Discover more from hrbrmstr's Daily Drop
Bonus Drop #3 (2023-02-18): Homebrew, Hijacks, and Happy 🎂!
Homebrew 4.0; Journal Hijacks;Birthday Curl
This is a special, weekend, bonus edition of the Daily Drop for paid subscribers.
Today, we dive into Homebrew’s 4.0 release, give you a peek into the seedier side of academic journals, and wish the coolest programming library/utility an impending Many Happy Returns of the Day!
NOTE: This section is likely not of much use to non-Linux/macOS folk, unless you want to see how the better ⅔ lives 🙃.
February 16th was a big day for folks who use Homebrew, the “Missing Package Manager for macOS (or Linux)”.
Apple does a middling job when it comes to providing ported BSD/Linux packages, libraries, and utilities with their operating system (or bundled with their extra command line tools). Part of the reason for the “middling” is, as usual, lawyers. The licenses of many of the FOSS elements of macOS have changed over the years, and Apple is picky about what licenses it is willing to live with at home and in court.
Another reason is just laziness. Apple cares far more about the GUI experience of macOS (yeah, don't laugh…macOS usability on the GUI side is trending towards “dumpster fire” these days) than they do the CLI. Apple has no equivalent of the “apt”, “yum”, “pkg_add”, “pkg” (et al.) utilities that Linux and BSD systems have had for ages, and (generally) must wait until their 5-8x year OS updates to make updates.
Our Cupertino overlords also do not want to maintain packages for “esoteric” bits like libraries/utilities for GIS (geographic information systems), and really doesn't want to shepherd a community of maintainers and contributors to curate such a resource.
Homebrew (and MacPorts) fills in this gap.
Homebrew used to operate by
git operations on a fairly massive repository. If you've ever typed “
git update” (prior to 4.0.x), you know that you might be able to brew (heh) some tea or espresso whilst waiting for the
pull to finish.
This section will not be a book about Homebrew. It's more to offer my opinion and suggestions for operating in the brave, new, fast Homebrew world.
I suspect most folks just use Homebrew in the most basic way after executing the scary “curl to shell” installation dance. I also suspect most folks haven't read much (if any) of the Homebrew documentation. We'll cover some key settings and commands that should help you make the best use of Homebrew, since it likely provides the foundation for many of the higher order operations you do outside the core macOS ecosystem.
If you never typed “
man brew” at the CLI, I encourage you to do so. In fact, I would even encourage you to do:
open x-man-page://brew # on macOS
at the CLI instead if you want to keep the docs around in a separate window without consuming a terminal tab/pane (you will need XQuartz installed).
You can also get help from Homebrew itself via
brew help, which will also tell you to use
brew commands if you would like to see all the commands your present Homebrew installation supports.
If you find yourself in a weird Homebrew state (i.e., suspect the installed is corrupted), you can always run “
brew doctor” to get a qualified cybermedical second opinion.
You can get info about the Homebrew installation in many ways.
brew config” tells you the basic metadata of your current Homebrew configuration:
$ brew config HOMEBREW_VERSION: 4.0.1-60-g6ad9294 ORIGIN: https://github.com/Homebrew/brew HEAD: 6ad92949e910041416d84a53966ec46b873e069f Last commit: 11 hours ago Core tap origin: https://github.com/Homebrew/homebrew-core Core tap HEAD: 2f7330fe49b9138a13e952ba9aeb2f2051902e3c Core tap last commit: 3 weeks ago Core tap branch: master Core tap JSON: 18 Feb 15:42 UTC HOMEBREW_PREFIX: /opt/homebrew HOMEBREW_CASK_OPTS:  HOMEBREW_DISPLAY: /private/tmp/com.apple.launchd.95B4FBv9hY/org.xquartz:0 HOMEBREW_MAKE_JOBS: 10 HOMEBREW_NO_ENV_HINTS: set Homebrew Ruby: 2.6.10 => /System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/bin/ruby CPU: 10-core 64-bit arm_firestorm_icestorm Clang: 14.0.0 build 1400 Git: 2.39.2 => /opt/homebrew/bin/git Curl: 7.86.0 => /usr/bin/curl macOS: 13.3-arm64 CLT: 220.127.116.11.1.1668646533 Xcode: 14.1 Rosetta 2: false
brew info” on its own will tell you the scope of your installation. In my case:
358 kegs, 294,041 files, 12.9GB
brew list” to get the list of those kegs.)
Adding a package name after
info will provide you information about that package. If you add
--json, that information becomes usable programmatically.
There are far too many environment variables that impact Hombrew operations to go into in this section. I'll focus on ones that the Homebrew team wants you to take under special consideration.
As noted, before 4.0.x, just updating Homebrew could be a time sink. Some folks set
HOMEBREW_NO_AUTO_UPDATE to stop this from happening. Please do not do this. Eradicate that variable from your environment files to ensure you receive the vital [security] updates to the packages you use.
Given that all of Homebrew is now API-driven, please also consider unsetting
HOMEBREW_NO_INSTALL_FROM_API since you really want to take advantage of the new behavior. Set it to
1 if you like pain.
HOMEBREW_AUTO_UPDATE_SECS to 86,400 (one day). You can change this — some folks did due to the speed pain — but don't make it larger if at all possible.
A while ago, Homebrew made a controversial decision to collect analytics via Google Analytics. You could disable this with
HOMEBREW_NO_ANALYTICS, but there are some benefits to letting ecosystem herders know how much an ecosystem is being used. The Homebrew team now has a standalone EU GDPR-compliant InfluxDB set up, so I encourage folks to set
1 to prevent evil GA but let the more privacy-centric one work.
Finally, macOS has proper native OS package support, and now Homebrew does too. Keep an eye on this, and consider helping them test it out.
I use Homebrew enough on macOS that I’ve also started to on Linux, and I’ll provide some perspectives on that in a future Drop.
I'm excited about the future of Homebrew, and congratulate the team on a successful 4.0 release!
I'm not in academia, but I keep an eye on it (two of them, when I can), and learned about a practice called journal highjacking. I'll let Anna Abalkina tell you what this is:
Hijacked journals mimic legitimate journals by adopting their titles, ISSNs, and other metadata. Usually, hijacked journals mirror legitimate journals without permission from the original journal. In rare instances, publishers will buy rights to a legitimate journal but continue the publication under considerably less stringent publishing protocols and without clearly noting to the reader the change in ownership or publication standards (sometimes known as “cloned” journals).
Scholars can be duped into publishing in hijacked journals – many of which require fees – by offers of fast publication and indexing in databases such as Scopus; being indexed in such databases is viewed by many universities and governments as a mark of legitimacy. Even the WHO’s COVID literature database has been fooled.
Anna partnered with Retraction Watch (an org I value enough to financially support) to keep a tracker for these malicious manuscripts, the Retraction Watch Hijacked Journal Checker. As of today's Bonus Drop, there are 180 of them O_O.
You can help by financially supporting Retraction Watch, or tipping them off to a journal that you suspect has done some hijacking of its own.
Curl — the client/library that powers just about everything, and even has code on Mars — turns 25 in March.
Sign the card and take a look at the enhancements in their latest release.
I’m very excited to give the new HTTP/3—QUIC support a go, and will report back as soon as I do.
Thank you, once more, for your over-and-above support of the Drops! ☮