Readit News logoReadit News
n0on3 commented on Open source projects could sell SBOM fragments   thomas-huehn.com/open-sou... · Posted by u/Tomte
jcalx · 6 months ago
Syft (https://github.com/anchore/syft) and ScanCode (https://github.com/aboutcode-org/scancode-toolkit) are good open-source tools to generate SBOMs and search repos for licensing information — I'm curious to hear if there are reasons why those wouldn't work for enterprise purposes.
n0on3 · 6 months ago
Their results are simply not reliable. The matching approach often matches too many things (hey, this could be A or B or C or D or E or F ...or 42!), or picks up things that have nothing to do with the license of some target (hello randomly included file with some completely unrelated license header and is not even included in the build but is there for some reason, meet your new friend, the utility script copied from somewhere else also not included in the build with an header for another unrelated license. You two feel lonely? let me introduce you to this other wonderful script included in some particular form of packaging) and of course cannot compensate for poorly declared licenses, typos, weird non-standard (or simply archaic/deprecated) ways to specify the licenses and so on and so forth.

It's not a fault of the tools themselves, but in practice they don't help much in real world situations. Basically you end up in need to do so many checks and manual fixes that you might as well not use these tools in the first place.

In an enterprise context one of three things happens: (1) you end up relying on a commercial solution (which is also not that reliable but you delude yourself into thinking it's not your problem anymore... although to be fair commercial solutions have curated licenses attributions and facilitate handling this mess); (2) you build your own thing that uses these (and other) tools but automates a bunch of fixtures so you don't need to go insane every time you need to regenerate an accurate SBOM with related licenses; (3) you quit software engineering, move to a remote location and start an alternative career as an alpaca breeder while whomever takes on your role pretends to ignore the issue and keeps shipping inaccurate declarations of licenses for dependencies thinking that's fine because nobody really cares.

n0on3 commented on The right way to sauce pasta (2016)   seriouseats.com/the-right... · Posted by u/kqr
Niksko · 2 years ago
No offense intended, but all of your suggestions sound very stereotypically Italian, which is to say they put an enormous emphasis on the traditional ways that pasta and sauces are made in various places in Italy. There's nothing wrong with this, celebrate tradition and heritage all you want, but that's very different to what Kenji goes for in general and what Serious Eats goes for in general. Their goal is usually to provide techniques that are then used in recipes to achieve a desired outcome.

Whether that outcome is considered traditional or correct by anyone is not something that is considered. The techniques are a tool to achieve an outcome, and how much or little you use those tools is left to the cook, rather than being dictated by tradition or custom.

Pasta water contains starch, which helps to thicken sauces. If you want a thick and glossy sauce, it is one way to do it. End of story. It is a technique to achieve a desirable goal, nothing more. Whether anyone traditionally in Italy does this or not is immaterial.

Similarly, fats are flavorful. Adding flavorful fat to increase flavor in a sauce is desirable. Whether anyone traditionally does this is immaterial if people think it tastes good.

n0on3 · 2 years ago
None taken!

I think you misunderstood what I was trying to contribute though, since I was not attempting to celebrate anything nor to emphasize on traditions. I was just saying those "goals" have well known solutions that differs for some good reasons with what is described in the article, which claims (by its title) to explain "the right way" on basis that are unclear to me.

I do not know "Serious Eats" nor the author, so I'm sorry if I am antagonizing (not my intent, but I get it might be seen this way) a celebrity or his fans and in this upsetting people. I'm just contributing things I know from experience, whereas arguments like "this is one way, end of story" seems brittle to me, because you are basically dismissing the points that I probably didn't even explain decently (on your examples: you add pasta water, you get starch in the sauce which helps thickening things but you dilute other ingredients and will need to cook for more time to have the liquids evaporate thereby overcooking the pasta; you add "fats" like butter or oil at the end and you change the flavour of the dish significantly, other than its nutritions). Then again, if that's what you are looking for, great, I think I said at the beginning there's no objectively right or wrong, it's food we are talking about, if you are happy with eating the outcome good for you.

I mean, by all means please try it, and with that I mean actually get in the kitchen and do it, I think you'll realise there's a lot more than just "using a technique that makes sense in theory, end of story" to get your goals.

n0on3 commented on The right way to sauce pasta (2016)   seriouseats.com/the-right... · Posted by u/kqr
n0on3 · 2 years ago
As an italian who is told he's pretty good at cooking, some of this is on point but a few things sound "wrong" to me (I use quotes because there's really no objective way to do this literally right or wrong, I'm just comparing with my experience / what I perceive "we learn from grandmas"):

- Put the pasta into the pan with the sauce (which I guess is the main point of the article which starts off with "italian" restaurants putting sauce on top of the pasta in the plate): defintely yes, but...

- Add pasta water: it depends on which sauce you prepared and how you prepared it (and the type of pasta... not just shape, but fresh -vs- dry, and what it's made of). When one uses "pasta water", it's usually in the making of the sauce, not before putting the pasta in the sauce pan; sometimes cooking water is added to the sauce if it "shrinked" too much or the ingredients are not of amongst those which attach to the pasta well, but these are their own cases. All that "adding water and stirring" to get to the "perfect texture" might appear to make sense, but I'm pretty sure it will take too much time and it will mess your pasta consistency because it will get overcooked. Sure you can under-cook the pasta alone a bit to compensate, but what's the point in that? What I'm trying to say is that this trial and error thing might make sense for someone who does it for the first time, but after a while you figure out how the sauce ought to be in the first place, you put the past in, jump it (as in, move the pan to make the pasta "jump" in it so it doesn't attach to the pan) to the right consistency and everything gets where it needs to be pretty easy without all that fuss. At least this is what I do and what I see others that seem to really know how to cook (based on the results) do.

