414
It's hilarious that PR author in that example has monkey profile pic. I guess what people are saying about never trusting people with monkey pfp is true.
Actually, I only want to add one file, tea.yml, to your repository. Because I have a job that requires uploading the file and I also don't know what it is used for.
So you want me to merge a file you use on your job and you don't know what it does?
I see no issue. Merged!
full send!
LGTM!
For context, Tea (the cli tool) was created by the author of homebrew. But for some reason he changed the name to pkgx and made tea into the crypto thing: From the creator of Homebrew, Tea raises $8.9M to build a protocol that helps open source developers get paid
He's probably interested in blocking these kinds of PR's.
He's probably interested in blocking these kinds of PR's.
He is now that people are spamming the high profile projects he used as examples in his "get paid" cryptobro scam videos and it's pissing people off in the FOSS communities hes trying to worm the project into.
Hilariously, he stated that he would be really unhappy if people were doing this to his actual FOSS projects, which makes me wonder why he didn't use them in his examples instead of the completely unrealted Node.js and ghost projects.
Its almost like he made himself getting rich someone else's problem. Totally unlike crypt bro behaviour, of course.
That's insane
Also lol at the people getting mad at the tea maintainer for "name calling" the guy hired to write up the scam PR
Gig economy or not this idiot should have known better
Lol classic reply from the monkey pfp "I didn't know, I'm sorry, please don't ban me, sir". These fuckers know exactly what they're doing seeing from how they obfuscated the pr purpose, and act all ignorant when caught. It's exactly the same behaviour game cheaters exhibit when caught red handed
Honestly doesn't sound like a terrible idea on paper, but this spam outbreak could kill it before it gets off paper in a real way. Giving devs a bad taste will stay around a long while.
Edit: and of course the well-earned general attitude toward cryptocurrency as scammer playgrounds is automatically putting it way in the red too.
Dude also used a LLM to generate descriptions for the packages he's serving from his package manager. And of course, it got them wrong, creating a headache for the actual package maintainers
I do like the idea of streamlining donations to open source projects directly through a package manager, and crypto seems like a good fit for that (decentralized, uncensorable). The issue here seems similar to knowing what charities are properly using funds; making a system to make decisions about how to spend money is hard when there's so many people looking to misdirect it to themselves, and the point of this would be to relieve the people who would be donating the money from putting effort into doing the research themselves, so that big problem has to be solved.
which should prevent idiots like @onedionys from being able to figure out how to create the file.
Wow, slow down @mxcl. Calling people names is not constructive not warranted here.
Lmao fuck off
load more comments
(1 replies)
The easy red flag here is YAML. It’s a hideous, overly-complex format for anything so of course a scam would choose it.
That's a patently ridiculous statement
Have you read the spec? It’s a total mess
I have read the 1.2 spec (I'm trying to make a round trip parser for JS, and I do maintainance on a fork of the rumel yaml python package). I actually think its very well thought out, with things I hadn't considered like future extensibility, streaming applications, and data-corruption detection.
The diagrams, color coding, and less-formailty of the spec was much appreciated. Especially compared to something like the ECMA Script spec, which reads like a math textbook had a child with a legal document.
I'm not saying YAML is perfect; round trip (the thing I'm working on) is nearly impossible because it wasn't a design goal. It has a few too many features (I've never seen a declaration in the wild), but it does a good job at accomplishing the creators goals, and the additional features basically only slow down parser-implementers like me. I often pick it because of the tag support, which I've struggled to find an equivalent for in other serialization languages. I use anchors in recursive data structures, and complex keys for serializing complex data structures (not human readable). The "document end" marker has been nice when I'm worried about detecting partial-writes. And the merge key is nice for config files.
The application/perspective matters. Yaml might be bad for you but its not bad for everyone.
load more comments
(7 replies)
Brief history of YAML:
"Oh no! All of these configuration file formats are complicated. I want to make things simpler!"
(Years go by)
"...I have made things more complicated, haven't I?"
YAML is generally good if it's used for what it was originally designed for (relatively short data files, e.g. configuration data). Problem is, people use it for so much more. (My personal favourite pain example: i18n stuff in Ruby on Rails. YAML language files work for small apps, but when the app grows, so does the pain.)
Ansible is using YAML and it's orders more readable than any other config engine, like puppet or cfengine.
Ideally, yes it can be beautifully written, certainly more than bash scripts.
With that said, I've also seen some hideous ansible scripts...
load more comments
(1 replies)
What? I love having 20 ambiguous ways to express the same data with weird and unexpected conversion rules. JSON is so much worse - if data types are explicit and obvious, how can I properly express my feelings when writing a config file?
