They waste billions on fraudulent claims because they don't fund the program well enough to have compliance enforcement or auditing.
Also, I'm not going to trust a podcast owned and operated by Stacey Richter, who also just so happens to be the co-president of Aventria Health Group and QC-Health.
> They waste billions on fraudulent claims because they don't fund the program well enough to have compliance enforcement or auditing.
These are synonyms for having higher overhead, right? If you pay a billion dollars in claims with ten million dollars in administrative costs then your "administrative overhead" is 1%, even if half the claims are fraud. If you increase "administrative costs" to a hundred million to get rid of the fraud, in practice you just saved 410 million dollars but now your "administrative overhead" is up to 20%.
There's another reason. The harder you make it for a provider to get reimbursed for a service (in order to cut down on fraud), the more difficult it is for legitimate patients to access that service. Medicare patients are elderly. Many of them aren't able to chase after doctors to get the services they need.
Eh, this escaping problem was basically solved ages ago.
If we really wanted to make a UTF-8 data interchange format that needs minimal escaping, we already have ␜ (FS File Separator U+001C), ␝ (GS Group Separator U+001D), ␞ (RS Row Separator U+001E), ␟ (US Unit Separator U+001F). The problem is that they suck to type out so they suck for character based interchange. But we could add them to that emoji keyboard widget on modern OSs that usually gets bound to <Meta> + <.>.
But if we put those someplace people could easily type them, that resolved the problem.
But, binary data? Eh, that really should be transmitted as binary data and not as data encoded in a character format. Like not only not using Base64, but also not using a character representation of a byte stream like "0x89504E470D0A1A0A...". Instead you should send a byte stream as a separate file.
So we need a way to combine a bunch of files into a streaming, compressed format.
And the thing is, we already have that format. It's .tar.lz4!
Row separator is great, until you find that someone has put one in a data field. Like your comment. It just moves the problem (control and data mixed together) to a less-used control character.
I've said it before, but I maintain that XML has only two real problems:
1. Attributes should not exist. They make the document suddenly have two dimensions instead of one, which significantly increases complexity. Anything that could be an attribute should actually be a child element.
2. There should be one close tag: `</>` which closes the last element, which burns a significant amount of space with useless syntax. Other than that and the self-closing `<tag />` (which itself is less useful without attributes) there isn't much that you need. Maybe a document close tag like `<///>`
You'll notice that, yes, JSON solves both of those things. That's a part of why it's so popular. The other is just that a lot more effort was put into maximizing the performance of JavaScript than shredding XML, and XSLT, the intended solution to this problem, is infamous at this point.
The problem of comments is kind of a non-issue in practice, IMO. You can just add a `"_COMMENT"` element or similar. Sure, yes, it will get parsed. But you shouldn't have that many comments that it will cause a genuine performance issue.
However, JSON still has two problems:
1. Schema support. You can't validate that a file before de-serializing it in your application. JSON Schema does exist, but it's support is still thin, IMX.
2. Many serializers are pretty bad with tabular data, and nearly all of them are bad with tabular data by default. So sometimes it's a data serialization format that's bad at serializing bulk data. Yeah, XML is worse at this. Yeah, you can use the `"colNames": ["id", ...], "rows": [ [1,...],[2,...] ]` method or go columnar with `"id": [1,2,...], "name": [...], "createDate": [...]`, but you had better be sure both ends can support that format.
In both cases, it seems like there is an attempt to resolve both of those issues. OpenAPI 3.1 has JSON schema included in it. The most popular JSON parsers seem to be adding tabular data support. I guess we'll see.
XML is a Markup Language. The text is what is being marked up, and the attributes are how to mark it up. Try writing the equivalent of <font family="Arial">Hello world</font> without attributes. I'll wait.
Using XML as a structured data interchange format is abuse. Of course the square peg doesn't fit in the round hole. You propose filing off the corners of the square, making it an octagon, so it will fit the round hole better.
