I recently implemented my own npm vulnerability audit tool for the CIO department of a major org - it just adds 'vulnerability' in red next to any npm-based project in their spreadsheet.
Readit Newsseemslegit commented on Npm Audit: broken by design? overreacted.io/npm-audit-... · Posted by u/wongmjane
That's such a presumptuous title, the author does not know what other powerful tools my toolbox lacks.
seemslegit commented on Console Do Not Track – Proposal for a standard environment variable consoledonottrack.com... · Posted by u/thih9
Negative punishment will not work for this, you would be going after the symptom instead of the problem. Don't make it harder for people that write these changes, make it harder for people to force others to. There will always be another developer, and there's no guarantee you'll know their identities. If you're looking to bring attention and make a statement at the potential expense of others that's one thing, but practically speaking this approach can't work.
Practically speaking, that's the only approach that can.
Although it's often hard to tell, most software developers aspire to being treated like professionals rather than specialized serfs, and part of being a professional is accepting responsibility for your work.
Of course it doesn't preclude holding their employers responsible as well.
seemslegit commented on Console Do Not Track – Proposal for a standard environment variable consoledonottrack.com... · Posted by u/thih9
This is a losing proposition that will only lend credence to the inherently violent opt-out approach to data collection.
Instead how about a do-not-hire-or-collaborate-with registry of the individual contributors participating in projects that employ those tactics and see how they like trying to opt out of it.
seemslegit commented on Guido van Rossum joins Microsoft twitter.com/gvanrossum/st... · Posted by u/0xmohit
Embrace, Extend, Extinguish .
Nah that was the old MS, new MS just replaces own with rent.
seemslegit commented on Guido van Rossum joins Microsoft twitter.com/gvanrossum/st... · Posted by u/0xmohit
What were the previous examples of this?
C#, F#, Typescript, JavaScript via npm
seemslegit commented on Guido van Rossum joins Microsoft twitter.com/gvanrossum/st... · Posted by u/0xmohit
And the next language to become unusable without a microsoft-controlled ecosystem is...
Loving the "are we ok with this ?" take - as if anyone cares.
The word “boffin” is a colloquial British term for a smart person (conjuring up an image of someone in a white lab coat and glasses) and is used in an affectionate way. The British version of TheReg (.co.uk) often refers to
boffins in this way. It’s probable that this piece was written by the British team and then reposted to the US site.
It's not affectionate, it's condescending - much like 'geek' when used unironically and not by geeks to refer to themselves.
>In addition, the team is working with renowned art historian and curator Dr. Lowery Stokes Sims, who is providing additional mentorship and professional development.
In art as in politics - nothing says grassroots like the additional mentorship and professional development by a renowned establishment member.