{"foo":true,"bar":{"baz":1}} is valid YAML; better throw it out.
I have no issues with using a strict and unambiguous subset of YAML :)
And what would your ideal, legible, general-purpose data markup language be? XML?
Yaml Ain't Markup Language: am i a joke to you
(JSON for data, TOML for configuration)
I've used both YAML and a TOML-adjacent INI format for Ansible. While I wouldn't use YAML for massive data serialization (because significant whitespaces are fucking stupid), it's much better suited for manual data entry compared to most options, including TOML, when nested data structures are required.
And if YAML's structure is too complicated, that's honestly a skill issue.
Not that YAML's structure is too complicated, but its syntax is too flexible. All the shit about being whitespace sensitive yet with whitespace errors leading to a syntactically valid YAML document. TOML's syntax is rigid which makes it unsuitable for expressing complex nested data structures, which is good because that's not what you should use TOML for. Ultimately the dependence on a highly flexible baseline language like YAML to create complex DSLs is a failure on the developers' part, and the entire configuration system should be reworked.
Do you use a linter like the ansible vscode extension?
I used to hate writing ansible, and yaml, until I installed the ansible lint vscode extension, and everything became much, much easier.
Later on, when I was working on a docker-compose, I noticed that the vscode yaml extension (which the ansible extension pulled in as a dependency) caught errors. It's quite intelligent, able to spot errors exactly like what you mentioned, where the yaml syntax is correct, but the docker-compose, or the ansible syntax is wrong.
Of course. If you're working in a DSL that's popular enough for someone to have written a good schema/parser for then tooling can help.
load more comments
(10 replies)
Depends on the use case but XML is good for markup—especially if you need extensibility.
For config, Nickel & Dhall take the cake for being typed & having LSPs so the configuration writer can get immediate feedback about possible options (while eliminating invalid states) without requiring the manual—with configuration readers not needing to mess around with marshaling their types. Both these configuration languages let you import files & write little loops to make your config more DRY & makes maintaining large files (like say Kubernetes) easier.
XML is great if the (de-)serialization is already implemented. Otherwise traversing the document is a massive pain.
True. Something like XPath can really help & there are use cases where that is more concise but requires loading XPath into your head like Regex (which tends to get unloaded). The extensibility shines tho as seen by XMPP continuing to this day with very good backwards compatibility with 2 decades of updates since everything in an extension to the base.
RON (Rusty Object Notation). Its like JSON but better.
Do you remember CSON? CoffeeScript Object Notation was a cute way to make JSON readable before CoffeeScript kinda died.
load more comments
(1 replies)
I see you get downvoted a lot. But as a norwegian that repeatedly have run into the norwegian problem when trying to use some program... i see you.
What’s the weather like in False?
It's practically nonexistent
Soggy snow!
YAML 1.2 was released 15 years ago and fixed this issue. The problem is not YAML but the libraries people are using to parse it being a decade and a half out of date.
Why does the tea project not have users claim ownership of GitHub profiles. That way it could be retroactively applied with no effort on the user or maintainer.
I assume it's because they don't just want to count owners but also maintainers. How do you count maintainers? Does one accepted PR count? If not, how many? Counting owners only that would be fine though.
It's sad that a lot of the username come from Vietnam (my country). I remember when the Stellar airdrop announced there were people trying to buy GitHub account for 3-5$ for "their company's project". Many people do the thing that called "MMO" like that here, that doesn't realistically provide any value. They just want to get rich as fast as possible with only simple jobs such as copy and paste.
I greatly respect the way Vietnam has put things like stable rice prices over Western money. As far as I understand it, this allows for a society where nobody lives in abject poverty. But it also prevents people from getting rich quick by milking their own people. So if I got all of this right, it's not surprising that some people encountered the idea of getting rich quick through the Internet and try that now.
> nobody lives in abject poverty. But it also prevents people from getting rich quick by milking their own people
lol.. no.. not at all
load more comments
(5 replies)
I've seen video ads claiming to show you a way towards passive income from other people's videos somehow. Now it's coming to open source projects...
Ive seen an uptick in twitch users offering graphics packs for streamers.
I presume some company has figured out the prompts to get AI generated emote packs, and now hire people to offer this service randomly to small/medium streamers.
view more: next ›
this post was submitted on 27 Feb 2024
414 points (100.0% liked)
Open Source
35829 readers
215 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
- !libre_culture@lemmy.ml
- !libre_software@lemmy.ml
- !libre_hardware@lemmy.ml
- !linux@lemmy.ml
- !technology@lemmy.ml
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS