[conspire] (forw) [DNG] [OT] YouTube archivism targeted

Tue Oct 27 12:00:14 PDT 2020

Quoting Nick Moffitt (nick at zork.net):

> In response to the takedown, various people have begun taking
> advantage of github's WONTFIX stance on a rather significant bug:
> 
> https://gist.github.com/lrvick/02088ee5466ca51116bdaf1e709ddd7c

Nice.

I'll confess that, having met GitHub founding CEO Nat Friedman back in
the day, I consider him something of a tool.  Seeing him mocked with his
own slapdash company's carelessly unfixed bugs is a pleasure.[1]

> Here's an example:
> 
> https://github.com/npm/cli/commit/5a3b345d6d5d175ea9ec967364b948c662a2ef16

There is much hard-earned wisdom in that commit, and the comments thereupon.
For those reading it, the term 'NPM' in the first comment refers to
Node Package Manager, the packaging/update thingie for the grotesquely
overfeatured Node.js Javascript toolkit.  Commenter lrvick's point is 
that NPM, like other package managers, has become hideously at risk of
security mischief because of incompetent code-signing practices.

> Of course a lot of this stems directly from the fact that nobody
> bothers to gpg sign their commits.

{sigh}

Engineering around stupid is a full-time job.

[1] Friedman's one truly smart idea was naming his firm, the one devoted to 
running a big git repo behind a big-ass proprietary Web site, 'GitHub', 
because that confused a bunch of idiots into confusing it with git.  
I'm really not kidding.  In recent years, as Linux Documentation Project
was unraveling, I encountered mysterious failures at getting LDP to 
pick up my submissions of HOWTO Docbook XML and Docbook SGML source
updates:  The established, traditional submission route was by e-mailing
the updates to a role address at tldp.org, and for about a year my
updates were being SMTP 2xx accepted but unprocessed.

I followed up on the public mailing list, and a new guy answered, saying
(paraphrased) 'Oh, we no longer use that acceptance method.'  (I was
thinking, OK, twinkie, shouldn't you guys make the MTA autoreject 
with a new SMTP 5xx diagnostic advising HOWTO maintainers of the change,
rather than submissions disappearing into the void?

He went on:  'We've moved from svn to git.  Just do a pull request on
GitHub.'  I said:  'I'm sorry, but I am presently unwilling to enter
into a customer contract with that proprietary software company.  I 
don't wish to deal with some bunch of third-party clowns in San Francisco
who monetise my privacy and require me to sign away a bunch of rights.
I just am trying to send LDP my HOWTO updates.  Do you not want them?'

He doubled down:  'Just create a GitHub account.  It's easy.'  'Ease is
not the issue.  I don't care if it's totally automatic.  I have no
desire to enter into a business relationship with GitHub, Inc.  Do you
want the updates or not?'

He tripled-down:  'GitHub isn't a proprietary software company.  It's 
a GPLed project created by Linux Torvalds and colleagues.  There's no 
reason for you to refuse to use git.'

And that was this slackjawed idiot's final word on the subject:  In 
belief that GitHub is an integral part of git, he'd terminated LDP's 
self-hosted svn repo, migrated all of LDP's revision history to
outsourced corporate hosting on GitHub, and now was seriously trying to
convince everyone that nobody could rationally object.

I simply said no, you're obviously living in CloudCuckooLand, and said 
"Fine.  Here are the URLs on my Web server of my DocBook source
updates.  If you want them, come get them and check them into any damned
thing you want.  If you don't do so, then basically you'll be forking
the HOWTOs of every LDP author who declines to jump through
proprietary-software hoops for you, and LDP will be the place with the
old, unmaintained forks.'  

I checked back with the idiot after Microsoft bought GitHub, Inc., and
even that didn't fix his severe case of willful stupidity.