Derpelopment   page 2   random order

The whole IT ecosystem has become a hail mary. Even admins usually have no idea what a certain program actually wants to do. If the admin knows how to install the app so that it actually runs, you call them a good admin.

From a security point of view, an application is like a nuclear power plant. It's good if it works as planned, but if something blows up it endangers your whole enterprise.

The whole container movement can be seen as putting the apps in a sarcophagus like Chernobyl. That way the radiation hopefully stays in, but history has shown that it really doesn't. Also, the wheel of history has just turned one more iteration and now admins just view the sarcophagus as something you deploy as you previously deployed the app. Who is responsible that it is air tight? Well, uh, nobody, really.

https://news.ycombinator.com/item?id=31177514

Recent years saw a number of supply chain attacks that leverage the increasing use of open source during software development, which is facilitated by dependency managers that automatically resolve, download and install hundreds of open source packages throughout the software life cycle. This paper presents a dataset of 174 malicious software packages that were used in real-world attacks on open source software supply chains, and which were distributed via the popular package repositories npm, PyPI, and RubyGems. Those packages, dating from November 2015 to November 2019, were manually collected and analyzed.

https://arxiv.org/abs/2005.09535

We do programmers a disservice when we act as if the conversation about the growing threat of legacy code begins and ends with COBOL. A whole generation of software engineers are spending their careers making the problem worse by outsourcing all but the most unique aspects of their applications to armies of libraries, plugins and modules that they are powerless to monitor let alone update.

The real horsemen of the legacy apocalypse is the depth of the dependency tree. Modern software development stacks abstraction on top of abstraction. If the left-pad incident of 2016 proved nothing else it demonstrated that even experienced engineers will YOLO dependencies on to their applications if given the infrastructure to make installing them easy. Modern developer environments are a veritable candy store of cheap and convenient dependencies.

https://medium.com/@bellm ... r-every-year-3bd24c7f2262

I live in Eastern Europe. A local city with a population of 300-400k was hit with a near total ransomware attack. The hackers asked for 400 bitcoin.

The mayor answered to them on TV "You fools, we still do most things on paper here ! We'll just spend the week-end installing windows and word and F** Y* !!!"

comment on "US companies hit by 'colossal' cyber-attack"

People blame developers but it's all driven by a product mentality that favors rapid iterations and technical debt to run business experiments on customers. Slow-and-steady, carefully written software isn't tolerated within many product orgs these days.

https://news.ycombinator.com/item?id=24229852

I encounter daily young people who are so stricken by anxiety about productivity, because they can't explain how they will actually benefit from the outcomes. Being productive is really hard when any value produced immediately and only goes towards lining the pockets of the wealthy.

https://news.ycombinator.com/item?id=36366520

The reason why we don't have rockstar engineers is because the markets been filled with talentless hacks who can't code their way out of a paper bag without a jira epic breaking it down for them.

https://news.ycombinator.com/item?id=36524803

In order to refocus the Firefox organization on core browser growth through differentiated userexperiences, we are reducing investment in some areas such as developer tools, internal tooling, and platform feature development

https://blog.mozilla.org/ ... ge-in-Difficult-Times.pdf

The ruling class wants slaves.

Be it animal, human, or machine. In every case where something made a better slave, capital has switched to using it.

Recognize what class you're in and see it for what it is (lotta people identify with the ruling class on this site), but don't pretend for a second us tech workers are somehow insulated from being workers. No one will care when we're homeless on the street anymore than the current group of i-got-mines care about the current homeless.

https://news.ycombinator.com/item?id=36830411