I upgraded from Catalina to Big Sur (without formatting), and then used Onyx to clear all the caches on my Mac. It works perfectly.
Mac mini 2012, 16gb ram, 512 ssd.
FWIW, it gives you a warning and the chance to disable analytics before sending any analytics. https://docs.brew.sh/Analytics
> Homebrew gathers anonymous aggregate user behaviour analytics using Google Analytics (until our in-progress migration to our own InfluxDB). You will be notified the first time you run brew update or install Homebrew. Analytics are not enabled until after this notice is shown, to ensure that you can opt out without ever sending analytics data.
That is a very simplifying view of the legal situation and that's not helpful at all.
First, it only applies if you collect PII - depending on what they collect, they might not be subject to the GDPR at all.
Second, informed consent is only one of the options that allows collection and storage of PII. There are various other reason that allow collection and storage of PII, among them "Legitimate interest". For example, it is considered legitimate to store webserver logs containing PII (IP Addresses) for purposes of fraud analysis, unauthorized system access etc. Whether a specific collection of data is legitimate under those clauses depends on the specifics of a case (who has access, what's the exact purpose, how long you store, ...) - ask a lawyer if you need an assessment.
Depending on what they log and how they log, they may be either in the clear or in a bad place, but it's definitely not as simple as "the law requires no logging".
The analytics page describes them tracking information across time with a unique user identifier. They claim that identifier doesn't identify you, but it's attached to an exact Brew install so it does track your personal account on your machine at the very least; I'd classify that as PII.
Had they not submitted unique user tokens I think you mag be right. However, that's not how the analytics seem to work.
The law does allow logging for a variety of things but in this case I'd say they're in the wrong. They assume that it's okay because they don't track you across websites and that's good to know, but that's not the point.
I don't think that's true - AFAICT there's no EU law banning analytics. EU law just restricts storing & processing _personal_ data (GDPR) and storing unnecessary data on machines without consent (ePrivacy/'cookie law').
If you want to log fully anonymized data, without persistent tracking ids and without leaking personal data to 3rd parties en route (so no "send it to Google and they promise to anonymize the IP afterwards") then you're all good (but IANAL!).
The only reason you see all those cookie notices and GDPR consent requests is because so few companies are willing to accept even the tiniest tradeoff in their metrics to protect their users' privacy.
> EU law just restricts storing & processing _personal_ data (GDPR)
To be clear to anyone reading: using Google Analytics without a non-Google-hosted anonymisation step breaks GDPR. This _has_ been litigated in court in several countries. There's no "ifs" or "buts" about it.
There's an implicit _for websites_ on there. Has it been litigated for non-website use like this where the program can control which fields are being submitted?
GDPR doesn't distinguish between websites and applications. It's about collection, storage, and transmission of personal information. No matter who, what, or where. One of the core pieces of information cracked down upon by the French DPA CNIL is that the IP of a user is considered protected under GDPR.
The German DPA has ruled that the usage of Google Fonts on a website broke GDPR because it forced the user's browser to reveal their IP to Google.
I think it’s not cool when orgs track telemetry with opt out. But it’s not cool like when you’re at a party and you go off and fart in the corner as no one’s there and then a few seconds later someone walks by and smells it.
Continuing the analogy, telemetry with no opt out is like farting silently amongst a group of people. And tracking identified user requests while selling data is like slapping each person at the party while farting in their face.
And I guess opt in telemetry is like holding in your fart and people notice and might feel some discomfort at your discomfort.
You forgot 3) Complain at different intensities, up to the shaming, about the unethical dark patterns employed by the software, no matter whether it is open source or not, to make authors of the software aware, that what they do is not welcome by their users.
I use Little Snitch to alert on any outbound connections and make a decision. The google stuff immediately got a permanent blackhole for Homebrew. Anything I'm uncertain of I'll give a short-term approval (30mins) to not break anything. After a couple of rounds of execution (and sometimes some trial & error) you can usually work out which requests are essential and which are some notifications/tracking thing.
I can't recall, though this approach isn't specific to homebrew. I block it permanently at a network/process level rather than having to remember to set a ENV var.
Thanks, a quick search on the home brew page brought no guidance on how to configure these settings. I can't remember if this is in the .bashrc or in some other obscure config file, would be great to mention this if you recommend changing settings to your user base.
After many years, I tried Django again and it has left me quite cold. Both Rails and Laravel have more tools to be productive.
In both Rails and Laravel, with a couple of commands you generate all the code to have the authentication system (frontend included), in Django you have to write it yourself (how many millions of times has this part been written? Does the world need you to do it again?).
Scaffolding: Both Laravel and Rails have tools to generate the code for a simple CRUD, Django does not.
Valid points! I basically copy over my auth templates and tweaks from one project to the next but it should be a basic working auth out of the box (unstyled templates).
