Person of the Year 2006
If you need a fun fact for a corporate icebreaker activity, you can always say, “I was Time magazine’s Person of the Year in 2006,” then stand around awkwardly waiting for someone to Google it.
The official announcement of “your” accomplishment makes for good reading in 2025. In tech circles, we often regard the early days of Web 2.0 as a time of naivety when we thought that letting anyone post on the internet would democratize media and unlock an era of creative expression. Of course, we know now that it isn’t so simple—that open platforms can amplify extreme views, for example, or serve as vectors for misinformation. But apparently we also knew this then, in the earliest days of YouTube and Facebook:
Web 2.0 harnesses the stupidity of crowds as well as its wisdom. Some of the comments on YouTube make you weep for the future of humanity just for the spelling alone, never mind the obscenity and the naked hatred.
But that’s what makes all this interesting. Web 2.0 is a massive social experiment, and like any experiment worth trying, it could fail.
Obviously, the course we chose twenty years ago led us to the world of today. But we didn’t select this path arbitrarily, or without regard for the challenges it would present; we examined the risks and decided the experiment was worth it.
I got a similar sense from reading Thomas Friedman’s The World is Flat (2005), which lays out a theory of globalization based on the convergence of technological development (the internet) and trade liberalization. Some of the passages feel quaint:
If there is a skilled person in Timbuktu, he will get work if he knows how to access the rest of the world, which is quite easy today. You can make a Web site and have an e-mail address and you are up and running. (Ch. 3)
(In the ebook, I commented, “Taxes? Immigration law?”) But elsewhere, Friedman anticipates critiques of globalization which have now become standard:
In the flat world, the balance of power between global companies and the individual communities in which they operate is tilting more and more in favor of the companies, many of them American-based. These companies command as much if not more power than many governments. (Ch. 13)
Not to mention “What the world has never witnessed is an old-style pandemic in a Wal-Mart world,” later on in the same chapter.
Urban Arts Career Pathways Takeover
My team at work recently got to host a Career Pathways Takeover at Urban Arts, a nonprofit based in New York that teaches programming, animation, and storytelling education to high schoolers to prepare them for success in college and beyond.
I was so impressed by the students’ thoughtfulness and engagement. We walked our group of Game Academy students through our team’s event planning process, and in less than an hour they put together a rock-solid plan for a community arts program to raise awareness about mental health issues, including how they’d use data to capture the event’s positive impact (where I fit in). I hope the vision can become a reality before long…!
Massive thanks the Urban Arts team for hosting us and for all that you do through the Game Academy.
Apply for CLS
This year’s application for Critical Language Scholarship from the US State Department is now open. (Thanks, group chat!)
CLS is a fully funded summer language immersion program for American undergraduate and graduate students. I strongly encourage any interested in learning one of the nine critical languages to apply. Some languages require prior language study; others accept beginners.
Feel free to email me if you are considering the CLS program or have questions about the experience. I completed CLS Korean in 2016 and have kept in touch with participants from lots of cohorts since then. Here is my advice post.
Good CLS blogs:
- Bethany Maz
- The Good Things Coming (Paula Zhang)
Python scripts
I cleaned up a few utility Python scripts for the GitHub:
- fetch_python_docs.py sets
up a local mirror of docs.python.org on
http://localhost:8004for offline reference. It can also provide and enable a systemd unit file, so you can run the script once, bookmark the local URL, and forget about it. - typography.py (which I mentioned
here) checks for ASCII typography
that can be better rendered as Unicode. For example, it recommends changing
the hyphen in the page range
278-81to an en dash. - dated.py applies my obnoxious filename convention to create a dated working copy of a file—useful when collaborating with people who aren’t comfortable with version control systems.
Tensions rise in the condaverse
GitHub has a tool called Dependabot that automatically finds outdated package
versions pinned in project configuration files and issues a pull request to
update them. Support for conda environment.yml files has long been one of the
most requested
features in the Dependabot repo. At long last, GitHub has now added partial
support for conda to Dependabot, first as a
beta announced last week,
and now
generally available.
But there have been some issues with the rollout.
The main appeal of conda over something like
Poetry, uv, or just
plain-old requirements.txt is that conda can manage arbitrary dependencies,
not just Python packages. You can
conda create --no-default-packages git micro compilers to set up a Fortran dev
environment if you want. Dependabot’s conda support includes only Python
packages. A few folks grumbled about this limitation in the GitHub issue
comments, but it’s understandable: The space of “all conda installable packages”
is vast indeed, and the Dependabot devs had to start somewhere.
A more compelling criticism of the new feature stems from the fact that
Dependabot determines the latest versions of Python packages by looking up the
names given in environment.yml on PyPI. This is a problem because PyPI is an
entirely different package ecosystem from conda. Some package versions are
released on PyPI well before they appear in conda repos, and some packages have
different names between the two.
For a nasty example, Ipopt is a nonlinear
programming solver written in C, and
cyipopt provides Python
bindings. conda install ipopt installs the C library, and
conda install cyipopt installs the Python wrapper. But pip install ipopt
actually refers to cyipopt. The upshot, if I
understand correctly, is that if you pin ipopt in your environment.yml, then
Dependabot will check its version number against that of the latest version of
cyipopt, a flawed comparison.
Luckily, Ipopt/cyipopt is the only such case I could find in this Rosetta stone (the fact that this exists …) mapping package names across ecosystems. But anyone(ish) can post packages on PyPI, so the current behavior of Dependabot creates new opportunities for typo-squatting attacks on conda users. As Jannis Leidel (a conda maintainer) put it, “This premature rollout makes the conda ecosystem less secure and shouldn’t have occurred.”
I’m not sure what the right move is for Dependabot. For a start, they could use the Rosetta stone to map conda packages to the correct PyPI names, but this would only solve the naming issue, and not the possibility of different versions between the two repositories.