

Discover more from hrbrmstr's Daily Drop
Bonus Drop #3 (2023-02-18): Homebrew, Hijacks, and Happy 🎂!
Homebrew 4.0; Journal Hijacks;Birthday Curl
This is a special, weekend, bonus edition of the Daily Drop for paid subscribers.
Today, we dive into Homebrew’s 4.0 release, give you a peek into the seedier side of academic journals, and wish the coolest programming library/utility an impending Many Happy Returns of the Day!
Homebrew 4.0
NOTE: This section is likely not of much use to non-Linux/macOS folk, unless you want to see how the better ⅔ lives 🙃.
February 16th was a big day for folks who use Homebrew, the “Missing Package Manager for macOS (or Linux)”.
Apple does a middling job when it comes to providing ported BSD/Linux packages, libraries, and utilities with their operating system (or bundled with their extra command line tools). Part of the reason for the “middling” is, as usual, lawyers. The licenses of many of the FOSS elements of macOS have changed over the years, and Apple is picky about what licenses it is willing to live with at home and in court.
Another reason is just laziness. Apple cares far more about the GUI experience of macOS (yeah, don't laugh…macOS usability on the GUI side is trending towards “dumpster fire” these days) than they do the CLI. Apple has no equivalent of the “apt”, “yum”, “pkg_add”, “pkg” (et al.) utilities that Linux and BSD systems have had for ages, and (generally) must wait until their 5-8x year OS updates to make updates.
Our Cupertino overlords also do not want to maintain packages for “esoteric” bits like libraries/utilities for GIS (geographic information systems), and really doesn't want to shepherd a community of maintainers and contributors to curate such a resource.
Homebrew (and MacPorts) fills in this gap.
Homebrew used to operate by git
operations on a fairly massive repository. If you've ever typed “git update
” (prior to 4.0.x), you know that you might be able to brew (heh) some tea or espresso whilst waiting for the pull
to finish.
Now, installs and updates happen by downloading the JSON for individual package formulae. It is superfast, relative, of course, to the number of packages you have installed.
This section will not be a book about Homebrew. It's more to offer my opinion and suggestions for operating in the brave, new, fast Homebrew world.
I suspect most folks just use Homebrew in the most basic way after executing the scary “curl to shell” installation dance. I also suspect most folks haven't read much (if any) of the Homebrew documentation. We'll cover some key settings and commands that should help you make the best use of Homebrew, since it likely provides the foundation for many of the higher order operations you do outside the core macOS ecosystem.
Getting Help
If you never typed “man brew
” at the CLI, I encourage you to do so. In fact, I would even encourage you to do:
open x-man-page://brew # on macOS
at the CLI instead if you want to keep the docs around in a separate window without consuming a terminal tab/pane (you will need XQuartz installed).
You can also get help from Homebrew itself via brew help
, which will also tell you to use brew commands
if you would like to see all the commands your present Homebrew installation supports.
If you find yourself in a weird Homebrew state (i.e., suspect the installed is corrupted), you can always run “brew doctor
” to get a qualified cybermedical second opinion.
Going Meta
You can get info about the Homebrew installation in many ways.
