Another thin lie to appease the foolish? Why hasn't Mike weighed in on this? I tweeted Mike on twitter and it was you and some other twat who were so quick to tell me how FOSS-friendly the project was, yet I've every suspicion that this project will end up in tears and LuaJIT will end up in a dark corner of CF's internals.
I'm not asking you to be held responsible for CF business, that'd be unreasonable. I might be a rude halfwit, but I know where the boundary lies.
Though I've mentioned it already multiple times, I'll reiterate a final time: Absolutely no concrete assurance (from CF officially) that the LuaJIT project will be developed openly. It has been moved to GitHub, distancing it from the long-appreciated mailing list and cementing it's position ion a platform that openly censors projects and actively enforces a code of conduct to further the narrative that code should take peoples' feelings into consideration. Github is widely used, and most of the alternatives suck, so it's an understandable sin.
On top of all that, the murky posts on the actual list indicate no significant progress has been made on figuring out a new direction for the project, and little to no effort has been made to do more than announce to the community what's (allegedly) going on.
Finally, the biggest disconnect between you and I is that if someone offered me money to take over a FOSS project and move to behind closed doors of a huge corporation, instead of agreeing and playing sock-puppet on mailing lists and twitter (who does that sound like?), I would out them to the community.
I'm not asking for you to make changes, just voicing my dissent and my intent to take aggressive, direct action.
What was the best case scenario (in your opinion) for this message?
My mission is to speak the truth, ONLY the truth.
I don't mind ruffling feathers along the way, especially in regards to JGC, who is actively taking steps to destroy the FOSS principles of the LuaJIT project.
I'd sooner see myself banned than retract or apologize for a single character of anything I've said thus far, or plan to say soon.
I'm not accusing anyone of incompetence. Only a fool would make the implication that you aren't a knowledgeable programmer. I'm accusing CF (not you specifically) of making the first moves to morph LuaJIT into a corporate tool.
All you've done is write a few paragraphs about how great the community is, and make a repo.
CF's work on nginx is of no concern to me, and even less so is the tendency of CF to hire people to work FOSS projects. Big deal. Nobody that's reading this is stupid enough to believe that it's out of the realm of possibility to spend some money on your image.
What you've said about LuaJIT all but confirms my suspicions that CF will suck the project dry for efficiency until it's a dry withered husk.
You are shoehorning developers at CF into LuaJIT the same way that Google shoehorns developers into the Chromium project. What ultimately happens is the work that gets done in Chromium ends up being misused in Chrome as a commercial bloat whose function is to extract and extrapolate as much as it can about the user. The user's intention is just to browse the web smoothly, and they get taken for a ride.
LuaJIT is meant to be a performance implementation of Lua, suitable for embedding within larger applications and games as a DSL. At this point in time, I would absolutely stand behind the argument that CF seeks to turn LuaJIT into a more standalone project that leverages CF's infrastructure to make CF even more money.
I just can't abide, and I certainly can't believe that you expect the community to watch this happen as you systematically corporatize a well-loved, well-used, well-done project.
The qualms I have with this dialogue are the same as before, because CloudFlare has little to no idea how they are going to handle this. JGC tweeted me about how 'Oh, we get so much benefit from LuaJIT being FOSS" but here we have CloudFlare walling LuaJIT into it's own entity on GitHub where I predict commit bits will be few and far between.
More than that, I don't think there has been enough narrative between Mike and the 'new LuaJIT crew' (CF) to determine how the project should be structured. In this thread, agentzh had a fantastic idea to vet somebody through Mike, someone the community knows can be trusted and also is somewhat familiar with the LuaJIT internals, and that person could serve as a canary between the project and CF.
I write a fair bit of Lua for game scripting, and I've even made a few bucks here and there helping folks with their custom plugin ideas etc, but I've never touched C before. Well, when the previous announcement was made, I immediately Amazon'd some C books, which I plan to devour in my free time. At which point I'll be learning Rust, and reimplementing LuaJIT in Rust, and hopefully convince Mozilla to host the git, such that it will be protected from FOSS corruption.
My worst fear is CF taking this project into the shadows, developing it closed-source (which they absolutely have a right to do) and not sharing their insights with the community.
I think everybody with any kind of invested interest in LuaJIT needs to be gearing up right now, such that we can do our parts to keep this project alive.
I kinda hate these papers that just humble-brag clusterized setups without providing any abstract insights. This doesn't bring me any closer to understanding graph data any better, but I'm now ready to begin installation of a multi-million-dollar cluster of machines and storage.
The bit about k-means was interesting, but the rest was an irrelevant bore.
I'm a developer living outside of California, and I'm giddy for the big one. San Francisco is the worst thing to happen to this country culture-wise since the Beatles.
If California has a huge earthquake, we'd be better off.
That being said, I lived in Redding, California for several years and visited the dam and went to the Lassen Volcanic National Park and visited Dunsmuir and it was all nice and quaint for the most part.
If California explodes, hopefully it's just from Sacramento southward.
I use a unique password and even a burner email, and a phone number that I update every 8 weeks for my banking website.
It's taken blood, sweat and tears to save up 20k (a lot for me) and even though I have a secure authentication scheme for the website, I worry about it getting hacked all the time.
"...there is absolutely no risk"
You have no idea! There's little practical risk in people getting access to my (fictional) ProjectEuler account, but there is absolutely some risk into returning to the same scam twice. Say they exploit PE again and are able to extract more than just password and email, maybe they find a way to get more info about the user's browser, or cookies, or SOMETHING. Anybody foolish enough to continue to navigate to projecteuler.net will suffer the consequences. They'd be better off never returning.
I know the response to this will be, "Oh, you can't possibly expect people to just abandon services that are compromised once" but I absolutely don't expect people to do that. I do it, because my security is worth it to me. Others don't, and this is the sort of thing that happens.
We've no way to really isolate what happened to projecteuler, and no way to now what kind of nasty code got injected into the pages.
Best of luck to you, friend! Hearing of all the things you have learned and have experience in leads me to believe that many startups would miss out if they overlooked you. You sound awesome.
Haven't they been wrecked once before this most recent incident?
I find it concerning that folks are so eager to rush back into a warzone when they know it's not safe. Piling onto a recovering website after a cyberattack is akin to running back into a field where landmines were found. Maybe somebody was able to remove a landmine or two, but wouldn't it be wiser to just walk around it?
Somebody else in this thread was talking about BLAKE2, which I cast a cursory glance at. It seems pretty cool, claims to evade the length-extension 'issues' that SHA-1 has.
Wikipedia indicates that there has been at least some progress as far as cryptanalysis goes, but even with that being said, there's always that lingering 'but what if' about anything NSA-related.