Damus
Dr. Bruce Simpson profile picture
Dr. Bruce Simpson
@Dr. Bruce Simpson

Internet user since 1994. FreeBSD developer since 2003. Google Summer of Code student mentor. Every time someone connects to an IPv6 network with their iPhone, some of my code runs.

Whilst I have been accused of being a researcher in Internet systems architecture, and hold a Ph.D to prove it, most of my work is usually professional practice (lots of hardcore Python & C/C++ networking code) & communication.

"THAT WE CAN CALL THESE DELICATE CREATURES OURS BUT NOT THEIR APPETITES" -- RA Wilson

Relays (1)
  • wss://relay.ditto.pub – read & write

Recent Notes

Adam Dalliance · 6w
What is it about the AI companies that invested billions of pounds in your funds and companies which first made you think they might have the solution to modern ills Mr Blair? Was it the first hundre...
Dr. Bruce Simpson profile picture
@nprofile1q... It's stupid. "Generative AI" is stupid in of itself, but the companies promoting it are either bandits or stupid also. The collateral financial damage I have to suffer because of their stupidity unfortunately because of my private pension pot exposure is not something I am likely to be compensated for, as this is really just a land grab and a form of theft. So I will do everything I can legally to disrupt their operation and firewall my real life from GenAI now as much as pos
Peter · 7w
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqgyhskthfz9c5yvf0nku9yurm6g77lz2leh3gh5zm8rdq7879xf8qk29k5f invested a bunch of time and money to get a degree and now no one is hiring 45-year-ol...
Dr. Bruce Simpson profile picture
@nprofile1q... Oh, that. Well, gronking Jupyter notebooks are but one hat I sometimes have had to wear. A truly reductionist view of me I suppose would be that of a human machine for turning RFCs into software when fed sufficient coffee. Credentialism and creep partly motivated me to do a PhD but it was also partly luck of the draw and I wanted to do something better after spending a year as a high tech mercenary for ultracapitalist forex traders. Now it's "Don't hate the player, hate the game."
Peter · 7w
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqgyhskthfz9c5yvf0nku9yurm6g77lz2leh3gh5zm8rdq7879xf8qk29k5f invested a bunch of time and money to get a degree and now no one is hiring 45-year-old junior analytics engineers. i don't mind having the knowledge, but the opportunity cost is tremend...
David Chisnall (*Now with 50% more sarcasm!*) · 7w
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqkj309zdwj9epqml3h5v0ma8vrgelxqmx04aw2dl4xjudcu3mp4pqcuted5 Thanks (I thought you might know the answer!). It turns out unions in C++ are more ...
Dr. Bruce Simpson profile picture
@nprofile1q... @nprofile1q... My take: C++ allows alignas for union types and enums. std::variant potentially provides a safer abstraction for the former in some cases. Herb Sutter proposes type-checks for union accesses, at the cost of an extra discriminator field:
https://herbsutter.com/category/cpp2-cppfront/ I rarely use unions in C++ for correctness reasons, despite the fact they can noticeably reduce memory footprint; a safety tradeoff. But type punning is forbidden; C++23 brings new hotness: std::start_lifetime_as.
ARGVMI~1.PIF · 7w
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqgyhskthfz9c5yvf0nku9yurm6g77lz2leh3gh5zm8rdq7879xf8qk29k5f Npm treats Microsoft as the source of truth. The npm package database isn't the pro...
Dr. Bruce Simpson profile picture
@nprofile1q... My distaste for npm comes as much from Node.js's noticeable system bloat as from the Clammy Sammy influence, and that is what puts me off bun too, just, different "personality" involved. "Give a man a fish, and he’ll eat for a day. Teach a man to phish, and he’ll eat for a lifetime."
Dr. Bruce Simpson · 7w
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpq9zsljfx8tjyzplququr9xmqctclx0qc2mw5xydzx0udqzrfade4qmtrtl5 I had a beard-stroking moment when I saw only 4 "approved" forges are there for PyPi's...
Dr. Bruce Simpson profile picture
@nprofile1q... One "ecosystem" that has its shit somewhat together is Golang, but that's an appeal to authority: you have to treat Google as the source-of-truth for SBOM security with the centralied Golang package database. AFAIK there is no federated equivalent, so it's not exactly democratic or Illich-convivial.
1
ARGVMI~1.PIF · 7w
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqgyhskthfz9c5yvf0nku9yurm6g77lz2leh3gh5zm8rdq7879xf8qk29k5f Npm treats Microsoft as the source of truth. The npm package database isn't the problem. The problem is that package maintainers are vulnerable to phishing.
ARGVMI~1.PIF · 7w
And no, making programmers jump through hoops to publish their code isn't a solution either. When I ended my brief stint maintaining an #npm package, they were cranking up the authentication requirem...
Dr. Bruce Simpson profile picture
@nprofile1q... I had a beard-stroking moment when I saw only 4 "approved" forges are there for PyPi's "Trusted Publisher" feature over the past 48 hours (I've been sciencing the shit out of this very topic right now). They're all "mass market" forges. Neither Codeberg nor SourceHut appear on the list, and to be frank, there's an SBOM case to be made for vendorizing Python dependencies with pdm in a monorepo configuration anyway.
1
Dr. Bruce Simpson · 7w
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpq9zsljfx8tjyzplququr9xmqctclx0qc2mw5xydzx0udqzrfade4qmtrtl5 One "ecosystem" that has its shit somewhat together is Golang, but that's an appeal to authority: you have to treat Google as the source-of-truth for SBOM security with the centralied Go...