Update post

5 files changed, 156 insertions, 31 deletions

diff --git a/.build.yml b/.build.yml
deleted file mode 100644
index 28e650d..0000000
--- a/.build.yml
+++ /dev/null
@@ -1,31 +0,0 @@
-image: debian/bullseye
-oauth: pages.sr.ht/PAGES:RW
-sources:
-  - https://git.sr.ht/~sircmpwn/openring
-  - https://git.disroot.org/huyngo/conlang
-packages:
-  - golang
-  - hugo
-environment:
-  site: huyngo.srht.site
-tasks:
-- install: |
-    cd openring
-    go build -o openring
-    sudo cp openring /usr/local/bin/
-- embed: | 
-    cp -r conlang/src $site/content/conlang
-    cd $site/content/conlang
-    mv index.md _index.md
-    sed "s/\//_/g" SUMMARY.md | sed "s/\._/.\//g" | sed "s/.md/\//g" | grep -v "Introduction" >> _index.md
-    rm SUMMARY.md
-    ../../preprocess.sh
-    find -type f | grep "sh$" | xargs rm
-- package: |
-    cd $site
-    ./create-webring.sh
-    hugo --baseURL="https://huyngo.srht.site"
-    cd public
-    tar -cvz . > ../../site.tar.gz
-- upload: |
-    acurl -f https://pages.sr.ht/publish/$site -Fcontent=@site.tar.gz
diff --git a/content/posts/2021-06-21-ipwhl-update.md b/content/posts/2021-06-21-ipwhl-update.md
new file mode 100644
index 0000000..6b5e423
--- /dev/null
+++ b/content/posts/2021-06-21-ipwhl-update.md
@@ -0,0 +1,156 @@
+---
+title: "[Update] IPWHL: Maybe the real cheeses are the packages we helped along
+the way"
+date: 2021-06-21
+categories: [blog, update]
+tags: [update, ipwhl, python, packaging]
+---
+
+So, according to a [recent announcement][ipwhl-annonce] in the mailing list, I
+now co-maintain the [IPWHL][ipwhl] project, also known as *Floating Cheeses*
+(I prefer the latter for it being more playful and pronounceable, but IPWHL is
+just quicker to type). So, I feel obliged to provide a more thorough
+introduction.
+
+[ipwhl-annonce]: https://lists.sr.ht/~cnx/ipwhl-announce/%3CCC8HUR1YAFDL.YHJBG1SM70WE%40nix%3E
+[ipwhl]: https://sr.ht/~cnx/ipwhl/
+
+# Les Cheeses
+
+In short, IPWHL is a PyPI alternative (though, initially the package database
+would be collected from there).  What it provides:
+
+- Decentralization
+- Security
+- Reproducibility
+
+## Decentralization
+
+IPWHL uses [IPFS][ipfs] for storing packages.  This provides several
+advantages:
+
+- No single point of failure
+- Easy to mirror
+- Faster download thanks to P2P
+
+As there have been several incidents of PyPI outages, this is a strong reason
+to use our cheeses.
+
+[ipfs]: https://ipfs.io/
+
+## Security
+
+No single point of failure is a security feature itself, but besides that,
+IPWHL also is more secure because:
+
+- We have CIDs and we cryptographically sign the packages thanks to merkle dag
+- We avoid packaging packages that are typosquat attacks
+
+## Reproducibility
+
+IPWHL has a pre-resolved dependency and its packaging strategy is similar to
+NixOS, a distro known for its reproducibility.  The installer can uses the CID
+and the package name to reproduce exactly the package.
+
+# Current problems
+
+Despite the theoretical advantages, IPWHL is a new project and thus has several
+problems
+
+## Lack of packages
+
+A distribution doesn't mean anything without packages, and IPWHL is indeed in
+need of them.
+As of the time I am writing this (2021-06-21), there are less than 100 packages
+declared in the database.
+
+Introducing more packages would lead to maintenance problem: we cannot, as two
+sole maintainers, keep up with too many packages and make sure they're all
+up-to-date.  Therefore, please, come help us if you're interested in this
+project.
+
+## Dependency Hell
+
+Maybe you've heard of `npm install is-even` meme, if you hang out in some
+programming meme groups.  It represents an underlying problem of having too
+many packages depending on each other.  PyPI is saner, I would say, but it does
+have that problem.
