|
Kent Sharkey wrote: I was 3/4 convinced that people would be telling me I was an idiot for complaining about npm/winget/gem/the-rest. I'm glad to know I'm not the only one that this gives indigestion to. No you are not alone in this.
Quartz article end: Mike Roberts, from Kik, said in an interview that he regretted not reaching out to Koçulu himself in the first place. ”From my perspective,” he said, “open-source, the community, is about helping each other out.” First step: a lawyer asking
Second step: a lawyer threatening
Third step: a lawyer trying to buy
Fourth Step: a lawyer threatening even harder but to someone else
Fifth Step: Screwing the little private person
everything blows up
A manager of the triggering company says "he regrets not reaching out in the first time" ???
really? C'mon... we are already old enough to now that this is utterly bullsh1t and dictated by the PR to try to give a "not do evil" impression
NPM: “Un-un-publishing is an unprecedented action that we’re taking given the severity and widespread nature of breakage, and isn’t done lightly,”
This action puts the wider interests of the community of npm users at odds with the wishes of one author; we picked the needs of the many.” After putting the interests of a company over the copyright of one author that was there first, that surprisingly doesn't have the resources or the desire to have to fight for it.
They should both get sued for being assh... and npm should be forced to recompile everything repairing the mess without overrunning the author's right to do what he wants with his code / package.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Of course, the real problem here is that you can be bitten by this even if you have no intention of downloading random blobs of code from random developers. You could just be trying to consume packages from your responsibly-curated private Azure Artifacts repo (for example), and this attack can surreptitiously insert random code because the package manager (for some stupid reason) prioritizes random public packages from an upstream source over your internal ones unless you take ridiculous measures to prevent it.
|
|
|
|
|
LaserFactory cuts out a shape, then adds circuitry and components. Now just hook it up to SkyNet and we can relax...
|
|
|
|
|
Don't be so paranoiac... they are not armed...
yet.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
The C#/WinRT team is excited to announce our latest release, which includes a preview of C#/WinRT authoring with the latest C#/WinRT NuGet package, as well as updates to the .NET 5.0 SDK with the .NET February update. For those few C# developers targeting Windows
|
|
|
|
|
Favicons can break through incognito mode, VPNs, and Pi-holes to track your movement online Is it a tart? A flan? No, it's SUPERcookie!
|
|
|
|
|
Quote: The tracking method is called a Supercookie, and it’s the work of German software designer XXX YYY. Really? I suppose this guy is trying to get recruited by G00gle or Farcebo0k...
or maybe he is tired of living...
Because I suppose that some people would even like to have him face to face, specially those depending on some of those technologies to remain as much private as one could be (until now )
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
This post will discuss the unique combination of features that Scala provides and how it compares to other languages on the market, diving beneath the superficial experience to explore the fundamentals of the language. Because one leg is both the same?
|
|
|
|
|
A recent survey commissioned by IBM and conducted by O’Reilly highlights the need for open source skills in the competitive field of hybrid cloud development. Yup - that's source code. A+ for me!
|
|
|
|
|
field of hybrid cloud development.
What's that? A mix of stratus, cirrus, cumulus, altostratus, stratocumulus, altocumulus, cirrocumulus, nimbostratus, ...and the list goes on... cloud types?
Seriously, I have no idea what "hybrid cloud development" means.
|
|
|
|
|
Building something that looks like a commercial cloud setup but hosting it in your own data center. Optionally with the ability to also deploy to commercial cloud servers (either for lower security/latency sensitive applications if external cloud is cheaper, or capacity management if the internal servers get maxed out).
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
Microsoft has urged customers today to install security updates for three Windows TCP/IP vulnerabilities rated as critical and high severity as soon as possible. As opposed to all the others?
|
|
|
|
|
Windows 7 need the patch too... Options:
1) The bug has "only" been there for 12 years
2) The bug was there for more, but they don't even try to fix it in previous systems (I know, I know, but the real usage is still out there)
Either way I can't avoid to be bit skeptical... only because they were "just published" doesn't mean that they were "just discovered".
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Vista and prior are beyond the 3 year pay for patches because your IT is too cluster ed to upgrade on time window. Only the most apocalyptic vulnerabilities get patched outside of that (or have public patches released in the pay for patch window). IIRC the last time that happened was when someone pwned a big collection of NSA hacking tools.
As a paid only W7 patch this doesn't qualify. Probably at least in part because it's a bug in something that is default disabled.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
Google steps up its game on open-source security. That should make the hackers' jobs easier
|
|
|
|
|
Can't they borrow this to Microsoft?
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Bing now fixes bad spelling in searches across 100 languages. Sew ewe khan git write stuff
Sorry, ran out of misspellings there (worked myself into a corner)
|
|
|
|
|
|
The intrusion was detected right away and the hacker's modifications have been reversed right away. Why it's safer to stick with gin
Crazy talk idea here, but why is the system that can control the sodium hydroxide available via the internet?
Oh, sorry, it may not be connected to the internet, just available remotely. Much better idea, I'm sure.
"The intrusion took place on Friday, February 5, when the hacker accessed a computer system that was set up to allow for the remote control of water treatment operations."
|
|
|
|
|
Kent Sharkey wrote: Crazy talk idea here, but why is the system that can control the sodium hydroxide available via the internet?
Oh, sorry, it may not be connected to the internet, just available remotely. Much better idea, I'm sure. hear hear...
or Smart storm counters...
or other stuff (sadly there is more than enough examples)...
I just wonder when things like in Blackout (Elsberg novel) - Wikipedia[^] or in Live Free or Die Hard (2007) - IMDb[^] are going to blow up under our nose, just because some idiots "IT Decission makers" (to quote the item below) just screwed it (in addition to not giving enough money to properly develop things)
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
If only they had watched and followed Admiral Adama's philosophy from Battlestar Galactica
"I will not allow, a network computerised system to be placed on this ship while I am in command!"
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
|
A new report finds that open-source technologies have huge potential, but it is still largely untapped. "But if you ask for a raise It's no surprise that they're giving none away"
|
|
|
|
|
Kent Sharkey wrote: "But if you ask for a raise It's no surprise that they're giving none away" Yes, they are giving raises... but 2 x 0 = 0
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Kent Sharkey wrote: How much are open-source developers really worth? Hundreds of billions of dollars, say economists
Well, the solution is clear: Stop contributing to open source projects unless there is a compensation plan of some sort.
It strikes me that things like bug bounties are one possible answer to the compensation offering but are not universally suitable. I think that code contributions need to be compensated more often than they are in order to maintain ecosystem sustainability. If the project has no money (i.e. that is to say most projects, even some that might actually be important) then (a) it needs a monetisation plan and (b) it need to issue equity to contributors such that they are compensated in the longer run if and when the monetisation plan pans out. Such a monetisation plan could, of course, be "we'll get bought by a corporation" and that would be one possibility. E.g. Jam tomorrow, hopefully, for work today, on a risk-sharing basis for contributors.
This is not to say that contributing on a personal basis to a project merely because you like it or because you think it is of value to the world is wrong! But it's not a sustainable way forward for the open source ecosystem as a whole any more. Not that it really ever was, of course.
And now, having written that, I'm off to fork the open source projects I'm currently relying on before the project managements decide to monetise them at my expense!
|
|
|
|
|
Fifty years ago, on February 5, 1971, Apollo 14 touched down on the Moon. As well as equipment for attempting to determine the internal structure of our satellite, and to measure the composition of the lunar atmosphere, the astronauts took with them a six-iron golf club head and some golf balls. It's in the rough
|
|
|
|