- The bit about using cooking water (that's another way we call the "pasta water") to adjust the consistency which turned bad because of the cheese thickening and liquids evaporating... well, unless we are talking about sauces which have significant cheese quantities in it (e.g., the "cheese and pepper", or "4 cheeses pasta") and have a different process on their own (as does the mentioned "carbonara", which I guarantee you'll screw up if you follow this process because you'll cook the egg too much), cheese usually goes on top of the pasta in the plate as a garnish. For some sauces (e.g., the "amatriciana"), you're even supposed to make the plates (with pasta already mixed with sauce) get a bit less hot before putting in the cheese, to avoid it melting too much. Putting cheese in the pan for a non-cheese based sauce and make it melt and then thick is sort of a cardinal sin (you can add all the "pasta water" you want, you'll never get it back to where you need it to be and it will mess up your dish)

- Add fat: what? Just, no. Olive oil is of very common use, but you don't add it "to the sauce" for texture, for most sauces you use it as the base for the sauce. Butter? Unless we are talking about a butter-based sauce (e.g., butter & sage), which are not that many or very common anyway in regions but the northern ones, nope. Not like that. Some add olive oil as a garnish, but again really depends on which sauce you are using, and it ain't that common

n0on3 commented on North Korean campaign targeting security researchers   blog.google/threat-analys... · Posted by u/todsacerdoti
kriro · 2 years ago
Not really shocking or new but kind of interesting. Why would they use 0days on security researchers. My guess is it's a test with upside. On the one hand if it works on a security researcher, you can go "live" because you got a good one and on the other hand you estimate that in the long run you'll get 1+x 0days out of the deal from said researcher.

As a security researcher it also presents an interesting situation. If you're careful enough and can pretend to be dumb enough, you might be able to harvest fresh attack vectors/0day etc. "for free" but the downside is if you overestimate yourself you'll get pwned.

n0on3 · 2 years ago
> Why would they use 0days on security researchers. My guess is it's a test with upside

Or just be after the accesses the targets have...

n0on3 commented on North Korean campaign targeting security researchers   blog.google/threat-analys... · Posted by u/todsacerdoti
imiric · 2 years ago
I wonder what the chances are that a security researcher would execute a Windows binary they receive over chat from a rando. This isn't even security 101, just common sense at this point.

If anything, I'm sure it gave researchers a chance to play around with the binary in a secure environment. They wouldn't even need to reverse engineer it, since the source code was made public by the attackers. Good guy black hats!

Speaking of, can someone find the exploit in the linked repository? I'm curious what it does, but can't bother with going through all files. TFA could've linked to it, as well as mention how they determined this project is linked to NK hackers...

n0on3 · 2 years ago
> how they determined this project is linked to NK hackers

If they have enough confidence to attribute and not disclose how/why, one can fairly guess they don't want to burn sources or indicators which might still be useful moving forward but likely won't be if disclosed...

n0on3 commented on Bram Moolenaar has died   groups.google.com/g/vim_a... · Posted by u/wufocaculura
codetrotter · 2 years ago
Bram Moolenaar was the original author, maintainer, release manager, and benevolent dictator for life of Vim.

@dang can HN put a black banner for Bram Moolenaar please?

n0on3 · 2 years ago
+1
n0on3 commented on Have attention spans been declining?   slimemoldtimemold.com/202... · Posted by u/janandonly
fikama · 2 years ago
I know that HN is maybe not a place for such comments, but I strongly belive we need to make "attention span overflow" a thing
n0on3 · 2 years ago
(I'm not sure if you were joking or not and I know it's probably not in the same spirit you intended it here / a bit OT but...) I've been using literally that exact expression for a while to describe the situation in which, during somewhat complex discussions within a group, in order to not be perceived as jerks participants are forced to follow an unnecessarily long, repetitive, trivial and most often also completely pointless "line of reasoning" just to have their own attention completely derailed from any productive/actually-interesting argument anyone was trying to make, often ultimately resulting in giving up because recalling those lost mental threads is by then even more difficult and there is only so much mental energy (for you and collectively) to dedicate to that discussion.

Just saying, imho it's already a thing (with different incarnations in different contexts).

n0on3 commented on Devil Mode for Emacs   susam.github.io/devil/... · Posted by u/susam
jacobsenscott · 2 years ago
YES, BUT IT MAKES IT HARD TO YELL AT PEOPLE, AND THAT'S HOW I SPEND MOST OF MY TIME.
n0on3 · 2 years ago
I am not quite sure what this says about me but I LMAO looking at this one, thanks
n0on3 commented on GNU nano is my editor of choice (2021)   ariadne.space/2021/08/13/... · Posted by u/Tomte
palata · 3 years ago
> We have a less powerful tool because we want to attract newbies

That's exactly it. The modern metrics for anything to be successful is the number of people using it, even if they are completely useless because they did not put any effort into learning the basics. In this case, it would be essentially "ESC", "i" and ":wq". But that's waaaay too hard.

No wonder everybody ships a full rootfs in a container for every single executable they make... if learning how to quit vim is too hard, who would want to learn about packaging?

n0on3 · 3 years ago
eheh, so much this. I was about to comment in a less sarcastic way but essentially the same thing.

I mean, we'll be just fine installing vim and make it the default as needed, I'm not so sure about those raised with the "it has to be easy" mantra.

n0on3 commented on Using rats to clear land mines in Cambodia   sapiens.org/culture/land-... · Posted by u/danso
stavros · 3 years ago
I do think it's symmetrical that, if we use senators to clear land mines, we should use rats to ratify the convention.
n0on3 · 3 years ago
I see what you did there

u/n0on3

KarmaCake day270February 5, 2011View Original