@fastfinge

🇨🇦Samuel Proulx🇨🇦 @fastfinge@interfree.ca

1y

So I’ve been sharing my Weird Dreams with the fediverse lately. Because I’m a bit of a nut, I figured: why not share my normal dreams as well? I’ll be doing that with the #fedidreams hashtag every morning. If you, too, find dreams interesting, feel free to join in! Some ground rules and background: as a teenager, I was extremely interested in #lucid dreaming. I practiced #dream recall and put a lot of work into it, as the first step to lucid dreaming. While I never achieved it, to this day I can generally remember 1 or 2 dreams a night. I don’t believe dreams are supernatural, or have any deeper meaning.I just believe they’re fun, and sometimes an interesting way to get a glimpse of your own subconscious. Also, thanks to some medication I take, my dreams have become even more vivid over the last couple years. If I’m lucky enough to have any explicit dreams, I’ll be keeping those to myself! Will sharing my dreams with the world every morning get me any closer to my long abandoned goal of lucid dreaming? Will my subconscious get performance anxiety and stop dreaming entirely? Will the focus on writing up my dreams in something more than point-form for my dream diary make them even weirder? It’s a social experiment, bro! And you get to follow along on this journey of entirely unscientific and meaningless science! Yay! Yeah…feel free to filter out the #fedidreams hashtag entirely.

2

1

7

0

🇨🇦Samuel Proulx🇨🇦 @fastfinge@interfree.ca

1d

@NVAccess @cachondo @MostlyBlindGamer @prism Thanks! I wasn’t sure if that was just reflecting on the issue or stating policy for the core codebase. I think part of my problem is I work corporate all day. I’m used to OKRs, clear goals and deliverables, and reading and writing strategic statements and so on. My default desire is for something like a foundation to do the same. But as nv access grows it’s doing less of that. And to me, that feels like lack of direction. It may or may not be, but that’s certainly a factor in how I interpret events.

0

1

0

🇨🇦Samuel Proulx🇨🇦 @fastfinge@interfree.ca

1d

@twynn @NVAccess @cachondo @MostlyBlindGamer @prism Yup, I saw the discussion. It seemed to stop without settling anything.

0

🇨🇦Samuel Proulx🇨🇦 @fastfinge@interfree.ca

1d

Nothing like typing quickly and realizing you typed "hitgub" instead of "github" and wondering why it's not working. If only someone wasn't squatting on that domain; codeberg should just rename itself hitgub!

2

4

6

0

🇨🇦Samuel Proulx🇨🇦 @fastfinge@interfree.ca

1d

@prism @cachondo @NVAccess @MostlyBlindGamer Yes, I subscribe it and read every issue. And again, that documents how they’re doing the work, and the progress of that work. Not why it was decided to do that work at all. The soundpack thing is actually a good example. More community feedback is fine. But eventually, there needs to be a decider. Who can say “Doing X is most in line with NVDA’s mission, vision and strategy because of Y. So we’ve decided that we’re doing X.” I might disagree with either X or Y. But the reasoning is there. The strategy is there. Without that overall vision and strategy, what happened, happens. Everyone argues for months and nobody does anything. Or someone just decides and does something for reasons only clear to them, and outside of any framework or overall goal for the project.

1

0

🇨🇦Samuel Proulx🇨🇦 @fastfinge@interfree.ca

1d

@prism @cachondo @NVAccess @MostlyBlindGamer Another example of the lack in overall direction. NVDA seems to have no policy that I can find about AI generated code. But looking at the open pull requests, nobody has submitted any fully AI generated code. Waiting until it happens and then deciding is the kind of reactive stance that leads to bad, poorly thought out decisions. And this is strategic direction that needs to be provided by NV Access, not me, some random dude online.

2

0

🇨🇦Samuel Proulx🇨🇦 @fastfinge@interfree.ca

1d

@prism @cachondo @NVAccess @MostlyBlindGamer Hmm, no. I want them to be more proactive about strategic direction. Getting a feature or pull request, and deciding each time “does this belong in NVDA” is going to lead to problems. The questions like what should addons do? What should be in core? What should addons not do? Why is NVDA deciding to do what it’s doing this year? Should all be clearly understood by everyone. When the strategic direction is set, we can all make decisions about what to work on, what to request, etc, based on that direction. Without it, things just…kind of happen. And that’s not sustainable.

