This isn't necessarily a language problem, though, more of a "culture" problem, I think.
I write in Clojure and I take great pains to avoid introducing dependencies. Contrary to the popular mantra, I will sometimes implement functionality instead of using a library, when the functionality is simple, or when the intersection area with the application is large (e.g. the library doesn't bring as many benefits as just using a "black box"). I will work to reduce my dependencies, and I will also carefully check if a library isn't just simple "glue code" (for example, for underlying Java functionality).
This approach can be used with any language, it just needs to be pervasive in the culture.
> This isn't necessarily a language problem, though, more of a "culture" problem, I think.
Author here. We could make it a language problem by having the language sandbox dependencies by default. Seems like an easy win to me. Technical solutions are almost always easier to implement than social solutions.
Is it really so controversial to want to be able to limit the access that utility crates like humansize or serde have to make arbitrary syscalls on my computer?
Seems to me like we could get pretty far with just compile-time checks - and that would have no impact whatsoever on the compiled code (or its performance).
By default, yes. But it probably makes sense to let people whitelist specific crates in their dependency tree. Crates like std and tokio, or blas libraries that make heavy use of simd. Stuff like that.
I think this is made easier with Clojure macro capacity. In general, if you have powerfull metaprogramming tools, you trade dependency complexity with peace of mind (I still have flashbacks of C++ templates when i talk about metaprogramming :/. Does this qualify for PTSD?).
I think this is a common practice in every country. If the tax payer is at fault, the tax payer pays. If the treasury is at fault, the tax payer still pays.
Hoping that journalists pick up on cases like these and spread the word wide enough is... optimistic, to say the least.
A much better solution is to build incentives into the legal system, like tgsovlerkhgsel suggested. The problem isn't that bad actors abuse the system, the problem is that the system allows bad actors to abuse it.
It is too bad it is up to the founders themselves to offer liquidity to employees. Founders are financially incentivized to not offer anything, so you're counting on their sense of justice and morals to overcome their sense of personal gain. This should be regulated.
(Yes, this is a political opinion. No, I am not American.)
Have we come full circle? Docker was made to create a stable environment for an executable to be run in. Now we're making executables out of the stable environment... should we run that executable in a docker image too?
Wouldn't be surprised if Unity is developing their own multimedia engine they want to sell. Shitty practices like this is what makes me want to get into politics.
This was my first thought. They can then sell some poorly-executed knockoff, ignoring that a partnership with actual experts would have been the best for their customers.
I looked for any mention of hosting your own server on the repo's readme and could not find it. This is not readily available information so stop shaming people for not finding it.
But thank you for sharing the link that was helpful
“ With Librum, you can manage your own online library and access it from any device anytime, anywhere. It has features like note-taking, bookmarking, and highlighting, while offering customization to make it as personal as you want!”
Many selfhostable solutions use similar wording as their main focus is the platform. While not excluding selfhosting options they don't promote it either.
To be fair, Amazon could write the exact same things (minus customization) about their platform, saying that you have an online library is different from saying that you can self-hosted it. But it being (F?)OSS can give an hint that there could be the possibility of doing it.
> "Open source is only free if your time is worthless"
The main reason to use FOSS software shouldn't be the price: indeed with commercial competitors at a few $/€ per month that require less work on your part one can rightfully wonder if he's saving money with FOSS software. But also control over your tools and not giving away personal data has a value.
