GitHub (née Microsoft) buys NPM

Weird timeline we’re in, eh? While we all sit and hope for the best with COVID-19 taking an unprepared humanity to task, Microsoft (through GitHub) is making an interesting move.

I have to say, it’s an interesting proposition. Microsoft wants to improve and control the popular NPM (Node Package Manager) repository. This is where JavaScript developers go to download modules for Node.js so that they can build their applications. Microsoft will now own this repository.

Honestly, I’m a little torn. On one hand, I dislike the increasing creep of JavaScript “applications” that are run on Node/Electron because they’re not usually well optimized and eat resources like crazy. On the other hand, Node’s repository has been notorious for squatters, malicious files being uploaded into popular modules and even the transfer or takeover of popular modules by hostile entities without any notification. Some sort of corporate curation and regulation (not to mention proper infrastructure and funding) will help.

Ultimately it seems like just another piece of the Open Source pie being consumed by corporations. While NPM is a handy tool for development in Node, I’m sure this change of ownership will prompt an exodus, as the GitHub acquisition did before it.

When it does, we’ll all be the better for it. More diverse sources allow for less single points of failure or control. I wouldn’t be surprised if the popular distributed git-forge idea spawns into a distributed NPM-analog.

Update: It was pointed out to me that there is, in fact, an alternate package repo tool/project tool: Yarn. I’m not a Node developer, but I am extremely happy that it exists and can be a stand-in for NPM.

I ❤️ Free Software

That’s right. I love free software! It’s open to inspection, modification, improvement. We’re free to collaborate on it, interact with the principal architects and suggest improvements. If we don’t like the way a project is going, we’re free to fork it and start making our own changes to go in a direction we’d prefer.

Yes, the software is “free” as in beer. It’s also free (or libre) as in speech. It’s not suppressible as it’s an expression of an idea. That means that much as some would like, you can’t stop it from being disseminated. It can be used how the user wishes it to be used, not some distant corporate overlord.

Free software doesn’t just give me those benefits, it also allows me to interoperate between disparate platforms and systems. It does this through the embrace (or creation) of open standards and formats. It provides the user the ability to ensure that the data that they are creating or consuming is going to be readable and transferable into new mediums and formats not yet thought up. It allows the user to move between systems with relative ease, not having to worry if they have the right version of Emacs to open that text file, or if mpv can play that mkv file.

Free software benefits everyone. Even those who choose not to use a free platform. Open protocols and formats like GZip/ZLib are important components of every browser. The very tools people access webpages are overwhelmingly through open protocols and served up by free software applications like Apache, Nginx and Lighttpd. Open source tools find their way into closed sourced systems because its cheap and easier to implement than starting from scratch on a solved problem.

Free software powers the encryption methodology that secure bank transactions and other important information through technologies like TLS and PGP. Security experts balk at the very idea of an encryption method that is not fully open because so much rides on the very smallest of details in implementation. An off-by-one error could mean disaster.

While free software and open source tools are not always the best in the market, they come with the knowledge that you aren’t being used as a potential data pool for mining. You’re not being sold to advertising agencies for a quick buck. The people behind these tools are, often, as disgusted with these practices as you are. They value your privacy because they value their own privacy.

Free software isn’t communism or any of these politically loaded terms being thrown around today. Free software is human. People want to share, to build, to improve and delight. While it’s not always possible to financially support yourself by making free software, it is a labor of love. By giving donations to tools you love and use, you help those people make it better.

I urge anyone who read this big love letter to free software and open source this Valentine’s Day to give your thanks (and if you can, some small cash donations) to the people who work to give you tools that you can trust and platforms that enable it all.

Thank you!

App Stores

You know. I used to think app stores were neat. It was a novel concept coming from Windows or Mac where you basically had to hunt down applications to install and configure yourself. Only the largest of companies had real collections of anything. Even ancient Linux systems had dependency hell that made the idea of a store an appealing idea.

Then, you know, we fixed that. RPM, Debian, et al just fixed the problem with dependencies and now you just say:

$ yum install firefox # RPM
$ apt install firefox-esr # Debian
$ pacman -Syu firefox # Arch Linux
# Etc..

