• 0 Posts
  • 45 Comments
Joined 1 year ago
cake
Cake day: July 9th, 2023

help-circle

  • We have a scanner that does that on every build.

    It blocks builds for dependencies with

    • licenses not acceptable to Legal
    • serious or critical vulnerabilities.
    • political messages, even if you agree with them
    • we may also add a criteria to block non-release dependencies.

    As a developer, you’re free to use anything that works

    I have yet to figure out how my company views contributing back to open source. I don’t know of anyone actively doing that, but it turns out we host a few originals of open source. I’ve been trying to improve development processes, get tools and dependencies up to date …… but then I ran into things where it’s a bigger change because of the downstream opensource dependencies and because it’s not really owned by the company


  • No one brought up ai yet? No, srsly ……

    My opinion on these licenses is theoretical since I haven’t actually developed any open source.

    However an analogous scenario which DOES affect me, and most people here ….

    • I’ve posted my opinion online in various places. Offered freely to the public to do as they please.
    • I’m fine with companies making money off providing the aggregate of such efforts to the public, such as by advertising. However my pseudonym retains credit and the audience is open

    All well and good until AI came along and everyone sees a potential jackpot. And there’s Reddit, wanting a bigger share of that jackpot. They’ve taken the idea a step farther and I’m not ok with it. I guess I don’t like the restrictions and I don’t like the extra levels of profiteering: Reddit makes money off providing my content in a limited form to private companies. They in turn make money off AI trained by my content, to a limited audience and there is no longer a portion credited to my pseudonym. Technically they’re in the right since I never thought to prevent this scenario, but they’re not using it in the way I expected/intended/ was told








  • I’m not entirely sure what those movies are like, and don’t want to know, but ……

    My Mom watches horrible Hallmark stuff constantly. As far as I can tell, every movie has the same plot, they are low quality, etc. The thing is they are simple feel good movies for her. She finds them relaxing and gets good feelings from them, perfectly appropriate for “entertainment “.

    If there is any parallel here, my point is that you don’t have to appreciate them for your Mom to. Why does it matter whether you agree with the movies or not: do you love her? Do you want to help her with entertainment that makes her feel good /relaxed/entertained?








  • Yes, you should not be thinking about security in terms of an outside intruder here. Think about untrustworthy or potentially compromised devices.

    • WiFi smart devices are notorious for calling home, possibly collecting data, even if you’re trying to use them locally.
    • There have been botnets from unsecured video cameras, and even some compromised from before import.
    • TVs report back what you’re using them for and when, even playing through hdmi, and some have been caught listening in to your private conversations.

    How do you prevent these from happening, or limit what they can do? One way is to put them on a separate vlan without internet access (your HA or other hub can listen on multiple VLANs and be the gatekeeper) and without access to your computers.

    That being said, for similar requirements, I found managing the more complex network to be too much hassle, and went back to a simple flat network


  • Yeah, I struggle with that.

    • I’m not allowed to be called an Architect because the Lead Architect only allows product people in the role, however I’m equivalent rank.
    • I spend way too much time doing project management, but I despise that
    • I don’t lead a specific team or have people but I set requirements for engineering and sometime borrow people from teams
    • I’m in the Quality Engineering organization but don’t do QA
    • some people think I’m a Build Engineer, and I do set some of their requirements
    • some think I’m AppSec, and I do try to fill their gaps and apply their work to the organization.

    Recently, maybe DevSecOps sounds most accurate, and I avoid talking rank so I don’t piss off that Prima Donna