Nice steampunk, even if half the physics make no sense whatsoever (like, the blight being heavier than air yet it flowing up from the ground, and everyone living underground).
A very tender book. I like that it doesn't try to explain the peculiar nature of the main character. I'll have my kid read it when he's 12 or so.
It was around the time "The Blair Witch Project" was a thing so it must have been in 1999 or 2000, that when I was reading Roger Ebert's "Movie Answer Man" column, I thought, hey, I may have something to say about this.
I emailed him about how the "found footage" genre was old, citing 1980's Cannibal Holocaust, and even going back to Edgar Allan Poe's "Arthur Gordon Pym" which is (of course) a found manuscript. We exchanged a few emails, he was always thoughtful, polite, willing to have a nice conversation. He eventually asked about what was the best possible time to visit Buenos Aires, I said spring or fall, suggested that he may be interested in attending BAFICI, and eventually it petered out.
So, not much as anecdotes go, but it made me realize I had been reading his reviews and articles (and later his blog and his twitter feed) for over 15 years.
I remember seeing him do a cameo in a lame TV show (the one with the guy that has a magical dog that brings him tomorrow's newspaper or something), and thinking, hey, I know that guy, sort of.
Now that he's dead, it seems he was, for everyone, the same he was for me, gracious, friendly, interesting.
He was the kind of guy who wrote reviews for Deep Throat and co-authored a Russ Meyer movie, and was always ready to say that a movie was crap yet good crap because there are degrees of crap, and you have to take crap in its own terms.
I'll miss the guy.
Earlier I mentioned a hack I use when I need to get a clean browser quick. Here it is again:
rm -f ~/.config/ralsina/devicenzo.conf curl https://devicenzo.googlecode.com/svn/trunk/devicenzo.py | python
Since that got posted on reddit (no, not linking it), it triggered "interesting" arguments. Basically many were shocked (shocked) about running arbitrary internet code locally in this manner. It's insecure. While I am by no means a security expert, at least I know I am ignorant.
Let's examine that insecurity claim a little, in the context of what I was proposing. I am trying to tell people "here's a small web browser that requires no setup and since it's not your main browser, you can nuke it and reset its state easily before running it, like this".
So, what's wrong with doing it that way, according to the commenters:
- It's insecure because you can't see the code before running it because it's piped.
Well, that makes it exactly as insecure as every unsigned binary you ever downloaded. Or, let's be honest, every shell script, python script, perl script etc you have ever downloaded. Or you audit them?
Who exactly is being prevented from auditing it by having it presented this way? Is the intersection of "people who can audit this script" and "pople who don't understand pipes" not empty?
For those who can audit, this makes no difference. For those who can't audit, this makes no difference.
- It would be better if I provided a hash of the file to know it's not tampered
And how would you know the hash is not tampered? Wat you want, really is a digital signature of the script.
If you trust google (and usually, people do), then you know that:
The script was uploaded by me (check the history of the file)
The script has not been tampered from the repo (since it's a secure connection and yes, there is a hash of the revision)
If you don't trust google, then you don't know who uploaded it, and if you don't trust me, you don't care who uploaded it, even if it's signed (because it's signed by someone you don't trust).
- How does the user know it's not malware?
He doesn't. Life is like that.
- Why should the user trust you?
He shouldn't. OTOH, were he so inclined, he can check who wrote it, and that I am a real person, with a long history of sharing code online and no claims of ever pushing malware.
- This is more insecure because it downloads on every run
You don't need to run malware more than once, anyway. So, not much of a difference.
- This propagates bad habits
So does Dunkin' Donuts, and noone posts about it at reddit. But in any case, sure, it's a bad habit. Big deal.
So, is it secure? Hell no! Is it significantly less secure than installing a random PPA you see mentioned in a forum? Maybe slightly. Is it less secure than running random unsigned binaries? Hell no. Is it less secure than downloading and running it? No. Is it less secure than building a random thing from source? Hell no.
But is it less secure than the other realistic ways in which I can give you a 100+ line chunk of python code that works as a web browser? I don't think so.
In the context of "here's the code for it, it can do this", this is not significantly insecure. It's more or less as insecure as the alternatives. With the advantage that, if you want, you can audit it. It's 128 lines of code (assuming you trust Qt and PyQt and Python, etc)