2

0

🇨🇦Samuel Proulx🇨🇦 @fastfinge@interfree.ca

1d

@prism @cachondo @NVAccess @MostlyBlindGamer I read those, in the course of writing up a feature request for PGP signing of addons. Then I scrapped the feature, because I realized I have no idea what a feature request needs to go ahead, how priority is decided, etc. My fear was that it would happen if someone decided to code it, and not happen if nobody wanted to code it. And that’s just not how to build complicated things. So I decided it’d be better not to waste even more developer time by submitting the feature request at all and risking someone just does it and things get even more bogged down.

1

0

🇨🇦Samuel Proulx🇨🇦 @fastfinge@interfree.ca

1d

@prism @cachondo @NVAccess @MostlyBlindGamer A practical example, because you’re trying to understand. If I propose a feature request to add a full fledged email client into core, I do all the work myself, and I create the pull request, does it get merged? What I’m hearing is that maybe it does, because someone else did all the work. This is my understanding of how both screen mag and on device image descriptions got into core. If it doesn’t, and obviously it shouldn’t, I can’t find the strategic direction around questions like “What belongs in NVDA at all?” That would make stopping this work quick and easy. Without this strong overarching strategic discussion, the discussion I pointed out I wasn’t finding in my article, and that is not just a pull request for a feature or change with no discussion of “why do this” or “should this be done at all”, only “how should we do this” discussion that takes the other two questions as assumed, eventually everything gets into core. And making changes and fixes gets harder and harder. At some point (maybe years from now, but eventually) everything just grinds to a halt.

2

0

1

0

🇨🇦Samuel Proulx🇨🇦 @fastfinge@interfree.ca

1d

@prism @cachondo @NVAccess @MostlyBlindGamer And doing so misses the point entirely. Past decisions were made. The work is done, now. As I stated both in the introduction and the conclusion, the thing that concerns me is the pattern of decision making without strategic discussion I couldn’t find. When I point it out, I get pointed to implementation level discussion, IE the “how” and not the “why” or the “should we”. Re-litigating past decisions gets no closer to being more strategic about future decisions. There purpose is, once again, as I said in the article, to demonstrate the pattern I’ve noticed.

0

🇨🇦Samuel Proulx🇨🇦 @fastfinge@interfree.ca

1d

@prism @cachondo @NVAccess @MostlyBlindGamer I’m also unsure how opening an article stating that NVDA is still the best screen reader available, before criticizing the way it seems to make recent decisions, then closing with a plea for people to donate more money to it, counts as “railing against it”.

0

3

0

🇨🇦Samuel Proulx🇨🇦 @fastfinge@interfree.ca

1d

@prism @cachondo @NVAccess @MostlyBlindGamer Huh? NVAccess repeatedly complained that I was attacking them. As have you. That was my complaint. I never framed anything as an attack. Everyone else put on that framing, and it immediately killed all useful discussion. And that was my complaint. The fact that folks are so defensive about NVDA that you can’t have this discussion without putting words in my mouth means the entire thread is useless. Because this is a battle that you have to win by defeating me. So nothing can or will ever change, and nothing useful will happen, until that framing (that I never once placed or agreed to) is gone.

1

0

🇨🇦Samuel Proulx🇨🇦 @fastfinge@interfree.ca

2d

@NVAccess @MostlyBlindGamer @cachondo @prism I’ve been using and watching NVDA since back in the source forge days. And the change in the decision making still feels obvious to me. The magnifier issue unearthed adds to the point I’m making, not detracts from it. There was no central strategy thought behind it. It just sort of happened. It’s also alarming that any public criticism, no matter how frequently couched in my love and respect for NVDA, is an “attack” that must be “defended” against. I’ll sign off this thread by saying that framing criticism as a battle with winners and losers makes healthy and productive discourse impossible.

1

0

🇨🇦Samuel Proulx🇨🇦 @fastfinge@interfree.ca

2d

@dangero I agree with you that it would be a good idea, depending on the quality of the blueprint. But that's the thing, isn't it? Things have to be planned and thought about and discussed and decided, before code gets written, not after or during.

0

🇨🇦Samuel Proulx🇨🇦 @fastfinge@interfree.ca

2d

@NVAccess @cachondo @prism And let's get into it:

* NVDA Magnifier available for early testing and feedback: This presents a fait accompli. It doesn't answer questions like "Why did NV Access decide to do this? Why now? Why part of NVDA and not a separate app?" Yes, I realize someone else is doing the initial work. But NV Access still needs to review it, merge it, maintain it, and so on. Just because someone does a thing doesn't mean it's in the project scope. I've refused fully formed pull requests for being out of scope. I'm sure NV Access has, too.

* AI Image descriptions progress: once again, discussion of a thing that's already happening. Not a discussion of why it's happening, or why it was done as part of core and not an addon, and no record of the reasoning and discussion behind the decision. This answers none of the questions I asked.