+
+![xkcd comics "Dependency":
+A tower of blocks is shown. The upper half consists of many tiny blocks
+balanced on top of one another to form smaller towers, labeled:
+"All modern digital infrastructure"
+The blocks rest on larger blocks lower down in the image, finally on a
+single large block. This is balanced on top of a set of blocks on the left,
+and on the right, a single tiny block placed on its side. This one is
+labeled: A project some random person in Nebraska has been thanklessly
+maintaining since 2003](/images/xkcd-dependency.png "Such dependency, wow")
+*(Image Attribution[^0])*
+
+I would even say if the package dependency were like the above illustration, it
+would be simple.  In reality, *circular dependency* makes it impossible to
+declare one package without declaring the other, which can be demonstrated by
+this tensegrity shape:
+
+![A tensegrity structure](/images/tensegrity.png
+"Remove any part and it's broken")
+*(I drew this!)*
+
+Or, in some cases, such as for `tox`, it can even be like this:
+
+![A tensegrity icosahedron made from straws and string](https://upload.wikimedia.org/wikipedia/commons/5/5d/Icosahedral_tensegrity_structure.png "I don't even know how this work")
+*(Image attribution[^3])*
+
+# How to help
+
+![Rick from *Rick and Morty* dancing and singing "I'm begging for
+help"](/images/begging-for-help.png "I hope adult swim don't sue me for
+this.")
+*(Image Attribution[^1])*
+
+Due to mentioned problems, it is critical for the project to have contribution.
+To start, please take a look at [the manual page][ipwhl-man]
+
+[ipwhl-man]: https://man.sr.ht/~cnx/ipwhl/guides/contrib.md
+
+## Help declaring packages information
+
+Currently, the packages with high priority is listed here:
+
+https://todo.sr.ht/~cnx/ipwhl/5
+
+## Write docs
+
+User and contribution manuals are not really clearly written, and some
+information are scattered across the [mailing lists][lists].  You can help by
+compile them into a comprehensive structured manual.
+
+[lists]: https://sr.ht/~cnx/ipwhl/lists
+
+## Help resolving dependency conflicts
+
+> *Maybe the real cheeses are the packages we helped along the way*
+
+Some packages cannot be in its latest version, due to some constraints.
+
+A case in point is `Sphinx`, which depends on `docutils` and `docutils-stubs`.
+The latest version for `docutils` is 0.17.1, but so far the latest version for
+`docutils-stubs` depends on specifically 0.14 versions.  Due to this conflicts,
+you can only install `docutils 0.14`.
+
+Therefore, you can help developing and packaging [docutils-stubs][stub] so we
+can have newer packages on IPWHL
+
+[stub]: https://github.com/tk0miya/docutils-stubs
+
+[^0]: Original XKCD comics: <https://xkcd.com/2347/>, shared under a CC-BY-NC
+  2.5 License.
+
+  Transcript retrieved (with some edits) from ExplainXKCD:
+  <https://explainxkcd.com/wiki/index.php/2347:_Dependency>, shared under a
+  CC-BY-SA 3.0 License.
+[^1]: Scene cropped from *Rick and Morty*, a show by *Adult Swim*:
+  <https://www.youtube.com/watch?v=SdsJDLSI_Mo>
+[^3]: Image retrieved from WikiMedia, authored by QuarterNotes:
+  <https://commons.wikimedia.org/wiki/File:Icosahedral_tensegrity_structure.png>,
+  shared under a CC-BY-SA 4.0 License
diff --git a/static/images/begging-for-help.png b/static/images/begging-for-help.png
new file mode 100644
index 0000000..34cca3c
--- /dev/null
+++ b/static/images/begging-for-help.png
Binary files differdiff --git a/static/images/tensegrity.png b/static/images/tensegrity.png
new file mode 100644
index 0000000..edf69e2
--- /dev/null
+++ b/static/images/tensegrity.png
Binary files differdiff --git a/static/images/xkcd-dependency.png b/static/images/xkcd-dependency.png
new file mode 100644
index 0000000..e07722d
--- /dev/null
+++ b/static/images/xkcd-dependency.png
Binary files differ