The same can happen for maven, crates, gomods, and other.
Yes.
The problem is [intricate dependencies]
Nah. Dependencies are fine. The method of bringing those in and validating them is where the supply-chain risk accumulates. We knew better when we still had mentors.
Only a risk to those using npm; doesn’t matter where they exercise those bad dev procedures. Don’t quit using GitHub if you’re already okay with all the other issues it has.
strongsuit
Not a word, my dude.
deduce private jet expenses
I can deduce it right from a receipt, if they give you one.
Still container-dependent?
That’s a weird way to spell CALGARY.
Sometimes, an app can be an app and not some hosted web service mess.
The call center places in Canada are usually maritime and are fluent in both (or none if their timezone is 30 min ahead ;-) ).
The onions are pretty strong here. AND the dust.
If the anti-cheat is client-side, that’s a solved problem, thanks to avoidance.
Source: garden state parkway and i287.
Remind me of the recent source ownership issue? I thought there was a “thanks for all the community work over a decade and we want to participate; oops now we own it” story.
This.
You install a virus scanner on your smb fileshare or your mail server, for instance, and pipe attachments through it to protect windows boxes. That’s the only sensible use.
Yet, idiots make policies like “all servers must have AV installed for safety” and thus some shit app sucks down all the CPU time and scans memory (ohai PCI compliance) just because the CTO doesn’t know what ‘less’ does.
OCIS is a modern app that is massively better since its written with modern languages / frameworks
Ah, the sparkle makes it better? I know a guy who made his RAM light up in his plexiglas case, and claims it made the computer faster. Same deal?
OCIS talks a good talk, almost suggesting it’s enterprise and scalable and such, but it still suffers from the same supply-chain risk that all the black-box container miasma does, and the same “just get your kerbal space shuttle launching and then you too can host this awesome simple install” math. The ‘single black-box binary’ isn’t a good fall-back measure.
Now, I realize I’ve cast aspersions on our holy neu-paradigm installation fad, and I get the downvotes. If people don’t understand why validation is an important part of the validation-proves-consistency-thus-reliability of enterprise build/release, that’s okay. Most people don’t know they even need proper releng practice anyway, but may react with downvotes. But we need to do better where it matters; and that’s a line that’s going to seem as arbitrary as a bedtime is to a tween.
Kaspersky isn’t there to protect us; just to fill a niche and create business for itself. Idiot nepo CTOs who don’t know better can be coerced to sign a fud-based invoice and then they make bank.
Npm says what? Random appimages and flatpaks would like a word as well.
It’s true we generally need no antivirus - so far every demand to install one is rooted in stupidity, including policy built by stupidity - but we’re losing the struggle to not install random shit like idiots.
a …software
That’s like asking for 1 happy.
And that’s where I stopped.
Appimages and flatpaks frustrate validation and thus break iso27002.
Anything else?
Having seen the YouTube, I’ve learned the ONLY chant for the train queue is “im-ho-tep! Im-ho-tep!”
The installation workflow begs for supply-chain exploits. Given this and its oob install, it probably breaks iso27002 as well.
I’ll wait. NextCloud and OwnCloud both have 27002-compliant installs (the latter needs some review), so I need to stick with those.