Readit News logoReadit News
mbStavola commented on Learning music with Strudel   terryds.notion.site/Learn... · Posted by u/terryds
raphar · 15 days ago
I posted this link, some days ago:

Coding Trance Music from Scratch (Again) [video]: https://www.youtube.com/watch?v=iu5rnQkfO6M

It´s a well done programming and music performance

mbStavola · 15 days ago
Every time I watch one of her performances, I smile when she says "... with the scope."
mbStavola commented on The RubyGems "Security Incident"   andre.arko.net/2025/10/09... · Posted by u/semiquaver
Xylakant · 2 months ago
I don't even understand why RubyCentral included the proposal to use the log data in the post about a security incident. Whatever we may think of the proposal, the only purpose of including it in this place is to smear Andre.

The incident is clear cut and makes RubyCentral staff look incompetent. They cut off access to 1password and did not even consider that someone may have a copy of the credentials somewhere? As in "maybe in their head"? Rotating shared credentials in such a situation is security 101 and they failed. And when Andre notifies them that they failed, instead of quietly saying "Thanks, we've fixed that", they make it a security incident and include - without any further context - a single email from something that must have been a longer conversation.

mbStavola · 2 months ago
Without more details, it's hard for me to nail down the exact motivations at play here.

My current read is that RC majorly botched the takeover, demonstrated gaps in security know-how, and then retroactively framed everything as a problem with André. The details of the logs are mostly immaterial to the rest of the claims, but are still suspicious enough to spice up the announcement. I believe this because, at the moment, I don't see anything in the original RC post that wasn't satisfactorily explained by this post.

mbStavola commented on The RubyGems "Security Incident"   andre.arko.net/2025/10/09... · Posted by u/semiquaver
darkwater · 2 months ago
Honestly, I can't really see what you are reading through the lines here. Are you by any chance involved with RubyGems / RubyCentral? In my case, I'm just a bystander and not even a Ruby developer (but I worked in a Ruby company in the past so I know the ecosystem).

EDIT: oh, you might be referring to the RubyCentral statement. I didn't read the original security incident text, so my bad here. Sorry.

mbStavola · 2 months ago
I am definitely not affiliated with either, moreso my opinion is considerably more negative of the new maintainers (both for the method of takeover and their handling of this incident). Quite frankly, I don't even know why you would even ask if I was.

I do not feel like I'm reading between any lines here-- Ruby Central directly showed that André Arko asked for the data to sell in order to cover the on-call fees. Yes, they have reason to smear him and shouldn't be trusted, but André confirms that he asked for the logs. None of that is up for debate, these are just the facts!

What we can argue about is 1) whether this is meaningfully different than what RC does already as noted by their ToS and 2) whether or not company names derived from the HTTP logs is sensitive or whatever. It is my position that neither André nor RC should be selling this sort of usage data, regardless of motivation. Personally I think the monetization of such data is bad in general, but I understand not everyone feels the same. It just gives me the ick.

EDIT: Immediately after submitting this, I saw that you issued a correction. Bad timing on my part I suppose!

mbStavola commented on The RubyGems "Security Incident"   andre.arko.net/2025/10/09... · Posted by u/semiquaver
darkwater · 2 months ago
> That said, I really don't like the hand waving of the HTTP log thing in this post

What "hand waving"? André explicitly mentioned he did not have any log or information.

mbStavola · 2 months ago
No but he was seeking it, from the email in the RubyCentral article and directly from TFA:

> I have no interest in any PII, commercially or otherwise. As my private email published by Ruby Central demonstrates, my entire proposal was based solely on company-level information, with no information about individuals included in any way.

Here Andre is downplaying his ask of the logs. Even if Andre didn't get them, the logs were desired. Had Ruby Central acquiesced the logs would've been parsed and sold. Might not be an issue for you but I am frankly not interested in having any data shared or sold like this.

mbStavola commented on The RubyGems "Security Incident"   andre.arko.net/2025/10/09... · Posted by u/semiquaver
mbStavola · 2 months ago
One of the primary justifications given for the takeover was to secure the gems service and offer trustworthy stewardship. Reading this, I don't really get the sense that the new maintainers are really prepared to deliver on either.

That said, I really don't like the hand waving of the HTTP log thing in this post. Yeah sure, company names aren't as sensitive/radioactive as an SSN or an email, but selling usage data isn't exactly a noble endeavor.

I don't think anyone comes out of this looking good. Some are worse than others, sure, but this is just a mess from top to bottom.

Posted by u/mbStavola 2 months ago
Gem.coopgem.coop/...
mbStavola commented on Bad Apple but it's played inside Super Mario Bros   tasvideos.org/8991S... · Posted by u/carlesfe
mbStavola · 3 months ago
I thought the audio was just overlayed on top, but it was streamed in via the controller. It sounds AMAZING, incredibly even on the console!
mbStavola commented on Scientists say X has lost its professional edge and Bluesky is taking its place   psypost.org/scientists-sa... · Posted by u/CharlesW
lollobomb · 3 months ago
Because Threads is Meta's attempt at bullshitting Mastodon users in welcoming a wolf among the herd. Search for "Fedipact": Meta is de facto cut off from many Mastodon instances.
mbStavola · 3 months ago
Except the largest Mastodon instance, mastodon.social, does federate with Threads. I'm not even sure if the list you provided even covers most of the top instances either.

It really feels like an "eating your cake and having it too" kinda situation: you get the engagement and interaction with millions of Threads users but you don't have to count them in your decentralization metrics.

mbStavola commented on Scientists say X has lost its professional edge and Bluesky is taking its place   psypost.org/scientists-sa... · Posted by u/CharlesW
fishgoesblub · 3 months ago
If only Bluesky could be as decentralised as the Fediverse [0] Trading one corporate overlord for another is not the smartest play.

[0] https://arewedecentralizedyet.online/

mbStavola · 3 months ago
I wonder why the Fediverse metrics don't count Threads, the single largest AP instance by several orders of magnitude?
mbStavola commented on Baldur's Gate 3 Steam Deck – Native Version   larian.com/support/faqs/s... · Posted by u/_JamesA_
whatevaa · 3 months ago
No offense, but some people requirements are really, really low. I played God of War on Steam Deck and it was not a good experience, it was at the bottom of 'okay', and only because at that moment I wasn't at home to play on better hardware.

This is the reason why I don't believe when people say that it runs great without trying it myself.

mbStavola · 3 months ago
> No offense, but some people requirements are really, really low.

I think you kinda hit the nail on the head, but I believe there is an extra dimension to this: desire.

For BG3, it looked fun and I had good memories of BG2 so I was interested in playing it. After tuning the settings a bunch and not being able to get a consistent framerate / not have micro-freezing, I just said "oh well, I'll play it on some other platform in the future." I cared about BG3, but not that much.

This is in contrast to Elden Ring Nightreign, which also had issues. I was able to get it to a somewhat stable 30FPS and celebrated that success before dumping 100+ hours into the game. Why? Well, because I love FromSoft games! I really really really wanted to play the game and was willing to put up with a somewhat subpar experience in order to get it. BG3, among other games, is just not that exciting for me personally so my tolerance of technical hitches is very different.

... which brings us right back to this native release. Hopefully the improvements we see are enough to get me over that "hill" and actually enjoying the game. I have the update queued on my deck now so I can try it out after work.

m

u/mbStavola

KarmaCake day1457May 14, 2020View Original