* Add-on store discussion: this, and the pr linked from it, get way closer to the sort of thing I'm looking for, and the sort of thing I saw all the time from NVAccess in the 2010's and early 2020's, but see much less of now. We get some insight into the thinking. Though we still don't get insight into why NVDA wanted to control the source of addons, and not leave it to the Spanish community, or discussion of the proes and cons of changing the review process for addon developers and how that decision was achieved.

* [Project] Convert NVDA to 64 bit #16304: And right here, we see the user story "Create a 32bit backwards compatible API for synth drivers and braille displays". With a five day final estimate. What happened here? Is this still happening? I did try to find out before I wrote anything at all. It remained unclear. So I'm still in a state where NV Access said a thing was going to happen, the thing did not happen, and I can't tell why or if it will happen later or never.

1

0

🇨🇦Samuel Proulx🇨🇦 @fastfinge@interfree.ca

2d

@NVAccess @cachondo @prism Second reply to publicly call myself out for doing exactly the thing I’m annoyed about. I just proposed a raft of solutions without taking the time to fully understand the problem I’m solving for. Is the security problem:
* NVDA needs to work with addons in sensitive enterprise environments
* users need to be able to confidently install addons from the addon store without worrying
* users need to be able to install random addons from the internet with at least some safety
* security people need to be able to audit what an addon is doing
* something else
* all of the above

The best solution is going to depend on what the problem is, and what the available resources are for solving it.I shouldn’t have offered any solutions at all without understanding the shape of the problem. Because otherwise we’re just doing things because we feel like things should be done. Leading me to another question: does NVAccess clearly define what its problems are before it starts planning solutions to them? Or do planning and roadmaps start from the solution, rather than the problem to be solved? Because starting from the solution leads to decisions like scanning addons with an antivirus because it exists and you can.

0

🇨🇦Samuel Proulx🇨🇦 @fastfinge@interfree.ca

2d

@NVAccess @cachondo @prism Well, I would first propose not doing something “because the service exists and we can”. This was the kind of thinking I tried, and seem to have failed, to hilight in the article. Next, I would propose not getting stuck in an either or mindset. The duality of “we do nothing” or “we restrict all addons forever” is a false one.What about tracking reputation of addon authors and making sure that, at least, NV Access can guarantee that the author of an addon is who they say they are. Then making it extremely clear to users who they’re trusting and how much trust they’re handing over. What about having a set of “reviewed addons” and then a set of “unreviewed addons” and listing them in different places, with different levels of warning, and different corporate controls? What about some sort of sandboxing, and prompting the user “Do you want to allow this addon to X?” Where X is dangerous things like download and execute a third party program, read and write files outside of the addon directory, and so on. There are all sorts of possible solutions, some easier, and some harder, that would actually do something other than “Maybe inconvenience an attacker who knows nothing about NVDA Store security someday”.

1

0

🇨🇦Samuel Proulx🇨🇦 @fastfinge@interfree.ca

2d

@NVAccess @cachondo @prism I’m confused about the fact that you’d rather a private email asking, than a public article that goes out of its way to be as soft as I could make it while raising concerns, where the public discussion that I was hoping for and not finding had a chance of happening.

0

🇨🇦Samuel Proulx🇨🇦 @fastfinge@interfree.ca

2d

@NVAccess @cachondo @prism The hate isn’t the service itself. It’s that the results are being displayed in the store. I believe that this is false reassurance, that makes everyone less secure just by existing. Best case, it will always return nothing, because no attacker would upload a virus directly to the store; they’ll have their addon download the virus days later, once it’s gotten some installs. Worst case, it makes someone think “Oh, NVDA virus scans its addons. So they’re fine.” Given the best case is nothing happens, and the worst case is someone is less secure, why do it? What problem is NVAccess trying to solve?

1

0

🇨🇦Samuel Proulx🇨🇦 @fastfinge@interfree.ca

2d

@NVAccess @cachondo @prism I did find some of these. But a lot of them seem to be discussions of how to do something that has already been decided would be done. Not of the what to do or why to do it. And those discussions are the majority of my concern. However, I could be mistaken, and I will certainly read the links more closely.

0

1

0

🇨🇦Samuel Proulx🇨🇦 @fastfinge@interfree.ca

2d

@NVAccess @cachondo @prism I’m not mad at all. I’m concerned. Deeply. But that’s far from anger. And I also find it strange that you seem to think my entire purpose is to waste as much developer time as possible, and would be gleeful the more of your time I can manage to take up. I’m so baffled by that assumption thatI’m starting to wonder if your mental model of me as a person is just so far off that mutual communication or understanding is even possible.

1

0