Zeronet: [Enhancement] Use pip.

Yeah it would be better, but had some compatibility issues in the past. With moving to Python3 I will try to solve these problems and only bundle the dependencies with the binary distribution.

Wow, that is a bigger project than I had anticipated. Is there a roadmap on that?

No roadmap yet, it's planned around end of this year.

PIP IS KING

https://www.youtube.com/watch?v=XNtTEibFvlQ
2X playback

How easy to use PIP installs. ^^^

Maybe a lot of programmers (most of them seem to be OOP or newer programmers) don't think so, but just as a sidenote - a lot of people think pip and npm are actually really bad for several reasons. Just because you think it's good, doesn't mean everyone agrees. Especially with the load of crap programmers come up with that programmers "should" do, which is then backtracked and thought of as a bad idea much later.

If you can make a python program that uses libraries and is very easy to install without pip - then it obviously doesn't "need" pip. Stop imposing stupid Coding Practices on other people when they don't provide any actual benefit.

With that said, I would agree that the recent move to pip with Python3 is a good one only because the way ZeroNet was handled previously was really bad.

Maybe a lot of programmers (most of them seem to be OOP or newer programmers) don't think so, but just as a sidenote - a lot of people think pip and npm are actually really bad for several reasons.

Those people would be obviously wrong for several really obvious reasons.

First, maintainability requires that we know exactly what version of all the dependencies we're building against so we know what changed when something breaks. Correct package management guarantees this. Embedding copies of the libraries with God-only-know what modifications means that when it comes time to update any of the dependencies, no one will know how -- not even the original programmers.

Second, modularity.

Third, security. No one has time to audit the code in the embedded versions of the libraries in every repo of every project. You should be able to audit each dependency once by auditing that dependency's repo and thus guarantee that the code you audited is the code you're building and running against.

Fourth, leaving out package management has no benefits. There's no upside to not doing it. If the packaging system is ever retired, you can always paste the libraries back in.

Now, if these people's problem was with the specifics of a particular package management system (like a problem with pip that gradle or nuget don't have) THAT I could find more understandable. But dude, using package management is just sooo much better in general.

maintainability requires that we know exactly what version of all the dependencies we're building against so we know what changed when something breaks.

And apparently a package management is required for this? And who says embedded libraries are modified directly?

Second, modularity.

If we are saying package management is good because of modularity, we also need to know why modularity is good.

Third, security.

This is one of the only good reasons for using a terrible package management system.

Fourth, leaving out package management has no benefits.

Actually it does, and they're "obvious".

Now, if these people's problem was with the specifics of a particular package management system

The problem is not package management in general. The problem is terrible package managers. The other, more important problem is that the whole system relies on centralization. If the server is down, nobody can install the packages required for a project.

Remember LeftPad?

If we are saying package management is good because of modularity, we also need to know why modularity is good.

I think that is obvious given the definition of modularity. Google it. Software modularity being a good (not necessarily the only good or the ultimate good, but being a good) is not a controversial proposition in computer science.

The problem is not package management in general. The problem is terrible package managers.

Oh, OK that's reasonable.

The other, more important problem is that the whole system relies on centralization. If the server is down, nobody can install the packages required for a project.

You're saying that on Github.

It is controversial that it's taken way too far. People "modularize" practicaly everything now without even thinking on whether it has any real benefit. There's also the fact that function calls and classes and modules and all of this stuff has a cost. Of course, you'll probably counter that computers are fast enough now. Then I'll counter with Windows 10 on HDDs, Browsers and practically every website out there, and npm.

I'm also going to add that there are languages that allow modifying libraries without modifying the code of the library directly. Called extensions or something like that. There's also metaprogramming.

With the Python3 version I removed most of the packages from the source code directory, but I had to keep pybitcointools, because the two pip package (python-bitcoinlib is the other) installs to the same bitcoin named directory in site-packages. So it's not possible to install both of them at the same time. I was surprised that pypi does not enforce to install to the same directory as the package name.
I also thinking about including pyelliptic as versions later than 1.5.6 does not have ECIES functions added.

Nice! :)

@BenMcLean I don't know what programmers you follow, but maybe you should look at opposing views more often considering you seem to think that everything is so obvious and everyone believes the same things. Try Casey Muratori, Jonathan Blow, Abner Coimbre, and the like.

I don't see why this should be something taken on authority rather than evaluated based on the reasons I gave.

