Conversation

Notices

1. Embed this notice
   Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 (jeffcliff@shitposter.world)'s status on Friday, 22-Nov-2024 15:26:45 JST Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧
   #mch2022_230 is an important topic
   
   > nobody reads the code anymore
   
   this is kind of the problem
   • Embed this notice
     Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 (jeffcliff@shitposter.world)'s status on Friday, 22-Nov-2024 15:36:48 JST Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧

     in reply to
     i'm really torn on this one https://media.ccc.de/v/mch2022-230-how-to-secure-the-software-supply-chain
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Friday, 22-Nov-2024 15:37:13 JST 翠星石

     in reply to
     @jeffcliff >He doesn't glance through the library before using it if it's from someone who isn't clearly a freedom enjoyer.
     Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 likes this.
   • Embed this notice
     Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 (jeffcliff@shitposter.world)'s status on Friday, 22-Nov-2024 15:40:09 JST Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧

     in reply to

     • 翠星石
     we need a table of @Suiseiseki freedom enjoyment level
     of the following format:
     < library , @Suiseiseki 's rating >
     
     i would link to it, even. like on http://b4hntuy3fimfh2227vf4f74emnya7p35i5brtqujs6leqvtclfwvjbqd.onion/FreeOS.html
     
     [ honestly i'm going to have to add an index to that table, when i add is_cloudflare on it ]
   • Embed this notice
     Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 (jeffcliff@shitposter.world)'s status on Friday, 22-Nov-2024 15:42:46 JST Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧

     in reply to
     > MIT the most popular open source license
     
     is this even true? I mean outside of github
   • Embed this notice
     Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 (jeffcliff@shitposter.world)'s status on Friday, 22-Nov-2024 15:46:16 JST Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧

     in reply to
     honestly it'd be interesting to see someone walk through the game theory of this balance between 'live at HEAD' and 'debian stable' and middle points
   • Embed this notice
     Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 (jeffcliff@shitposter.world)'s status on Friday, 22-Nov-2024 15:47:19 JST Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧

     in reply to
     live at head : https://abseil.io/about/philosophy#we-recommend-that-you-choose-to-live-at-head
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Friday, 22-Nov-2024 15:49:52 JST 翠星石

     in reply to
     @jeffcliff Generally I primarily check the licensing and if I see that each nontrivial file has an -or-later license header, all is good and the software clearly is written by a freedom enjoyer.
     
     If I see an absence of license headers and a lack of statements as to what files are under what licenses, the library becomes suspect and may be nonfree and contain malware.
     
     
     MIT expat is the most popular license on github, but really not anywhere else.
     
     People only really mindlessly select that license without reading it when github invites them to use it incorrectly.
     Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 likes this.
   • Embed this notice
     Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 (jeffcliff@shitposter.world)'s status on Friday, 22-Nov-2024 15:51:35 JST Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧

     in reply to
     asks
     @38:00
     
     * If I install this dependency does it run a shell script on my machine immediately?
     * Does it have native code / binary blobs?
     * does it talk to the network when it runs?
     * does it access/run shell commands/access environment envirobles
     * does it have spyware/telemetry
     * does it phone home to maintainer
   • Embed this notice
     Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 (jeffcliff@shitposter.world)'s status on Friday, 22-Nov-2024 15:52:07 JST Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧

     in reply to

     • 翠星石
     @Suiseiseki
     
     > MIT expat is the most popular license on github, but really not anywhere else.
     
     that's what i thought
   • Embed this notice
     Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 (jeffcliff@shitposter.world)'s status on Friday, 22-Nov-2024 15:54:01 JST Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧

     in reply to
     > shell scripts looks innocent and can be run
     
     yeah you'd think that Mr. Aboukhadijeh but i'm old enough to remember debian installing 'beep' setuid root with a "it's pretty innocent, the whole program is what 6 lines of code? go read the code and then say yes" warning on install for like a decade that turned out to be a bad idea because those 6 lines of code contained a privilege escalation attack allowing any user on the system to get root access using "beep"
   • Embed this notice
     Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 (jeffcliff@shitposter.world)'s status on Friday, 22-Nov-2024 15:55:39 JST Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧

     in reply to
     >Feross Aboukhadijeh
     > Follow me on Twitter and GitHub.
     
     i can tell
   • Embed this notice
     Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 (jeffcliff@shitposter.world)'s status on Friday, 22-Nov-2024 15:57:39 JST Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧

     in reply to
     there are python packages that would fail this that i've seen
     i would add
     * uses cython script as part of its install process rather than regular python install procedures
     
     but unlike Aboukhadijeh i have 0 data on malware using this
   • Embed this notice
     Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 (jeffcliff@shitposter.world)'s status on Friday, 22-Nov-2024 15:58:43 JST Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧

     in reply to
     > app is github-first
     
     > but it seems like adaware-level advance in throwing a lifeboat to people drowning in vuln alerts
   • Embed this notice
     Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 (jeffcliff@shitposter.world)'s status on Friday, 22-Nov-2024 15:59:46 JST Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧

     in reply to

     • Fish of Rage
     @45:30 or so similar to the kind of "more permissions in practice" from a recent
     @sun post