ExLisper

I tried using a public charger yesterday and my experience was dreadful, again. I live in Spain and the model used here is simply put idiotic. I couldn't come up with a worse one if I tried. This post is part rant, part warning, part call to action.

So quickly, what happened yesterday: I stopped at a nearby charger, according to the app it supports authentication using RFID card. I scanned my card but got authorization error. Ok, I opened the app, found the charger in it, got an error in the app and wasn't even able to select it. Fuck it, I drove to another charger from another network nearby. There was another car parked charging using slow plug but the fast plug was free. There are two parking spots assigned to the charger. I parked, authenticated in the app and... the CCS cable could only reach to occupied parking spot. My spot was out of reach. There were no other chargers nearby.

As you can see the model in Spain is basically "only private companies install chargers and they dictate how you charge". The service they offer can be as shitty as they like, they are not making money selling electricity. They are mainly subsidized and get money for installing chargers. No one cares if the chargers work or not. The market extremely fragmented, the apps suck, there are constant technical issues.

I currently have 10 (10!!!) charging apps on my phone: Zunder, Electromaps, Ionity, Endesa, Wenea, Iberdrola, Tesla, Acciona, Chargemap and Repsol. Those are all the networks I actually had to use one or more times to drive somewhere. That's 10 apps that have my personal and credit card data not to mention information about my travels they can sell to advertisers.

There is an EU regulation requiring chargers to accept card payment using a terminal but only along main EU highways.

But wait, it gets worse. There are two "aggregators", apps that let you authenticate at chargers from different networks using a RFID card. Yes, "aggregators" in plural. There's electromaps and chargemap covering different networks. The RFID card costs money so you have to pay twice just to get started but now both apps went down the road of enshifitifcation and started offering subscriptions. If you don't pay you will get ads in the app.

It really looks like the system is designed to make you miserable. Wasted time, no privacy, constant technical issues, obstacles on every step.

So, if the system in your country is better (which it has to be) congrats to you and please share how it works.

If your country is still building their network and they are going in the same direction as Spain start fighting it now.

If you have the same system as Spain it's time to start complaining and asking for changes:

• single provider must be introduced allowing access to entire infrastructure
• direct payment with card must be available on every fast charging station
• requirement on availability should be placed on any subventions given to private companies

I think that's the bare minimum. If you agree let's start organizing and contacting people in charge (no pun intended).

Brazilian lawmakers have passed a bill that drastically weakens the country’s environmental safeguards and is seen by many activists as the most significant setback for the country’s environmental legislation in the past 40 years.

“Either way, its approval is a tragedy,” said Suely Araújo, public policy coordinator at the Climate Observatory civil society group, arguing that the legislation would, among other serious consequences, drive large-scale deforestation and heighten the risk of human-caused climate disasters.

We all know how common terminal one liners have became as a installation method on GNU/Linux and what are the issues with it but let's recap quickly.

You go to a pager of some project and it tells you to do curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs/ | sh or curl -fsSL https://deno.land/install.sh | sh. The only way to verify that this command will not delete all your files or install malware is to manually review the entire script.

So... why not create a secure script repository? On a central website you would create an account for a project and submit a script. On the other side we would provide a binary client that will download and execute the script (we can call it grunt from get and run it). So as a user you would run for example grunt rustup and it would get and execute the script created by rustup project. I imagine it shouldn't be that difficult to add a tiny package to the major distros.

I believe this would be a fairly simple project that would solve all the security issues typical terminal one liners have.

On the website for uploading scripts we could introduce:

• multi user approval flow for script updates
• 2FA
• static checks of the scripts
• reporting system for compromised scripts
• verified project status

On the client side we could:

• provide info about this script's security (how many people reviewed it, when was it last updated, is the project verified)
• provide info about downloads (how many time was this script downloaded since the last update)
• do additional checks (maybe the project could provide MD5 of the script on their servers and grunt could verify it?)

So it would look something like this:

# grunt rustp

Downloading rustp.sh from https://getandrun.it/...
Last updated 30 days ago.
Downloads since last update: 5
Verified project: No
Reviewed by 1 user

Execute script [y/N]

Clearly something is wrong...

# grunt rustup

Downloading rustup.sh from https://getandrun.it/...
Last updated 60 days ago.
Downloads since last update: 5342
Verified project: Yes
Reviewed by 3 users
Comparing MD5 checksum with https://rustup.rs/grunt_md5... Passed 

Execute script [y/N]

That's better!

Right? So why don't we have something like this? Or we do and it simply didn't get enough traction?

========

So just to address some of the comments. No, it's not a package manager. Package managers are complex tools that handle versioning, dependencies, updates, uninstalls and so on. Package mangers are also distro specific. A lot of devs decide not to use package managers and use bash scripts that are distro agnostic and don't rely on external maintainers and packagers. It would be ideal if everyone used secure package managers but the reality is they don't. This solution is a compromise that offers devs full control of software distribution while introducing decent security.

=======

Someone suggested brew. How do you install brew according to https://brew.sh/ ?

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

See the problem?

I just got a new laptop, put Debian 13 on it, installed Plasma, started configuring all the tools. Everything works great but when I get to set up the screensaver I realize it's Wayland. So no xscreensaver. So no IFS.

I had those fractals welcoming me when my computer wakes up probably for 20 years now. Now I'm supposed to just setup normal lock screen and move on? Nope. xdm, .xsessionrc, xscreensaver. Now it feels like home again.

But it's stupid, right? Just use new tools. They have more features. Better integrations. I'm still thinking about switching back to Wayland...

So, do you suffer from software nostalgia (a term I just made up)? Do you stick to good old tools even when the modern replacements are better? Or do you always chase the latest tools without looking back?

Hi everyone!

I'm conducting a brief survey (takes less than 1 minute) to better understand the Rust open source community. I'm particularly interested in learning about who contributes to Rust projects and what motivates or prevents people from getting involved.

I hope insights from this survey will help us identify better ways to support and engage potential contributors in the Rust community.

Thanks for taking the time to share your perspective!

Survey link: https://tripetto.app/run/MHPMRBFVKT