This has nothing to do with authority - and the fact you think this means you either are deliberately misrepresenting my argument because you have nothing better, or you didn't read everything I wrote. It has everything to do with the fact that you think:
1.) "obvious given the definition of modularity"
2.) "is not a controversial proposition in computer science."
3.) "leaving out package management has no benefits"
4.) "It needs to use pip like everybody else"

Every single one of these is an appeal to authority or majority (bandwagon), and every single one of these is false - Why? Because the programmers that actually care about programming and performance and the Users know that things are more complex than you make them out to be.

The names I have given above are not authority. They are an example of how wrong you are about things being so "obvious" that everyone knows this is like that, etc., etc.

Additionally, I've already evaluated your reasons and gave counters to almost all of them. You know this, and I think it's likely you know my counters are valid considering you didn't respond to them.

This has nothing to do with authority.

Your name-dropping of Casey Muratori, Jonathan Blow and Abner Coimbre was a textbook appeal to authority. That doesn't necessarily make it fallacious but it is in fact an appeal to authority.

What I said about modularity being a generally desirable property for software to have on a basic level is Computer Science 101. Google it.

"I'm talking about programmers that follow in the footsteps of Jonathan Blow, Abner, Casey - Game Programmers, Systems Programmers, etc. The names I have given above are not authority."

They're names. You're citing them as justification. That makes them authority.

By "everybody else" I obviously meant other Python software packages, not literally every programmer on earth.

Your name-dropping of Casey Muratori, Jonathan Blow and Abner Coimbre was a textbook appeal to authority.

No, it wasn't.

They're names. That makes them authority.

No, it doesn't. I'll "drop" my name: Christian Seibold is another example of how obviously wrong you are. I'm certainly no "authority", Right? Therefore, you statement that name dropping makes those names an appeal to authority is false.

Additionally, look at what I said:

follow in the footsteps of ....
They are an example
Try ... and the like

It's never an appeal to authority when you're doing it.

They're names. You're citing them as justification

I did no such thing. I cite them as examples which I have clearly said multiple times. If you are going to argue, have the decency to not deliberately forget about or chop off part of someone's argument:

maybe you should look at opposing views more often considering you seem to think that everything is so obvious and everyone believes the same things

What do I say in this quote? Tell me!

Also, you being quite illogical here. You say name dropping means it's an appeal to authority. Yet if I drop names of friends I know that disagree with you, all of which are not popular or known by many people, would you say that's an appeal to authority? Clearly an appeal to authority has to appeal to authority, right?

Examples are a form of justification.

What do I say in this quote? Tell me!

A strawman fallacy that I'm ignoring.

You don't know what strawman fallacy is, do you? Of course you don't, considering you are literally using it against me.

Examples are not a form of justification. They are evidence to refute the point that something "is not a controversial proposition in computer science". You seriously didn't catch this?

I was clearly giving examples to refute the point that something isn't controversial, as I have explicitly stated previously.

Notice that I haven't once explicitly said that these people are right. Interesting, huh?

this ticket is _wildly_ off topic and should either be closed or limited

Oh, right. I didn't treat that as an attempt to refute what I said, but just as a comment, since it doesn't refute what I said.

It is controversial that it's taken way too far.

Anything can be taken way too far, sure.

There's also the fact that function calls and classes and modules and all of this stuff has a cost.

You want to go back to doing perfect Assembly for everything? If so, why are you commenting on an issue in a Python repo? This is Python. That ship has sailed.

If not, then where do you draw the line?

I'm also going to add that there are languages that allow modifying libraries without modifying the code of the library directly. Called extensions or something like that. There's also metaprogramming.

Package management doesn't interfere with any of that AFAIK.

Let me summarize everything I've said thus far:

1.) It is controversial that it's taken way too far.
2.) maybe you should look at opposing views more often considering you seem to think that everything is so obvious and everyone believes the same things.
3.) know that things are more complex than you make them out to be.
4.) They are an example of how wrong you are about things being so "obvious" that everyone knows this is like that

My whole argument is refuting the fact that you think things are so "obvious".

Package management doesn't interfere with any of that AFAIK.

I don't understand how you don't know that what you quoted was in response to saying that you don't have to modify code directly to change that code. Which means that there is a way to modify code without package management.

Examples are not a form of justification. They are evidence

Evidence is a form of justification.

to refute the point that something "is not a controversial proposition in computer science".

It isn't. I know Jonathan Blow for certain does not hold that modularity is universally bad. It's been a foundational concept of programming since at least the 1960s.

Notice that I haven't once explicitly said that these people are right.

Oh, it sure seemed that you were.

You seem to have taken my use of "everybody else" in a much stricter sense than I meant.