While XML/XHTML aren't spec'ed/evolved to support your fun font sans attribute challenge, certainly modern html does ...
<p>
<style>
@scope { font-family: "Arial" ; }
</style>
Prospero: Where in the world is my teapot? Hello? I'm waiting!
</p>
I know one could argue that that css rule property is essentially an attribute, but it illustrates, like XML plists[1], that one can define the tags arbitrarily to have their content be meta upon sibling/nested content, subsuming attributes' role.
To wit, it seems to me a style issue.
[1] Apple has long used XML plists for data ~ interchange or even archival storage such as .webarchive (ie just a plist flavor). Of course they soon added a simple binary version to compress out some redundancy and encoding waste.
They used an XML nested tag approach, not attributes. Maybe not well rounded pegs and holes but it has worked for them on a large scale over a long time.
1. I think attributes absolutely should exist. They're great for describing metadata related to the tag: e.g. element ID, language, datatype, source annotation, namespacing. They add little in complexity.
2. The point of a close tag with a name is to make it unambiguous what it's trying to close off.
It sounds to me like what you want is not a better XML, but just s-exprs. Which is fine, but not quite solving the same problem.
3. As far as schema support, it seems to me that JSON Schema is well-established and perfectly cromulent – so much so that YAML authors are trying to use it to validate their stuff (the poor bastards) – and XML schema validation, while robust, is a complex and fragmented landscape around DTD, XSD, RELAX-NG, and Schematron. So although XML might have the edge, it's a more nuanced picture than XML proponents are claiming.
4. As far as tabular data, neither XML nor JSON were built for efficient tabular data representation, so it shouldn't be a surprise that they're clunky at this. Use the right tool for the job.
> 1. I think attributes absolutely should exist. They're great for describing metadata related to the tag: e.g. element ID, language, datatype, source annotation, namespacing. They add little in complexity.
No, they're barely adequate for those purposes. And you could (and if you have a XSD you probably should) still replace them with elements. If you argue that you can't, then you're arguing that JSON does not function. You can just inline metadata along side data. That works just fine. That's the thing about metadata. It's data!
You don't need attributes. Having worked in information systems for 25 years now, they are the most heavily, heavily, heavily misused feature of XML and they are essentially always wrong.
Well, now you're a bit stuck. You can make the XSD look at basic data types, and that's it. You can never use complex types. You can never use multiple values if you need it, or if you do you'll have to make your attribute a delimited string. You can never use complex types. You can't use order. You're limiting your ability to extend or advance things.
That's the problem with XML. It's so flexible it lets developers be stupid, while also claiming strictness and correctness as goals.
> 2. The point of a close tag with a name is to make it unambiguous what it's trying to close off.
Sure, but the fact that closing tags in the proper order is is mandatory, you're not actually including anything at all. The only thing you're doing is introducing trivial syntax errors.
Because the truth is that this is 100% unambiguous in XML because the rules changed:
The reason SGML had a problem with the generic close tag was because SGML didn't require a closing tag at all. That was a problem It didn't have `<tag />`. It let you say `<tag1><tag2>...</tag1>` or `<tag1><tag2>...</>`.
Named closing tags had more of a point when we were actually writing XML by hand and didn't have text editors that could find the open and close tags for you, but that is solved. And now we have syntax highlighting and hierarchical code folding on any text editor, nevermind dedicated XML editors.
> 3. As far as schema support, it seems to me that JSON Schema is well-established and perfectly cromulent
Then my guess is that you have worked exclusively in the tech industry for customers that are also exclusively in the tech industry. If you have worked in any other business with any other group of organizations, you would know that the rest of the world is absolute chaos. I think I've seen 3 examples of a published JSON Schema, and hundreds that do not.
> 4. As far as tabular data, neither XML nor JSON were built for efficient tabular data representation, so it shouldn't be a surprise that they're clunky at this. Use the right tool for the job.
No, I think you're looking at what the format was intended to do 25 years ago and trying to claim that that should not be extended or improved ever. You're ignoring what it's actually being used for.
