It's a package format that bundles all required libraries, that way you don't run into the issue with program A requiring library version <1.1 and program B requiring library >1.3.
It leads to larger binaries because these dependencies are bundled, but it solves the issue with old/minimally maintained software not working on new OS versions because they depend on an ancient version of libssl or something.
The webserver that canonical uses to distribute other people's snaps is, and that's it. APKs aren't proprietary just because Google runs the Play store.
If you don't want to interact with canonical's servers you can download the snap files from literally anywhere else and install them manually so you don't have to touch a single line of non open source code.
The snapcraft webserver backend is closed source but everything snap adjacent that touches your computer is open source, and you can distribute snaps and install them without using the snap store
When your site serves each user 20+ images and you get millions of unique users a year, saving 25-35% on each image translates into a LOT of saved bandwidth
This is honestly not surprising, nothing he was doing required in depth knowledge of how they work.
Look at any cryptocurrency board (other than stack exchange) and the overwhelming majority of people bragging about how they have been involved in crypto "for X years" couldn't tell you the first thing about elliptical curve cryptography, the p2p protocol used by nodes, the PoW algorithm (beyond a basic understanding), what a non-mining node contributes to the network, or how wallets derive addresses from seed phrases.
Similarly you don't need to understand TCP to build a Shopify website
But running those pip commands you mentioned is only going to affect what version gets installed initially.
I don't follow. If my package-lock.json specifies package X v1.1 nothing stops me from manually telling npm to install package X v1.2, it will just update my package.json and package-lock.json afterwards
If a requirements.txt specifies X==1.1, pip will install v1.1, not 1.2 or a newer version. If I THEN install package Y that depends on X>1.1, the pip install output will say 1.1 is not compatible and that it is being upgraded to 1.2 to satisfy package Y's requirements. If package Y works fine on v1.1 and does not require the upgrade, it will leave package X at the version you had previously installed.
Would that just create a list of the current packages/versions
Yes, and all downstream dependencies
without actually locking anything?
What do you mean? Nothing stops someone from manually installing an npm package that differs from package-lock.json - this behaves the same. If you pip install -r requirements.txt it installs the exact versions specified by the package maintainer, just like npm install the only difference is python requires you to specify the "lock file" instead of implicitly reading one from the CWD
The cheese is nothing special, it's basically cheddar in non-brick form. If poutine was popular in the states there could be a booming curd market in no time
The unsubscribes? Or the "I never signed up for this" count
On the unsub front, only ~30% of our mailing list engages with sends (opens the email), and I'm willing to bet up to 50% of our mailing list is "dead" emails, so really it's 2-3x that number in practice. We have CASL to comply with so we aren't willy nilly with adding people to our list either.
For us, probably 1 in 10-15ish say they never signed up. We also have a double opt in, meaning every single one of them opened an email and clicked a link to confirm they wanted to keep getting marketing emails
About 0.2% of people unsubscribe every time we send something out
It's a package format that bundles all required libraries, that way you don't run into the issue with program A requiring library version <1.1 and program B requiring library >1.3.
It leads to larger binaries because these dependencies are bundled, but it solves the issue with old/minimally maintained software not working on new OS versions because they depend on an ancient version of libssl or something.