We have a scanner that does that on every build.

It blocks builds for dependencies with

• licenses not acceptable to Legal
• serious or critical vulnerabilities.
• political messages, even if you agree with them
• we may also add a criteria to block non-release dependencies.

As a developer, you’re free to use anything that works

I have yet to figure out how my company views contributing back to open source. I don’t know of anyone actively doing that, but it turns out we host a few originals of open source. I’ve been trying to improve development processes, get tools and dependencies up to date …… but then I ran into things where it’s a bigger change because of the downstream opensource dependencies and because it’s not really owned by the company

No one brought up ai yet? No, srsly ……

My opinion on these licenses is theoretical since I haven’t actually developed any open source.

However an analogous scenario which DOES affect me, and most people here ….

• I’ve posted my opinion online in various places. Offered freely to the public to do as they please.
• I’m fine with companies making money off providing the aggregate of such efforts to the public, such as by advertising. However my pseudonym retains credit and the audience is open

All well and good until AI came along and everyone sees a potential jackpot. And there’s Reddit, wanting a bigger share of that jackpot. They’ve taken the idea a step farther and I’m not ok with it. I guess I don’t like the restrictions and I don’t like the extra levels of profiteering: Reddit makes money off providing my content in a limited form to private companies. They in turn make money off AI trained by my content, to a limited audience and there is no longer a portion credited to my pseudonym. Technically they’re in the right since I never thought to prevent this scenario, but they’re not using it in the way I expected/intended/ was told

Also, check back in a month. Sometimes a domain squatter will just never at, hopin to flip it before the registrar takes it back

Oh. Yeah. Nothing to see here. Everyone carry on

I’m in the US but suddenly need to take a couple weeks vacation because my European employer has some weird fiscal year nonsense going on. Apparently the current year is 2025 and my “rollover” vacation days from 2024 expire soon

Nitpicking here, but I’ve never seen anyone actually spell out the word “quote” in this context, when typing it online. We have a special character for that

The problem is buying means nothing about whether it is legit or whether a company decides they want it. It only means you reserved it. Any disagreements are hashed out after the fact in court. It’s not a game that individuals can afford to win vs a corp

Step 0). Decide if there’s anything you dont want on a common server.

I realized long ago that my projects sometimes stall out partway through. However some things need to just work, regardless of where I am in a project. HA is a great example of something that manages itself (so less advantage to the VM) and that I want always available, so even if I decide to go down a route like you are, HA stays independent, stays available

I’m not entirely sure what those movies are like, and don’t want to know, but ……

My Mom watches horrible Hallmark stuff constantly. As far as I can tell, every movie has the same plot, they are low quality, etc. The thing is they are simple feel good movies for her. She finds them relaxing and gets good feelings from them, perfectly appropriate for “entertainment “.

If there is any parallel here, my point is that you don’t have to appreciate them for your Mom to. Why does it matter whether you agree with the movies or not: do you love her? Do you want to help her with entertainment that makes her feel good /relaxed/entertained?

Maybe. I do more DevOps these days, so tend to have many small changes that can’t even be tested without checking them in and running in CI. I’d have hundreds of “fix unit tests” commits alone

For some definition of interesting …. The quashed commit whose message is a Jira ticket number and title?

That’s an important point for the youngsters here who think Linux was always a thing: x11 far predates Linux

No, it’s in Massachusetts, just west of Boston

Does it have more ships, more planetary systems under its thrall?

https://www.theguardian.com/technology/2013/nov/21/information-commissioner-investigates-lg-snooping-smart-tv-data-collection

https://www.cnet.com/news/privacy/samsungs-warning-our-smart-tvs-record-your-living-room-chatter/

https://www.theguardian.com/technology/2022/jan/29/what-your-smart-tv-knows-about-you-and-how-to-stop-it-harvesting-data

Yes, you should not be thinking about security in terms of an outside intruder here. Think about untrustworthy or potentially compromised devices.

• WiFi smart devices are notorious for calling home, possibly collecting data, even if you’re trying to use them locally.
• There have been botnets from unsecured video cameras, and even some compromised from before import.
• TVs report back what you’re using them for and when, even playing through hdmi, and some have been caught listening in to your private conversations.

How do you prevent these from happening, or limit what they can do? One way is to put them on a separate vlan without internet access (your HA or other hub can listen on multiple VLANs and be the gatekeeper) and without access to your computers.

That being said, for similar requirements, I found managing the more complex network to be too much hassle, and went back to a simple flat network

Yeah, I struggle with that.

• I’m not allowed to be called an Architect because the Lead Architect only allows product people in the role, however I’m equivalent rank.
• I spend way too much time doing project management, but I despise that
• I don’t lead a specific team or have people but I set requirements for engineering and sometime borrow people from teams
• I’m in the Quality Engineering organization but don’t do QA
• some people think I’m a Build Engineer, and I do set some of their requirements
• some think I’m AppSec, and I do try to fill their gaps and apply their work to the organization.

Recently, maybe DevSecOps sounds most accurate, and I avoid talking rank so I don’t piss off that Prima Donna

since I have mostly succeeded in avoiding JS, until this afternoon

Sorry to hear that. I hit the same pothole about 6 months ago. I had been so fine with avoiding JS, but the guys building our admin console broke their build and couldn’t figure out how to fix it. Even worse, then I had to write up best practices for JS

Same. My current role is most accurately DeOps or DevSecOps - my education actually predates “Software Engineer” but it was a Software degree from an Engineering school, and with a more technical focus than the similar degree from Arts and Sciences. But yes, every time I due process improvement, standards and practices, etc, that makes it “Software Engineer”. And every time I have to explain to developers how their stuff works, yes, I’m “The Engineer”, capitalized

My current employer is a first for me:

• engineering essentially have to use Macs. Windows is accepted but not supported
• all products are built and hosted on Linux, both cloud and on-prem