Same same

I recommend it. Try to go in blind.

I feel lucky to have avoided this so far. It’s really not like this on my team. I write a fair bit of code and review a ton of code.

Code talker?

When someone is having a computer problem I ask them to restart first. Not because I think they don’t know to do it, but just in case. Some people don’t know. Sometimes people forget. Obvious advice is useful sometimes.

Yeah! Like that!

I dunno about stdx as a solution. It’s just not a big enough list.

At work we build a big java thing and we:

• Manually import all dependencies, including transitive dependencies.
• Bless them by committing their hash to our repo. I think the cargo lock file does something similar.
• Audit the dependencies by hand. Sometimes that’s reading them all and sometimes thats less. Honestly, it’s often less. A few times it’s being members of the upstream community.
• Don’t allow running as root
• Drop all permissions we don’t need with seccomp including reading a bunch of stuff
• Sandbox each thread based on what’s on the stack. Untrusted code can do less stuff.

It’s still not enough. But it helps.

Maybe a web of trust for audited dependencies would help. This version of this repo under this hash. I could see stdx stuff being covered by the rust core folks and I’m sure some folks would pay for bigger webs. We pay employees to audit dependencies. Sharing that cost via a trusted third party or foundation or something feels eminently corporate. Maybe even possible.

Amazon is certainly interesting for open source. They’ve caused me and my friends a fair bit of trouble but they have made some real contributions. I feel like they only do it when they have to though. They are quite happy to take others work and give nothing back.

They just feel very disingenuous. Opportunistic. A bit sleezy. But some of my favorite open source hackers work there and do good work. It’s hard.

We knew spooks were all up in the phone network. They’d show up and ask installers to run them some cables and configure ports in a certain way. I was friends with folks who were friends with the installers.

I work on software for finding things and summarizing stuff. We were one of those Apache 2 -> other relicenses a while back.

I can’t really talk about specifics. But we all have a working imagination though. I think about it a lot. But I still do the job. There are good folks doing good things with it.

I’m a pretty good engineer. Not the best I’ve ever met by a long shot, but I’m good. But I’m very outgoing for an engineer.

Ironically, that’d describe both my parents too.

I had this one weekend when I was in tenth grade where I did nothing but write code on a fun project. Then I decided I didn’t like writing code. I don’t know why. Kids are weird.

I decided then I couldn’t make it my job. I managed not to program for three years. It turns out I’m bad at everything else. Miserable.

That was 22 years ago. That’s still all I’m good at.

Pre-merge code review should stop that kind of thing. I honestly haven’t seen anything like this in years.

Chrono Trigger. The Magus Fight. The music.

FF6. Magitech Factory. Also music.

Metal Gear Solid. Psycho Mantis. Late at night. Tired.

Eternal Sonata. Last Fight. Intro line.

Hades. Final boss. Extreme measures 4.

NES Tetris. Crashing.

I heard somewhere that’s what they were trying to say when they made at first. The episode just didn’t work. DS9 redeemed them.

Do folks still use logstash here? Filebeat and ES gets you pretty far. I’ve never been deep in ops land though.

The sky above the port.

I put googly eyes on things.

I’ve been using a sonicare for years now. I think it was expensive but it’s lasted forever and does a great job.

I was bored on an airplane a while back and discovered a Japanese movie adaptation of A Door Into Summer: https://www.rottentomatoes.com/m/the_door_into_summer

It’d been 25 years since my mom read the story to me so I can’t tell you how accurate the adaptation is but it hit the parts I remembered.