Unless you're going to make data queries return large tabular data sets to the user interface as more or less SQLite or DuckDB databases so the browser can freely manipulate them for the user... you're kind of stuck with XML or JSON or CSV. All of which suck for different reasons.
1. I don't disagree that attributes have been abused – so have elements – but you yourself identified the right way to use them. Yes, you can inline attributes, but that also leads to a document that's harder to use in some cases. So long as you use them judiciously, it's fine. In actual text markup cases, they're indispensable, as HTML illustrates.
2. As far as JSON Schema, you're wrong on all acounts – wrong that I haven't seen Some Stuff, wrong that JSON schema doesn't get used (see Swagger/OpenAPI), and wrong that XML Schema doesn't also get underitilized when a group of developers get lackadaisical.
3. As far as what historical use has been, I'm less interested in exhuming historical practice than simply observing which of the many use cases over the last 20 years worked well (and still work) and which didn't. The answer isn't that none of them worked, and it certainly isn't that XML users had a better bead on how to use it 20 years ago – it went through a massive hype curve just like a lot of techs do.
4. Regarding tabular data exchange, I stand by my statement. Use XML or JSON if you must, and sometimes you must, but there are better tools for the job.
Hard disagree about attributes, each tag should be a complete object and attributes describe the object.
<myobject foo="bar"/>
// means roughly
new MyObject(foo="bar")
But objects can also be containers and that's what nesting is for. There shouldn't ever be two dimensions in the way you're describing. The pattern of
<myobject>
<foo>bar</foo>
</myobject>
is the root of most XML evil. Now you have to know if myobject is a container or a franken-object with a strict sub-schema in order to parse it. The biggest win of JSON is that .loads/.dump make it really obvious that it's for serializing complete objects where a lot of tooling surrounding XML makes you poke at the document tree.
Attributes exist due to it's origin as a markup language. XML is actually (big surprise) a pretty good markup language. Where the tags are sort of like function calls and the attributes are args. With little to no information to be gleaned out of the text. The big sin was to say "hey the tooling is getting pretty good for for these sgml like markup languages. Lets use it as a structured data interchange format. It's almost the same thing". Now all the data is in the text and the attributes are not just superfluous but actively harmful as there is a weird extra data axis that people will aggressively use.
> In closed-source software development, the programmers are often spending a lot of time dealing with and creating bug reports, as well as handling feature requests. This time is spent on creating and prioritizing further development plans. This leads to part of the development team spending a lot of time on these issues, and not on the actual development.
So, in closed source you work on bug reports and feature requests. In open source you work on development. But it's the closed source people working on building a cathedral.
I understand what they're driving at, but this is still the stupidest description of the analogy that I've ever seen.
Yeah, it's like trying to use an ORM to find data in the database that's invalid due to a bug. You can't see things in the system that break the premises of the system by using the system, and the fact that some things are "supposed to be impossible" doesn't change the reality of what's actually occurring in the data store.
So customer support needs to know how the systems works and need to understand what the data means, but also has to know when the system is factually incorrect. Customer support has to know when the second party is speaking the truth.
Are you going writing your own programming language as well? Can we call it Tolkien? Because you're making a game like J.R.R. Tolkien wrote books, and there's a reason nobody writes books the way he wrote his.
Writing your own engine is great if you want to learn how to write a game engine. Knowing how to make a game engine can be helpful when making a game, but it's not necessary to make a game. Further, if you want to learn how to make a game, it might be more worth your time to simply use an engine that already does all the things you need. That way your time and energy can be focused on making the game, which is what your goal is.
Being condescending or dismissive of tools that do everything your tools you're going out of your way to construct will have to do is... weird logic. Because the same argument goes all the way down. Why wouldn't you make your own text editor? Why wouldn't you make your own compiler? Why wouldn't you make your own kernel? Why wouldn't you make your own architecture? "If you wish to make a pie from scratch, you must first invent the universe."