“brew config
” tells you the basic metadata of your current Homebrew configuration:
$ brew config
HOMEBREW_VERSION: 4.0.1-60-g6ad9294
ORIGIN: https://github.com/Homebrew/brew
HEAD: 6ad92949e910041416d84a53966ec46b873e069f
Last commit: 11 hours ago
Core tap origin: https://github.com/Homebrew/homebrew-core
Core tap HEAD: 2f7330fe49b9138a13e952ba9aeb2f2051902e3c
Core tap last commit: 3 weeks ago
Core tap branch: master
Core tap JSON: 18 Feb 15:42 UTC
HOMEBREW_PREFIX: /opt/homebrew
HOMEBREW_CASK_OPTS: []
HOMEBREW_DISPLAY: /private/tmp/com.apple.launchd.95B4FBv9hY/org.xquartz:0
HOMEBREW_MAKE_JOBS: 10
HOMEBREW_NO_ENV_HINTS: set
Homebrew Ruby: 2.6.10 => /System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/bin/ruby
CPU: 10-core 64-bit arm_firestorm_icestorm
Clang: 14.0.0 build 1400
Git: 2.39.2 => /opt/homebrew/bin/git
Curl: 7.86.0 => /usr/bin/curl
macOS: 13.3-arm64
CLT: 14.2.0.0.1.1668646533
Xcode: 14.1
Rosetta 2: false
“brew info
” on its own will tell you the scope of your installation. In my case:
358 kegs, 294,041 files, 12.9GB
(Use “brew list
” to get the list of those kegs.)
Adding a package name after info
will provide you information about that package. If you add --json,
that information becomes usable programmatically.
Environmental Activism
There are far too many environment variables that impact Hombrew operations to go into in this section. I'll focus on ones that the Homebrew team wants you to take under special consideration.
As noted, before 4.0.x, just updating Homebrew could be a time sink. Some folks set HOMEBREW_NO_AUTO_UPDATE
to stop this from happening. Please do not do this. Eradicate that variable from your environment files to ensure you receive the vital [security] updates to the packages you use.
Given that all of Homebrew is now API-driven, please also consider unsetting HOMEBREW_NO_INSTALL_FROM_API
since you really want to take advantage of the new behavior. Set it to 1
if you like pain.
Homebrew defaults HOMEBREW_AUTO_UPDATE_SECS
to 86,400 (one day). You can change this — some folks did due to the speed pain — but don't make it larger if at all possible.
A while ago, Homebrew made a controversial decision to collect analytics via Google Analytics. You could disable this with HOMEBREW_NO_ANALYTICS
, but there are some benefits to letting ecosystem herders know how much an ecosystem is being used. The Homebrew team now has a standalone EU GDPR-compliant InfluxDB set up, so I encourage folks to set HOMEBREW_NO_GOOGLE_ANALYTICS
to 1
to prevent evil GA but let the more privacy-centric one work.
Finally, macOS has proper native OS package support, and now Homebrew does too. Keep an eye on this, and consider helping them test it out.
I use Homebrew enough on macOS that I’ve also started to on Linux, and I’ll provide some perspectives on that in a future Drop.
I'm excited about the future of Homebrew, and congratulate the team on a successful 4.0 release!
Journal Hijacks
I'm not in academia, but I keep an eye on it (two of them, when I can), and learned about a practice called journal highjacking. I'll let Anna Abalkina tell you what this is:
Hijacked journals mimic legitimate journals by adopting their titles, ISSNs, and other metadata. Usually, hijacked journals mirror legitimate journals without permission from the original journal. In rare instances, publishers will buy rights to a legitimate journal but continue the publication under considerably less stringent publishing protocols and without clearly noting to the reader the change in ownership or publication standards (sometimes known as “cloned” journals).
Scholars can be duped into publishing in hijacked journals – many of which require fees – by offers of fast publication and indexing in databases such as Scopus; being indexed in such databases is viewed by many universities and governments as a mark of legitimacy. Even the WHO’s COVID literature database has been fooled.
Anna partnered with Retraction Watch (an org I value enough to financially support) to keep a tracker for these malicious manuscripts, the Retraction Watch Hijacked Journal Checker. As of today's Bonus Drop, there are 180 of them O_O.
You can help by financially supporting Retraction Watch, or tipping them off to a journal that you suspect has done some hijacking of its own.
Birthday Curl
Curl — the client/library that powers just about everything, and even has code on Mars — turns 25 in March.
Sign the card and take a look at the enhancements in their latest release.
I’m very excited to give the new HTTP/3—QUIC support a go, and will report back as soon as I do.
FIN
Thank you, once more, for your over-and-above support of the Drops! ☮