Yeah. I have no idea what the answer is, just describing the nature of the issue. I come from the days when you would maybe import like one library to do something special like .png reading or something, and you basically did all the rest yourself. The way programming gets done today is wild to me.
I sort of have a suspicion that there is some mathematical proof that, as soon as it becomes quick and easy to import an arbitrary number of dependencies into your project along with their dependencies, the size of the average project's dependencies starts to follow an exponential growth curve increasing every year, without limit.
I notice that this stuff didn't happen with package managers + autoconf/automake. It was only once it became super-trivial to do from the programmer side, that the growth curve started. I've literally had trivial projects pull in thousands of dependencies recursively, because it's easier to do that than to take literally one hour implementing a little modified-file watcher function or something.
Yes, how dare they invade a sovereign nation and have their state TV call for exterminating every single one of its population, and threaten people with nuclear weapons, because those countries committed the sin of maybe joining a defense alliance which would make it more difficult for them to do those things without getting their nose bloodied for it. Or, wait, that was fine. You were talking about the other guys? Yeah, those guys. I get it.
Russia had no choice, at the end of the day. It's from the "I didn't mean to break her arm but she said she was gonna call the cops on me and you know I can't have that shit" school of enlightened statecraft.
You may be right, but I don't think he's even as organized as that. I think he's just wandering around playing big boy and pooping on himself, as he usually does.
Yeah, exactly. If you read the Snowden leaks to learn the details of what some of their actual capabilities are (smuggling flawed keys into the DH exchange for most major web browsers for example), it makes this stuff look like kids in their basements fucking around.
I feel like they're pretty ahead of you. I doubt that anyone in Ukraine or EU is taking Trump's opinion on the "peace deal" or the war all that seriously. They can't just openly ignore him, just because the US is still providing a ton of weapons, but I would be very surprised if they're taking him seriously.
"They can't monetize our users' self-created content for ridiculously exploitative gains. Only we can monetize(*) our users' self-created content for ridiculous exploitative gains!"
(* Well, try to monetize, they haven't actually got it to work yet)
Oooh... I get it. Yeah, there are people all over their media who are playing up the cynicism and making it sound cool. That's absolutely a big problem too. And yes, it makes them more cynical about everything (both the people who buy into it, and the people who don't, which is an impressive achievement.)
That's not really what I'm talking about. Being trusting of "the establishment" certainly helps make Fox News's job easier, but I'm talking about people who had health insurance, good unions, qualified doctors, all that stuff, for all of their adult lives. It just leads you to generally be of this kind of boomer "firm eye contact and a handshake will get you far" mindset in life.
It's not fascist to like the system you're embedded within because it gave you a fair deal.
I feel like this is kind of the amateur-hour stuff. It's certainly dangerous, but in comparison to a lot of state-actor activities (or even committed-amateur activities), this kind of supply-chain attack is pretty blatant and easy to spot. Which doesn't mean it's easy to spot -- I just mean would be trivial to volunteer and contribute some minimal fixes and enhancements to some open source project, and then at one point smuggle in a zero-day that will basically never be detected unless someone detects the intrusion itself and then works backwards from there with a ton of time to spend on it.
If you've ever looked at the obfuscated C contest it should be obvious that this kind of thing can be made completely invisible if you know what you're doing. Some of the interactions and language features that lead to problems are basically impossible for a casual viewer to see, even if they're paying attention, and the attack surface is massive and the amount of attention that goes into checking it for weird subtle vulnerabilities is minuscule.
I'm sure smartphones don't help, but there is also an additional factor that I've observed: The social contract has changed radically. A lot of people from older generations have the idea that if they show up and do a good job at work, go to the doctor and obey what they say, read the newspaper and take it seriously, all these kind of "doing what you're supposed to" elements of life, that they'll be well-served and well taken care of. For young people, that is not at all the case. And, because they're not stupid, they've noticed (how could they not?), and it makes them cynical and nihilistic about the whole concept of "doing what you're supposed to" as a general life principle.
At some point, someone is going to decide to teach the Chinese navy what the Russians have been learning about the safety and utility of big naval vessels in the new drone-centric meta.
They actually observed the natives setting those controlled burns, and decided to themselves, "Yeah they're wild savages, they clearly don't give a fuck about anything or know what they're doing, here's me with syphilis and muskets and I think it's time to share civilization with them, they'll thank me later." All that magic prairie ecosystem (which is basically gone now) was a carefully constructed environment maintained over generations to make hunting big game cheap and easy. But no, let's have railroads and lead paint instead.
What I used to do when I lived in an area with a decent number of homeless people, was offer to get them some food, if I had the time for it. I'd walk somewhere with them, say what do you want I'll grab it for you, and come out and hand it to them. It was honestly a little bit awkward to do it without feeling like a ponce, making conversation with the person or whatnot feeling condescending, but whatever.
I would say the majority would discount the suggestion. I didn't feel the slightest bit bad saying no you can't have any money then. A minority would be really into the idea and clearly fucking light up at the idea of having their hands on a sandwich. Those dudes I felt like it was important that they get their sandwich.
I also knew a guy who used to be homeless, volunteered with homeless services and substance abuse programs and etc, spent a ton of time on it. He never gave money on the street. He got very bitter about the subject, he just said that it doesn't help them. Make of that what you will, I don't really know the ins and outs, but that's what he said.
Yeah. I have no idea what the answer is, just describing the nature of the issue. I come from the days when you would maybe import like one library to do something special like .png reading or something, and you basically did all the rest yourself. The way programming gets done today is wild to me.