When I chose the MIT license for all of my software, I thought:

“Should I use GPL, which I don’t really understand? Is that worth it? Yeah, there is a theoretical possibility that some company might use my code in their proprietary product … and then what? Should I sue them to enforce the GPL? I’m not going to do that anyway, so I’ll just use the MIT license.”

And now we have those LLM scrapers and now it’s suddenly a reality that these companies (ab)use my code. I can see it in my logs. I didn’t expect that back then.

GPL wouldn’t help, either, of course. (Regardless, I now think that GPL would have been the better choice anyway.)

I’m honestly considering taking my code and website offline. Maybe make it accessible through some obscure protocol like Gopher or Gemini, but no more HTTP.

(Yes, Anubis might help. Temporarily.)

I’m just tired.

@prologic@twtxt.net There have always been and there will always be people who have absolutely no clue what they’re doing. I’ve been 100% one of them when I started. Guaranteed, heaps of new SQL injections are born every single day, numbers rising.

That doesn’t justify all the WAF crap in the first place, though. In my opinion it’s just a filthy plaster applied to an injected wound. The software itself must be secure. Otherwise, don’t put that shit on the internet. Probably not even operate it at all. Nowhere. Fix it or throw it in the bin.

Once or twice a year, I make an effort to switch from dark mode / black terminals to light mode again.

It usually doesn’t end well, because the contrast is just not as good. There’s a reason that things like professional DAWs or CAD software use a dark theme.

With a heavy bold font, it’s much better:

https://movq.de/v/331aa40bde/s.png

My font doesn’t get any bolder than this, though. I’d have to make a new variant of it. Mhh. 🤔

Crucial Wii homebrew library contains code stolen from Nintendo, RTEMS
The Wii homebrew community has been dealt a pretty serious blow, as developers of The Homebrew Channel for the Wii have discovered that not only does an important library most Wii homebrew software rely on use code stolen straight from Nintendo, that same library also uses code taken from an open source real-time operating system without giving proper attribution. Most Wii homebrew software i … ⌘ Read more

The wonderful world of Linux package managers
One of the strong points of Linux has always been how solid the experience of installing and managing software is. Contrarily to what happens in the Windows and macOS world, software on Linux is obtained through something called a package manager, a piece of software that manages any piece of software the user installs, as well as its dependencies, automatically. ↫ Luca Bramè at Libre.News It truly is. I can’t imagine using any operating sy … ⌘ Read more

Linux on IBM Z and LinuxONE open source software report
Linux on IBM Z and IBM LinuxONE use the s390x hardware architecture to run various Linux distributions, including SUSE Linux Enterprise Server (SLES), Red Hat Enterprise Linux (RHEL), and Ubuntu. Tens of thousands of software packages are tested and distributed through these projects, and various community distributions. ↫ Elizabeth K. Joseph at the IBM community website Various Linux distributions are available for the … ⌘ Read more

Spark AI (YC W24) is hiring a full-stack engineer in San Francisco
Comments ⌘ Read more

@bender@twtxt.net I use it. It’s not the feature I use the most in the fediverse, but I communicate this way with several friends. For example, it’s the main way I talk to the original creator of the twtxt-el repository, the way people greet me for the first time or the way they notify me of some bugs in the software I maintain. I can even tell you that it’s the main way I talk to some maintainers of the Emacs community. If there are any of you reading my words, speak up!
Why not have the same? There are things I want to say to @prologic@twtxt.net in private, why should I have to send him an email or private IRC? Or an public twt.
Of course, here’s a topic we’ve already talked about: what is twtxt for you? For me it will always be a social network, in microblogging format, but an asynchronous way of communicating. And having a tool to control visibility is basic 😄
I look forward to hearing from you @eapl.me@eapl.me !

FurtherAI (YC W24) Is Hiring Software and AI Engineers
Comments ⌘ Read more

@prologic@twtxt.net @bmallred@staystrong.run Ah, I just found this, didn’t see it before:

https://restic.net/#compatibility

So, yeah, they do use semver and, yes, they’re not at 1.0.0 yet, so things might break on the next restic update … but they “promise” to not break things too lightheartedly. Hm, well. 😅 Probably doesn’t make a big difference (they don’t say “don’t use this software until we reach 1.0.0”).

Flexport Is Hiring Software Engineers
Comments ⌘ Read more

Fedora change aims for 99% package reproducibility
The effort to ensure that open-source software is reproducible has been gathering steam over the years, and gaining traction with major Linux distributions. Debian, for example, has been working toward reproducible builds for more than a decade; it can now produce official live CDs of the current stable release that are reproducible. Fedora started on the path much later, but it has progressed far enough that the project is now con … ⌘ Read more

The subjective charms of Objective-C
To argue that Objective-C resembles a metaphysically divine language, or even a good language, is like saying Shakespeare is best appreciated in pig latin. Objective-C is, at best, polarizing. Ridiculed for its unrelenting verbosity and peculiar square brackets, it is used only for building Mac and iPhone apps and would have faded into obscurity in the early 1990s had it not been for an unlikely quirk of history. Nevertheless, in my time working as a softwar … ⌘ Read more

AI can’t stop making up software dependencies and sabotaging everything
Comments ⌘ Read more

Are .NET 4.x and JDK 8.x the “zombie” runtimes of enterprise software?
Comments ⌘ Read more