The answer is: because we're human beings with limited lifespans. We must stand on the shoulders of giants to see further.
One person wrote books like JRR Tolkien. His name was JRR Tolkien, and those books are widely celebrated by millions of people as classics.
I don’t have any issue with people using an engine like Godot or Unity or RPG Maker or Unreal or anything else, but I do think that there can be value in “owning the entire stack” of a project, even if that means “reinventing the wheel”.
When I do a project involving HTTP, I could reach for Rails or something, it’s a valid enough and I certainly have done that plenty of times, but I often will work with a lower level protocol. Depending on the language I will use a more simple HTTP server thing like Axum with Rust, and other times I will go full epoll/Selector with a raw socket.
I do this for a variety of reasons, but the main one is that I can build my own framework that works in a way that I think and I don’t pull in a bunch of extra crap I don’t need. I can optimize the “hot paths” of my particular project without worrying about a one-size-fits-all you get for generic frameworks, I don’t have to worry as much about leaky abstractions, and I am intimately familiar with a much larger percentage of the codebase.
Tolkien was exceptional and dedicated his entire life to it. 99.99+% of all people do not possess such a combination of talent and focus and therefore end up having to use “shortcuts”.
> and there's a reason nobody writes books the way he wrote his
And there's a reason nobody came even close to his grandiose.
> Being condescending or dismissive of tools that do everything your tools you're going out of your way to construct will have to do is... weird logic.
They've merely pointed out that there's nothing wrong with reinventing tools, you're the one attacking them.
It sounds like you don't like programming. I am in the process of writing my own language/IDE/compiler on the side of making games, and have already written a dialect of C# with a compiler that transpiles it to legal C# for use in the meantime. I would, in fact, love to write my own OS if not for the fact that proprietary hardware vendors make it virtually impossible for anybody to create a new OS that runs on consumer hardware in the year 2026. If you gave me a trillion dollars with which to build a CPU factory, I'd jump at the chance to learn that too.
People who don't like programming, who wish to abstract it all away and "stand on the shoulders of giants"[1] without understanding anything about the giants, seem to view low-level code as a bogeyman. It doesn't take a lifetime to understand. To the contrary, I would argue that low-level code is easier to work with than working only with high-level code, because you can reason about it. The more you rely on abstractions you don't understand, the more impossible it becomes to effectively reason about anything, because your reasoning is glossing over the details that make things work. But reasoning about primitives, and the things built out of those primitives that you understand, is not actually nearly as hard as the people who just want to plop Javascript libraries together and stop thinking about it would believe.
In particular, when it comes to games, especially 2D games (which are what Godot and MonoGame are typically used for), it's really not that hard. Windows has an API for doing X, Y and Z with graphics. Linux has an API for doing X, Y, and Z for graphics. You write a wrapper that your game code calls that passes through calls to each of those APIs with an #if statement filtering for which OS you're running on. Rinse and repeat the other set of platforms, with a bit of extra finangling for API limitations on web and phone OSes. Rinse and repeat for audio, input, and font handling. It took less than a month of work for me to get a polished cross-platform system working on five platforms. Not because I'm a genius, but because it's seriously just not hard. There are a thousand tutorials and books you could pick from that will give you a rundown of exactly how to do it.
Then, for example, writing your own rudimentary 2D GUI map editor can literally be done in a day. Presumably you know how to code a main menu. Add an option to the main menu that changes the gamestate to State.MapEditor when selected. Set a keybind on this state where your arrow keys increment or decrement X/Y coordinates, a keybind to place tiles/objects, a keybind to cycle which object ID is selected, and a keybind that calls a function which serializes your map state to text and saves it to a file. A little bit more work for a moving camera viewport, but it's not that hard. Want more features, polish it more. When you fully understand the primitives your system is built with, adding new features can be done quickly and easily, because it's so easy to reason about compared to reasoning about code you've never read built with primitives you don't understand.
