evana

evana, 21 days ago

@danderson y'know, that worries me more than "may contain curl". You made the thing... you should know if there's curl in there or not!

evana, 20 days ago

@IzzyOnDroid @danderson I guess I need to be more clear:

I think it's unfortunate that our tools don't automatically record what they put inside. I'm hopeful that the addition of SBOM requirements for federal contracting will help drive improvements in the tooling so that we can get the contents of our software automatically.

Right now, I'm hearing that we know everything that goes into the factory, so we assume that all of that goes into the Twinkies that come out. Including the bolts...

evana, 20 days ago

@IzzyOnDroid no problem! The post went a little further than I expected, and I wanted to follow up with how I thought we could genuinely make software better.

evana, 1 month ago

@danderson Docker Desktop is still there.

And, given my experience the last time I tried using podman (or Lima) on a Mac, it's still a pretty good choice.

evana, 1 month ago

@danderson @jorge some feedback on bluefin marketing...

evana, 1 month ago

@danderson @jorge I meant that the feedback on getting rid of the tagline also removing the rest of the intro.

And I think "makes AI and LLM easy" is just one use-case, so maybe there's a way to include that without excluding other use cases. But I know Jorge was looking for feedback at KubeCon, so I figured I'd connect him.

evana, 1 month ago

@Di4na @jwildeboer if it's not building and running on the target platform, I'm not sure I'd consider that "maintained". At the same time, I'll also acknowledge that C/C++ tooling makes adding a new platform much harder than a library upgrade, and a lot of software ends up with those types of dependencies.

evana, 2 months ago

@matthew_d_green you mean as opposed to when they did experiments to see if making people angrier boosted their time spent? I'm not shocked at all.

evana, 2 months ago (edited 2 months ago)

@mekkaokereke @vonneudeck @dascandy42 you might have missed one last "France" string while editing. This comment helped me figure it out.

> The prime minister of the DRC asked the US government for help not being bullied by France.

Is the one that got missed, I think. (Or there is caching going on in the fediverse...)

And thank you! I did not know this, but it explains a lot.

evana, 4 months ago

@Quinnypig I had it happily make up that you can use RDS IAM authentication to connect using the RDS Data API. I logged a support ticket when it didn't work, and a week later the poor support person came back from the team with "no, that doesn't work, you can only use static credentials in secretsmanager to connect".

I wonder how much it's costing them in extra support...

evana, 4 months ago

@foone I'm assuming that your problem is that you want to accurately set the creation_time metadata on e.g. an mp4 file, not that you're trying to read it back out: https://superuser.com/a/1497131

I'm also assuming that your recording device's time is reasonably accurate / synced to NTP.

Interestingly, it seems like phones probably get this right, so if you could control a phone, it might just work...

evana, 5 months ago

@danderson have you considered doing the transformation between form shape and database shape behind the API, rather than in the rendering/client layer?

There was at least one YouTube app transition while I was at Google where the big win was basically making the homepage load be a single denormalized API call for all the different content.

evana, 5 months ago

@kstewart Despite being written mostly in #golang , Knative switched to the material mkdocs site generator about a year ago and found it much easier to extend when needed than Hugo.

evana, 5 months ago

@danderson so if you trigger the detonator signal, you'll probably get fired?

More seriously, it's interesting to see what safety commitments look like in actually industries (and how hugely they vary).

evana, 6 months ago

@mekkaokereke I missed this, but it sounds hilarious. Link?

evana, 7 months ago

@foone Hope it does better than my Thinkpad... Opened it a week ago to a BSOD, and now it won't boot into hardware diagnostics, though I sometimes get BIOS.

evana, 7 months ago

@PaulDavisTheFirst @mekkaokereke @maggiemaybe yeah, I'd be very nervous letting SBF anywhere near the big pile of money needed to repair harms done. On the other hand, I'd love to understand what restitution looks like in this case -- it's so much easier to destroy (and then counter-destroy as "punishment") than to build.

Fortunately, there are a lot of people out here (a vast majority) who prefer to build. That doesn't prevent all harms, but it gives me hope.

evana, 7 months ago

@lcamtuf it's amazing how hard it is to secure a system whose job it is to compile and run arbitrary code.

evana, 7 months ago

@BlackAzizAnansi

early Tesla Model X: what a pain! It's a huge vehicle that really just wants to be a computer. Interior space doesn't match up to the size, and repairs are expensive.

e golf (used, 14k this year): only a city car, but it's remarkably nice and big on the inside while small on the outside. Only 70 miles range, though.

When we have a choice, both my wife and I choose the eGolf (got it this year when it became clear that our kids activities would benefit from it).

evana, 8 months ago

@interfluidity @dpp it's probably worth understanding what the goals are -- is it to produce flashy, popular software, or to sustain existing critical dependencies. I'd be concerned about awards for achieving popularity thresholds encouraging a "launch and flee" attitude. (Historically, Google's promo process heavily weighted launches, for example.)

Personally, I'm more concerned with curating our existing investments and reducing "abandoned but ubiquitous" libraries and dependencies.

evana, 8 months ago

@dpp @interfluidity @alice_i_cecile I think @tidelift is doing some private related work in this space...

There's also the problem with abandoned-but-popular packages that moving them under responsible ownership is somewhat isomorphic to a supply chain attack.

evana, 7 months ago

@dpp @interfluidity @alice_i_cecile @tidelift My point was not to replace pubic funding with private enterprise, only to learn from work already being done.

evana, 3 months ago

@mekkaokereke @adam42smith I appreciate you handling it gracefully and helping correct the record, rather than quietly letting the correction languish in obscurity.

Being willing to admit error also helps me trust the rest of it more, so you have that going for you, too!

evana, 4 months ago

@mekkaokereke @courtcan I was shocked a few years ago to notice someone out for a trail run in Cougar Mountain Park near Seattle concealed-carrying a pistol. We were about 2-3 miles from a road, but probably 30 people / hour would go by that spot. Was glad to pass by and get going back down the slope with a ridge between us.