I am gonna close this issue because my suggestion's already been implemented in the python 3 version.

I know Jonathan Blow for certain does not hold that modularity is universally bad. It's been a foundational concept of programming since at least the 1960s.

This is an actual strawman fallacy. Let me point you to this!:

The problem is not package management in general. The problem is terrible package managers. The other, more important problem is that the whole system relies on centralization. If the server is down, nobody can install the packages required for a project.

Come on... Misrepresent my argument one more fucking time. Make yourself look like a fool.

Oh, it sure seemed that you were.

Really? Every single point I have made was about your argument that things "should" be done this way because "ZeroNet is no special snowflake" and must "do what everyone else does" because package management is "obviously" good.

I explicitly state that not everyone believes the same as you. And I give examples of the people who don't agree with you.

My whole argument is based on the fact that people don't agree with you, and I explicitly state this in my very first post:

Just because you think it's good, doesn't mean everyone agrees.

Additionally, I fully support ZeroNet's move to pip, which I also explicitly stated in my very first post on here:

With that said, I would agree that the recent move to pip with Python3 is a good one only because the way ZeroNet was handled previously was really bad.

And the whole reason why I started this argument in the first place is because of this:

If you can make a python program that uses libraries and is very easy to install without pip - then it obviously doesn't "need" pip. Stop imposing stupid Coding Practices on other people when they don't provide any actual benefit.

Let me further clarify - Don't act like a fucking asshole to someone just because their project doesn't use the tools you want them to use (and yes, I'm talking about your "snowflake" and "what the crap is this" comments).

Every Python package with dependencies needs pip or something like it for the four reasons previously stated, none of which have been refuted.

It would be nice to look into decentralized alternatives to pip, but not into getting rid of package management altogether because that's stupid.

Why should a program that doesn't need security be forced to use pip when including the code directly can make it easier to install and ensure that the correct proper versions of the library are used and that they stay with the repo in case the library is no longer available.

You can version things without package management. You can modify a library without package management. You don't need package management for something to be modular.

Let me clarify, again... My problem is not with package management. It is with both bad package managers, and that you think everything needs to use package management, when not everything does.

I forgot one earlier.

Keeping the Git history clear of unnecessary deltas is a good enough reason all by itself even if there were no other.

And other people would say that a "clear history" provides almost no benefit and trying to do something like that is actually a downside because you are putting more importance on keeping things pretty and clean than functionality. Putting libraries in repos is a good way to ensure that if there's no other way to get the libraries, as long as your own source code is up somewhere, people have everything they need. They don't have to search (and potentially fail) to find the required libraries.

And this also goes along with trying to keep the source code of a project running in the future when the necessary libraries or servers might not be available.

but not into getting rid of package management altogether because that's stupid.

Tell me where I've explicitly stated we should get rid of package management? Or where I said that package management provides no benefits?

If that happens, you're screwed anyway. ZeroNet is built on top of the Internet. If the Internet's gone, so is ZeroNet.

If you want an alternative to the Internet then you need a whole different tech stack.

So apparently a server can't go down unless the whole internet goes down? LOL.

Or maybe you're saying that every single library in the whole world will stay on the internet forever because it's the Internet and files and websites are never lost on the internet, right?

Or how you conveniently forget that governments are starting to block whole areas of internet access, or that a portion of the internet can go down very easily because of one or two wires connecting the continents. Or how companies can delete files from their servers. Or any number of things.

And let's not forget leftpad and ... was it the cloudflare outage that took down a bunch of websites? Edit: No, it was actually a DNS server (Dyn) that was DDoSed.

So... First you act like an asshole to @HelloZeroNet and the ZeroNet project.. then you make ludicrous claims like every single python project that uses libraries must use pip. Then you repeatedly misrepresent my argument multiple times with the exact same misrepresentation that I have already said multiple times (and given evidence) that I did not say, and in fact say quite the opposite. Then you conveniently change your argument by saying you didn't say "everybody else" to mean everybody else, but rather everyone else in the Python community (even though that doesn't change my argument).

And your illogical statements that giving examples of names of people is always an appeal to authority - when that's actually contrary to what the definition of appeal to authority actually is - that the people must have authority and that they are given as justification that what they believe is right (which is not the same as giving them as justification that not everyone believes in something - what you are trying to justify or give example to is actually important because it tells you what the person is actually... trying to prove. Are they proving that these people are right? Or are they proving that not everyone believe in a specific thing that these people do/don't believe in).

@BenMcLean Just wondering something. Be honest - How much of what I wrote did you just skim (including my quotes)?