3D does up the difficulty level, but it's by no means unachievable, either. The content creator Tsoding is currently doing a semi-weekly challenge to build his own 3D game engine from scratch on video, and he's making great progress despite not spending that much time on it, a side project that gets a few hours a week.
The end result of all this is a codebase that is more performant, lightweight, easy to read, and very easy to extend. I think developing your own engine can actually save time in the long run (if you're willing to forego the instant gratification), because it's so easy to fix bugs and add new features when you have a complete mental map of your codebase and the primitives used to construct it. For example, I have a friend who used Godot to develop a game, and they've been plagued for months with a low percentage chance of fatal crashes on a boss that they are completely unable to identify and fix, and it's because they don't have a mental map of the engine code. It's simply not even possible for them to reason about what in the engine could be going wrong because they don't even know what the engine is actually doing.
[1] Another metaphor that is grossly mis-invoked, in my view. Do you think Isaac Newton did not understand the work of those that came before him? The great thing about giants is that by doing the hard work of exploring new concepts, they make it easier for everyone who comes after them to learn them. I think it's a bit intellectually lazy to put off the work of giants as something that should not, or even can not, be learned.
[2] "like J.R.R. Tolkien wrote books, and there's a reason nobody writes books the way he wrote his." It's a real shame more people don't, considering there has never been a fantasy work rivalling his in the nearly century since.
It sounds like you're talking about making an equivalent of Super Mario from the 80s, but modern games are in fact much more complex.
And no, just because people in the 80s enjoyed Super Mario doesn't mean it's the pinnacle of game design, and that there's no need to create anything more complex.
> It took less than a month of work for me to get a polished cross-platform system working on five platforms.
You simply don't know where the bugs and performance pitfalls are because you haven't encountered them, yet. That is especially true regarding consoles with their custom hardware and mobile devices with their abundance of cheap, often not well engineered hardware and sketchy drivers.
"Modern games" span a wide range of things. I develop solely 2D games, because I prefer 2D games over 3D games. I think that even today 2D games are more enjoyable than 3D games. That doesn't mean Super Mario Bros. That can mean Europa Universalis IV, it can mean Stardew Valley, it can mean Magic the Gathering Online, it can mean Hollow Knight, it can mean Slay the Spire, it can mean a huge variety of interesting and engaging games, none of which require 3D graphics. 2D games can be as complex as you'd like them to be, far more complex in game logic than a 3D shooter even. The more complex you'd like them to be, the easier it gets to implement them if you understand the primitives you're implementing them with. Imagine trying to optimize your data structures when you don't even know what an int32 is? There are real game developers in the world who don't know even that much. It is a great thing that off-the-shelf game engines provide a level of accessibility to allow anyone to develop games, but they do not represent the pinnacle of what can be achieved in software engineering. They are the exact opposite of it, in fact.
> You simply don't know where the bugs and performance pitfalls are because you haven't encountered them, yet.
What is your point? I profile my games and have detailed logging systems. If I or my users run into performance issues, I address them as I come across them. Understanding my codebase at a low level makes it significantly easier to dig into problems and investigate underlying root causes than anyone on Unity will ever be able to. If you use Unity, you are putting your complete faith that Unity has perfectly optimized X low-level problem away at the engine level. If they haven't, and you run into that issue in your game, you are completely fucked. I love being solely responsible for the defects in my games. That means I can fix them myself. The worst thing in the world in software development is when somebody else's fuck-up becomes your problem, and you can't fix it, so you have to implement some hacky workaround, if you can even figure out why the closed-source engine code you didn't write and can't read is behaving incorrectly to work around it in the first place. Sometimes that still happens anyways -- our hardware-OS stacks are built with tens or hundreds of millions of line of dogshit code, and you can't get around it if you want to create software for platforms people use, but you can at least remove as many dependencies on bad code you have no understanding of as possible.
You're already too late at that point, and you probably lost some players, that wanted to try your game and maybe would've even liked it.
