Package management systems are scary before packages are abandoned too. Your production infrastructure is trusting some random developer/s to both do the right thing and not get hacked.
That’s not to say oss cannot be trusted, but it certainly makes trusting smaller projects and packages scary.
Sorry I should have clarified that I was referring to language based systems (cargo, pip, npm, etc). But you do raise a good point, it’s less about the concept of package management and more around the point of curation and central security guarantees / policies / procedures. In theory RHEL package management system could have similar problems to cargo or npm, but they are much better funded and thus managed.
In practice, not principle. Virtually every non-trivial upstream package in debian/fedora/arch/whatever has at least a handful of distro-specific patches. Sometimes they're just configuration, sometimes they're distro-maintained security fixes, etc...
But people exercise those features regularly and distros are not shy about maintaining software. It's a very different world from "We Just Ship What They Give Us" in npm/cargo/etc...
There's plenty of open source things from Google and Microsoft that's been abandoned too; so you'd need to evaluate the project independently of the sponsor.
This doesn't apply to close source things because you wouldn't be able to use it in the first place.
I really hate it when various packages expect users to add their custom repo. Especially for something where I don’t care about updates.
Feels like every little thing should be in its own docker container with limited filesystem access. Of course that is a whole lot of trouble…
The dependency trees in cargo/pip also greatly bother me.
VS Code extensions are also under appreciated. Some turd makes a “starter pack” for rust/python/etc with a great set of common extensions… plus a few that nobody has heard of… Over time, they reach 50k-100k downloads and start to appear legit… Excellent way to exfiltrate trade secrets!!!
Exactly. I wonder if this a purpose-built image-recognition system, or is it a lowest-possible effort generic image model trained on the internet? Classifying a Black high school student holding Doritos as an imminent shooting threat certainly suggests the latter.
iOS user with clear eyesight here, the article just ends for me too - other users have suggested there’s an imgur video embedded somewhere but I can’t see where, just some awkward photos of a ball pit vacuum washer.
You need to consider your location known to the government at all times if they know they'd want it beforehand. Most places are either surveilled heavily or sparsely populated, i.e. good for satellite-based observation. Maybe also to big enough corporations if they really want.
This does not imply that it is easy to track everyone everywhere at all times. I guess most targeted ones would like to protect their communication, and even meetings in person are possible if you keep some safeguards.
reply