It's very surreal in this era of disposable websites that change every 6 months to go hunting for sites you visited regularly 10, 20, even 30 years ago and find them still online, and almost entirely unchanged in all that time. Just kinda preserved in amber by some blessed webmaster keeping their server online for decades after decade.
Sure is "funny" how every single time someone "comes out" about "having concerns about trans people", they "come out" as a fascist within 6 months.
Every.
Goddamn.
Time.
Is it a tech interview, or is it several hours of free security consulting...
Lukewarm take
For moderate temperatures, hoodies are the S tier item of clothes. Everything else falls below them.
Thermonuclear Take:
You don't need that 15th spare USB cable.
Anyone else remember the old game The Incredible Machine?
Hot take:
I blame the modern trend towards containerization of code as a not insignificant partial cause for all the recent package repository breaches being as bad as they are.
Okay, hear me out.
When a developer had to get her code to actually build on a machine she doesn't have full control over, it's in her own best interest to keep the dependency graph comparatively straightforward and oftentimes statically linked. If she's trying to build on an arbitrary server OS, she won't want her dependency's dependencies's dependency to suddenly be angry about some random library that is installed in a different version and bork the whole thing. So the application and its dependencies remain more tightly coupled.
When an application can be shipped in a container, a developer doesn't have to worry about his container image changing unexpectedly. He can define the whole manifest and get it built the same way every time. Which sure, is good for reliability in the sense that it's going to build the same way on a desktop and Azure and AWS and GCP. But that also means it creates weird incentives to just add all sorts of 3rd party libraries to the package manifest whenever he wants without even thinking too hard about it, because why not? As long as it builds in the CI/CD, it'll be fine. A sysadmin won't come along and run an update and break shit, it only gets updated on a redeploy.
But of course, now it means that dependency graphs sprawl uncontrollably, because there's way less back pressure to keep your dependencies under control.