And I'm not talking about gameplay logic bugs - I'm talking about issues caused by bad drivers or by not having intimate knowledge about the hardware.
> If you use Unity, you are putting your complete faith that Unity has perfectly optimized X low-level problem away at the engine level
Most major engines allow to bypass high-level abstractions either through scripts that access low-level systems (Unity) or by directly letting people modify the source code (Unreal Engine, Godot).
> I love being solely responsible for the defects in my games.
> by directly letting people modify the source code (Unreal Engine, Godot).
Unreal is not open source, and while Godot is, I would wager 90% of its users never even look at the source code. It very specifically attracts people who want an easy way to make games without prior expertise.
> Players do not care about that.
Users don't care about much when it comes to software quality, honestly. They accept 20 FPS, slow loading, bug-riddled games that consume +20gb ram and +100gb more disk space than necessary. They may complain about a game if it gets bad enough, but they still buy and play those games. My games are significantly more optimized than most. They aren't perfect, but they don't need to be. They don't even need to be as optimized as I have made them, it's mostly just a point of pride and making the kind of software I want to see in the world. I think the only way you lose a player on technical points is if they literally cannot boot your game, but those issues plague engine games too. I had driver issues myself crashing on boot with an UE5 game two weeks ago.
There's also a hot spot problem with databases. That's the performance problem with autoincrement integers. If you are always writing to the same page on disk, then every write has to lock the same page.
Uuidv7 is a trade off between a messy b-tree (page splits) and a write page hot spot (latch contention). It's always on the right side of the b-tree, but it's spread out more to avoid hot spots.
That still doesn't mean you should always use v7. It does reversibly encode a timestamp, and it could be used to determine the rate that ids are generated (analogous to the German tank problem). If the uuidv7 is monotonic, then it's worse for this issue.
It's the same reason we use UTF-8. It's well supported. UUIDs are well supported by most languages and storage systems. You don't have to worry about endianness or serialization. It's not a thing you have to think about. It's already been solved and optimized.
Now generate your random ID. Did you use a CSPRNG, or were your devs lazy and just used a PRNG? Are you doing that every time you're generating one of these IDs in any system that might need to communicate with your API? Or maybe they just generated one random number, and now they're adding 1 every time.
Now transfer it over a wire. Are you sure the way you're serializing it is how the remote system will deserialize it? Maybe you should use a string representation, since character transmission is a solved problem with UTF-8. OK, so who decides what that canonical representation is? How do we make it recognizable as an ID without looking like something that people should do arithmetic with?
None of these are rocket-science problems, they're just standardization issues. You build a library with your generate_id/serialize_id/deserialize_id functions that work with a wrapper type, and tell your devs to use that library. UUID libraries are exactly that, except backed by an RFC.
Of course they're not rocket science. But, the question here is, "Why don't you use random 16 bytes instead of a UUIDv4?" It's not a question about rocket science. The answer is still, "Because UUIDv4 is still a better way to do it." The UUID standard solves the second and third tier problems and knock-on effects you don't think about until you've run a system for awhile, or until you start adding multiple information systems that need to interact with the same data.
But, using UUIDv4 shouldn't be rocket science, either. UUID support should be built in to a language intended for web applications, database applications, or business applications. That's why you're using Go or C# instead of C. And Go is somewhat focused on micro-service architectures. It's going to need to serialize and deserialize objects regularly.
> Now generate your random ID. Did you use a CSPRNG, or were your devs lazy and just used a PRNG?
There's nothing about UUIDs that need to make them cryptographically secure. Many programming language libraries don't (and some explicitly recommend against using them if you need cryptographically strong randomness).
Not for security but to make sure you don't accidentally reuse the same seed. I've done that before when the PRNG seed was the time the application started and it turns out you can run multiple instances at the same time.
128 random bits in some random format aren't a uuid. 0.2ml of water isn't a raindrop. If I say "you can provide me with a uuid" and you give me a base64-encoded string, it's getting rejected by validation. If I say "this text needs to be a Unicode string" and you give me a base64-encoded Unicode string's byte array, it's not going to go well.
