Hot take:
I blame the modern trend towards containerization of code as a not insignificant partial cause for all the recent package repository breaches being as bad as they are.
Okay, hear me out.
When a developer had to get her code to actually build on a machine she doesn't have full control over, it's in her own best interest to keep the dependency graph comparatively straightforward and oftentimes statically linked. If she's trying to build on an arbitrary server OS, she won't want her dependency's dependencies's dependency to suddenly be angry about some random library that is installed in a different version and bork the whole thing. So the application and its dependencies remain more tightly coupled.
When an application can be shipped in a container, a developer doesn't have to worry about his container image changing unexpectedly. He can define the whole manifest and get it built the same way every time. Which sure, is good for reliability in the sense that it's going to build the same way on a desktop and Azure and AWS and GCP. But that also means it creates weird incentives to just add all sorts of 3rd party libraries to the package manifest whenever he wants without even thinking too hard about it, because why not? As long as it builds in the CI/CD, it'll be fine. A sysadmin won't come along and run an update and break shit, it only gets updated on a redeploy.
But of course, now it means that dependency graphs sprawl uncontrollably, because there's way less back pressure to keep your dependencies under control.
People who used to be in cybersecurity, but now do different jobs, what do you do now? I'm trying to think of what the shape of my last half of my career could look like, but kinda keep drawing a blank.
Both within tech/IT and outside of it. Or even if I needed to go back to school. Idk, just trying to think of other things that might be interesting.
Can I please get a:
"Fuck Hillary Clinton"?
Prem Thakker ツ
@premthakker.bsky.social
Hillary Clinton blames TikTok and “totally made up” videos for young people’s views on Israel and Palestine.
She says social media influenced “not just the usual suspects” but also “young Jewish Americans who don’t know the history and don’t understand.”
A lesser known Mastodon pro tip:
Want to mute a conversation, but the mute conversation button isn't appearing on the post?
The only way you can mute a conversation is on a post you have made in the conversation.
But the secret part - Say you want to mute it without actually participating in the conversation:
Reply to a post, set the visibility to "Private Mention", remove everyone's username from the post. Post it.
Then you can click "mute conversation" on THAT post, and it silently mutes you from the conversation.