And within a few minutes, Firefox and all it’s dependencies are installed, configured and ready to be launched. These app stores that Apple and Microsoft hawk are pale imitations of this system. They tout that they’re sandboxing applications (something the system should already do, like AppArmor, et al) from these stores and they’re reviewed/vetted. The problem is, they’re just repackaging the already shitty app discovery/dependency experience and saying: “Here, all the crap that you need to run, no matter how old or twisted it is, put it in this box with your application and run it from there”. This isn’t a solution, just shifting the focus.

It seems that some people believe that this idea would be great on Linux, too. AppImages, Flatpaks and all sorts of containerized systems popping up to “simplify” the Linux install experience. Oddly enough, it does just what the big kids do, ignore the base system and shove everything into a box until it runs. Fuck disk space, fuck bandwidth, fuck security updates and comparability or integration. Does it run? Good, ship it.

It almost seems like they’ve missed the point of the whole package management system. It would seem that way, but they’re too smart to have just “missed” the underlying system that bootstraps literally the entire system into existence, libraries and all.

No, I imagine what they’ve done is willfully ignored it because packaging is hard. It is. No two ways around that. If you want your app in one of those systems, you have to package it and make sure it works. Either that or help the package maintainers do that. It sucks because a lot of systems are more byzantine than they have any right to be. That is something we could address.

Instead, I think the idea is to get proprietary software to a point where companies don’t have to rely on trusted packagers (who are probably somewhat agnostic or hostile to them) or having to do the work themselves. They just wrap the whole mess up in a FlatPak or AppImage and they’re off to the races.

Elementary OS seems to think that App Stores are a great idea, too. They’re even revamping theirs so that “Linux developers can get paid”.

Let me just pick that apart for a minute:

  • How are they not able to get paid? Were they somehow prohibited in previous iterations of the App Store?
  • Are open source (not Linux…) developers somehow prohibited from setting up donation boxes like Librepay, Paypal or literally any of the other pay for stuff services?
  • If app developers, through this store, are allowed to get paid… are they allowed to restrict users from installing the software without paying for it?
    • This breaks open source/free-software
  • How are you going to moderate this store from going the way of every other App Store where thousands of pieces of barely compiling crap with pretty icons get shoved up to the top with paid advertising or bot-farm reviews? Have you somehow solved this problem?

I have no problem paying open source developers, or rather, donating to them. I do it all the time. Projects I use regularly or need, I give money to. I just don’t see how an App Store is somehow going to fix this in ways that aren’t already possible, without somehow turning it into a shitshow of shovelware and trashy apps.

Linux doesn’t need App Stores. It already has them in the form of package management. There are even nice interfaces through Discover and Gnome’s “Software”. This is a solved problem. So why are we reinventing it?

I’m probably a curmudgeon, but this seems a solution in search of a problem.

Executive Bullshit

I feel a bit smug right now. I know I shouldn’t, because lots of people have been unduly affected by this ridiculous order, but I still feel some level of satisfaction that Adobe has, again, a big pile of egg on their face.

Essentially, under the above order, no companies are allowed to do pretty much any business with persons, companies or governmental organizations in Venezuela. Including Adobe. To the point that anyone in that country will not only loose access to their software, creations and services — but have them deleted outright. No recourse, no refunds, no support, nothing. It goes to show you just how fragile the SaaS model is.

Despite that, these Executive Orders are comically overreaching the Executive Branch’s intended scope. Seriously, just being able to carte blanche embargo a whole country without the Senate or the House (you know, our Legislative branch, who are supposed to enact laws) weighing in on the issue. It’s not just this latest order, it’s all of the Executive Orders being able to be able to bypass the law-making process as being tremendously worrisome.

I know little of the situation in Venezuela, except that things are kind of all over the place. I don’t really have much connection to the area, which makes it hard for me to involve myself. Especially when I have plenty of crap here to consider and worry about.

Open source is the answer, as it is with many other restrictive actions taken against free people. It’s protected (currently) under free speech, because code is speech. It’s difficult to curtail and allows people to create and improve without restriction. Hell, it’s not even sold most of the time, making this very restriction moot.

Bah, fuck this whole travesty. Why do people have to be such assholes?