It's a shame that (if I remember correctly from the video?) the bug that allows this is restricted to single-player; if not, I suppose it'd be possible to start the "outer" map as a network game, and then use the second instance of the game to join the outer instance over the network (including the possibility to walk around and find the original player character).
There can be a good intellectual challenge in refactoring code like that to be both efficient and readable (although at some extremes, and depending on the programming language, perhaps there'll be conflict between those two goals).
All the better if that refactoring is in a FOSS application/library to save other people the repeat effort (and potentially gather further improvements).
Odd but serious question: could there be ways to distribute versioned software that doesn't require management of developer accounts (and the associated time-and-effort costs related to account takeovers)?
Not if the goal is to avoid vetting each new version as if it were a completely new dependency. The whole reason for the current system, and the very idea of new versions of "the same software", is that we want to be able to rely on the reputation of a project to make certain decisions. For example, we trust Linux 5.11.1 to be non-malicious and to be mostly stable etc largely on the reputation of the Linux project. We don't go around vetting the code of such s project except in efemer specific niches.
If we don't trust the provenance of the code we're getting though, that reputation becomes irrelevant. As such, this is a problem of identity assurances and access management, it can't be solved otherwise.
Ok: you've provided two requirements that I agree with:
- It should be possible to compare between two releases (I'd personally like to see a code diff, ideally with a complete path of the commits involved)
- Providing a reputation visibility mechanism (for publishers? author(s)?) across a series of releases is important
Those don't require user accounts necessarily, though. And responding to the end of your message: identity assurances, yep, those seem necessary; access management, I'm not so sure.
Access management is required to have identity assurances. If there's no way to ensure someone's identity is secure, how do we know it's them in the first place?
That's a very good point regarding operational cost of handling account takeovers.
I'm not sure I have much useful commentary to add, but it does occur to me that a sufficiently-sized pool of software users could inspect changes (either at individual-commit-time and/or at tagged-release-time) regardless of whether each changeset is by the same author or in fact a different person every time.
Choosing to use FOSS software to build products/services has always involved an element of caveat emptor, and even with the best of intentions, mistakes and errors are introduced sometimes, as they can be into any commercial software.
The technology industry (as the typical consumer of FOSS) generally understands that and introduces appropriate measures (dependency reviews, hiring developers with relevant experience, requesting professional security audits, keeping backups, ...).
Despite all those (sometimes expensive) measures, industry continues to develop (and indeed thrive) using FOSS, implying the trade-off is worthwhile. My guess is that it is in fact massively worthwhile, especially when comparing the technology economics of today with years and decades past.
Therefore I think it's reasonable to ask questions any time that barriers are raised -- however small -- on the production-side of FOSS. That's not where the bulk of the revenues are accruing.
(I also have a vague sense that 2FA could later be misused as an attempt to strongly-attribute blame, which again feels potentially unfair/unbalanced. if your business risk is high when upgrading packages, then you should review those updates more carefully and keep a record of the financial efforts and rewards)
Offering an opinion: the tech industry is invested in the success of PyPI -- perhaps not always in a literal monetary sense, you're right, but certainly in an ecosystem sense.
Trying to ignore any hype, lofty sci-fi ideas, or potential philosophical questions for a moment: roughly speaking, it sounds like this is a search engine, for use in a neat and thought-provoking use case.
There's an architecture diagram[1] alongside the source code, and my summary would be:
- The system has in-house web indexes built from Common Crawl[2] data
- The system receives snippets of text from Wikipedia and determines whether existing citations exist and whether they are valid
- If no valid citation exists, then the system performs queries against the indexes to find relevant URLs
It'd be interesting to learn how this approach fares compared to pasting the relevant paragraphs of text into search engines and excluding site:wikipedia.org from the results.
Something about feedback loops and data quality makes me wary that too much application of automated systems like this would lead to a degradation of content quality (each updated copy an imperfect translation or reference to an existing one).
Related to this, there's a really good talk by the founder of lichess that includes an overview of the cheating problem, and the techniques they use to detect and manage it.
I think I'd prefer a code review discussion where the file being modified is a CSV file listing everyone in the organization's roles, seniority levels, and compensation, and where anyone in the company (and perhaps at a later date, outsiders) can comment on and view the discussion and file history -- both while the promotion review is in progress and after the fact.
(perhaps the inputs to the promotion suggestion could be from a documented and equally-open algorithm; I still think it'd be nice to have the results reviewed and discussed (openly, by humans) before they take effect so that potential unfairness -- either in the levelling, or in the algorithm -- could be addressed)
'''
In parliamentary procedure, the verb to table has the opposite meaning in the United States to the rest of the world:
- In the United States, to "table" usually means to postpone or suspend consideration of a pending motion.
- In the rest of the English-speaking world, to "table" means to begin consideration (or reconsideration) of a proposal.
'''
[1] - https://en.wikipedia.org/wiki/Table_(parliamentary_procedure...