Why are you implying that converting from base64 to and from standard UUID representation (hyphen-delimited hexadecimal) is more than a trivial operation? Either client or server can do this at any point.
Does Postgres not truly support UUID because it internally represents it as 128 bits instead of a huge number of encoded bytes in the standard representation? Of course not.
Ah, here we are. If it's just bytes, why store it as a string? Sixteen bytes is just a 128-bit integer, don't waste the space. So now the DB needs to know how to convert your string back to an integer. And back to a string when you ask for it.
"Well why not just keep it as an integer?"
Sure, in which base? With leading zeroes as padding?
But now you also need to handle this in JavaScript, where you have to know to deserialize it to a Bigint or Buffer (or Uint8Array).
UUIDs just mean you don't need to do any of this crap yourself. It's already there and it already works. Everything everywhere speaks the same UUIDs.
You have to generate random bytes with sufficient entropy to avoid collisions and you have to have a consistent way to serialize it to a string. There's already a standard for this, it's called UUID.
It’s really not that complicated a problem. Don’t worry, you’ll certainly be able to solve all the problems yourself as you encounter them. What you end up with will be functionally equivalent to a proper UUID and will only have cost you man-months of pain, but then you will be able to truly understand the benefit of not spending your effort on easy problems that someone solved before you.
It's not a huge problem. Uuid adds convenience over reinventing that wheel everywhere. And some of those wheels would use the wrong random or hash or encoding.
Yeah, I thought it was a strange comment, too. v7 is great when you explicitly need monotonicity, but encoded timestamps can expose information about your system. v4 is still very valid.
While the uuid package is actively maintained, it hasn't had a release since 2024. Indeed, there's an open issue from June 2025 asking about it: https://github.com/google/uuid/issues/194
I’m not sure of the state of that particular library, but yes, the RFC has changed significantly. For instance, the UUIDv7 format changed from the earlier draft RFC resulting in incompatibilities.
This is an example of an unmaintained UUID library in a similar situation that is currently causing incompatibilities because they implemented the draft spec. and didn’t update when the RFC changed:
Any Python developer using the uuid7 library is getting something that is incompatible with the UUIDv7 specification and other UUIDv7 implementations as a result. Developers who use the stdlib uuid package in Python 3.14+ and uuid7 as a fallback in older versions are getting different, incompatible behaviour depending upon which version of Python they are running.
This can manifest itself as a developer using UUIDv7 for its time-ordered property, deploying with Python <=3.13, upgrading to Python 3.14+ and discovering that all their data created with Python 3.13 sorts incorrectly when mixed with data created with Python 3.14+.
A UUID library that is not receiving updates is quite possibly badly broken and definitely warrants suspicion and closer inspection.
The problem is not that it is a draft RFC, the problem is that the library is unmaintained with an unresponsive developer who is squatting the uuid7 package name. It’s the top hit for Python developers who want to use UUIDv7 for Python 3.13 and below.
Your point is completely invalidated by useless name calling. The people behind cargo are clearly accomplished and serious individuals, and even if you disagree with some of the choices, calling them bozos makes your whole argument unconvincing.
RFC changes aside, the go community has been bit by unmaintained UUID libraries with security issues. Consider https://github.com/satori/go.uuid/issues/123 as a popular example.
The open issue in Google's repo about the package being malicious is not a good look. The community concluded it's a false positive. If the repo was maintained they'd confirm this and close the issue.
Maintaince is much more than RFC compliance, although the project hasn't met that bar either.
If the library just existed as a correct implementation of the RFC without bugs or significant missing features, that would be one thing. But leaving features and bug fixes already committed to the repository unreleased for years because the maintainer hasn't cut a new release since 2024 is a bad sign.
Also, I'm not going to trust a podcast owned and operated by Stacey Richter, who also just so happens to be the co-president of Aventria Health Group and QC-Health.
reply