00:51 <aw-> beneroth: wow, but I believe it, I have a friend who worked at a Japanese company who also took about a year to upgrade Rails versions.

01:00 <aw-> the Ruby community does **not** care about backward compatibility and "not breaking things". it's a common thread, applies to Ruby as well. Every year they EOL versions of Ruby which are not very old, so if you write a plain Ruby app, 4 years later it might not even run anymore (ex: https://www.ruby-lang.org/en/news/2018/06/20/support-of-ruby-2-2-has-ended/) (Ruby 2.2.0 released in 2014).

01:07 <aw-> something massively wrong with requiring 4 full-time engineers to upgrade a web framework

01:07 <aw-> 4-full time engineers for over a year?!

01:08 <aw-> this is modern-day busywork, paper pushing with a keyboard

01:48 <yunfan> aw-: dont blame that, in python community, people just complain that python2 had never quit for a decade

01:51 <aw-> yunfan: hi, yeah I think python2 was just fine haha

01:53 <yunfan> aw-: so there would be always people to complain

02:17 <aw-> sure, but you're comparing two different things

02:19 <aw-> in one case it's providing a major upgrade which is not necessarily "required", and in another case it's a major upgrade which breaks everything.

02:20 <aw-> i'm happy to continue updating software when it doesn't break my apps. The "breaking changes" is the real issue

09:57 <beneroth> I had one single breaking change with picolisp so far. Took like 5 min to fix.

09:57 <beneroth> (actually it was the ht library, so one can argue if this counts as picolisp or not)

10:04 <beneroth> [OT] bwahaha, newest problem of Chinese gov: young maoist communists: https://www.nytimes.com/2018/09/28/world/asia/china-maoists-xi-protests.html

10:12 <beneroth> [OT] and I guess you got the news that Facebook was hacked: https://krebsonsecurity.com/2018/09/facebook-security-bug-affects-90m-users/

10:24 <aw-> no?

10:24 <aw-> i don't follow news really..

10:25 <beneroth> bug in the "view your own profile as another user" allowed to take over an access-token of other users

10:26 <beneroth> so kinda a real hack, not their leaky customer-api (what cambridge analytics & co used)

10:27 <aw-> ok

10:27 <aw-> i haven't had a facebook accnt in ~7 years

10:27 <beneroth> and as Krebs pointed out (but is mostly forgotten in the mass media news), facebook login is used for a lot third party applications - and this is affected from this

10:27 <beneroth> I never had one :)

10:28 <aw-> haha yeah i never understood that "login using facebook" stuff

10:28 <aw-> such a stupid idea

10:28 <beneroth> lazy devs don't have to build/think about a login mechanism

10:29 <beneroth> lazy users can re-use the same password everywhere (what they do anyway)

10:29 <beneroth> and the benefits of single sign on :)

10:31 <beneroth> facebook is clever. when you book a marketing campaign with them (e.g. as a newspaper), you put a tracking-pixel from facebook on your website to measure the impact. and when the marketing campaign ended, you keep this tracking pixel on your website because your contract with facebook demands that (else you are excluded from ever doing marketing with facebook again, or something like this). facebook than uses this to identify your readers and show them the

10:31 <beneroth> advertisment of your competition :)

10:32 <beneroth> of course you can easily reverse that by booking another marketing campaign with facebook :)

10:34 <aw-> yikes

10:41 <beneroth> btw. as response to the hack facebook plans to increase their security staff from 10k to 20k people

10:41 <beneroth> I don't know how an access check can go so wrong even with 10k code reviews...

10:47 <aw-> 10k people?

10:47 <aw-> what

10:47 <aw-> they have 20,000 employees doing security?

10:48 <aw-> that doesn't sound right

10:53 <aw-> beneroth: source?

10:57 <beneroth> https://money.cnn.com/2018/09/28/technology/facebook-breach-50-million/

10:57 <beneroth> " Facebook says it is investing heavily in security going forward, and increasing the number of people working on security from 10,000 to 20,000. "

10:58 <beneroth> maybe its bogus, can't find another source or one from facebook, only this CNN article :/

11:00 <beneroth> it seems to be from a call with reporters Zuckerberg made

11:00 <beneroth> ah more sources

11:00 <beneroth> https://www.cnbc.com/2017/10/31/facebook-senate-testimony-doubling-security-group-to-20000-in-2018.html

11:01 <beneroth> https://www.cnet.com/news/can-facebook-mark-zuckerberg-new-hires-take-on-troll-farms-and-data-privacy-after-cambridge-analytica/

11:01 <beneroth> ah

11:01 <beneroth> this 10k people includes "content moderation"

11:01 <beneroth> so its not really IT security. its the poor underpayed fellows having to look at nipples all day

11:01 <aw-> yeah...

11:01 <aw-> that's exactly what it is

11:02 <beneroth> propaganda then.

11:02 <aw-> beneroth: spot on

11:02 <beneroth> good you asked back! :)

11:02 <beneroth> "Facebook had 20,658 employees as of June 30."

11:02 <beneroth> so half of them works in content moderation and security? sounds implausible

11:03 <aw-> haha

11:03 <aw-> those "security" people are prob not even employees

11:03 <beneroth> and we know that most of their content moderation is done by outsourced cheap workers in north africa...

11:03 <beneroth> aye

11:03 <aw-> most likely outsourced somewhere

11:03 <aw-> yup

11:54 <aw-> bbl

13:06 <aw-> beneroth: did you try my pilvm?

13:27 <rick42> aw-: what's that? sounds interesting

14:38 <aw-> hey rick42!

14:38 <aw-> https://a1w.ca/pilvm.html

15:24 <rick42> aw-: very cool!

15:25 <rick42> aw-: what is underneath? i just saw a Busybox banner popup real quick and disappear

15:29 <aw-> you can't see the video?

15:30 <aw-> it was just a quick screencapture of a VM booting into PicoLisp directly

15:30 <aw-> the links below are files if you want to try it yourself

15:31 <aw-> there's an OVA you can import to virtualbox/vmware, or a raw or qcow2 disk if you want to try it on Xen or KVM/QEMU

15:31 <aw-> err not raw, vmdk

16:47 <rick42> aw-: thanks. yes. i could see the video (in the video is precisely where i saw the busybox banner flash, before the pil repl showed up)

16:48 <rick42> my question was "what's behind the pil repl". for one, i can guess busybox, but what's busybox running on?

16:48 <rick42> hope that's clear. sorry for any confusion. mea culpa

16:57 <rick42> aw-: tinycore. got it. neat. thanks for doing this