Listen

Listened to Legacy Code Rocks: Quality-Check of External Dependencies with Feross Aboukhadijeh
Post details
Many of the largest companies rely on third-party code to run critical parts of their software. However, there's often little focus on ensuring the quality of these external dependencies. Today we speak with Feross Aboukhadijeh, CEO and founder of , a developer-first security platform. Socket helps developers and security teams release software faster and reduce time spent on security busywork. Feross is also a lecturer at Stanford, where he teaches CS233 Web Security. We discuss why the quality of third-party dependencies matters, when to start addressing this issue, how to handle unmaintained dependencies, and what tools are available for managing third-party dependencies. After listening to the episode, be sure to visit the connect with Feross on , and check out his . Mentioned in this episode: Socket at   Feross on X at   Feross website at:  

 Repost

Reposted Adrianna Pińska (@confluency@hachyderm.io)
Post details
This Recall thing is a prime example of how bad we are at understanding when something is a systemic problem. It doesn't matter if *you* disable it. It doesn't matter if *you* install Linux. It doesn't matter if *you* set your computer on fire and move to a Luddite commune. If you have *ever* sent sensitive data, no matter how securely, to another person who now has this shit enabled, and they find your data and look at it, your data is compromised, and there's nothing you can do about it.

 Listen

Listened to Red Hat CentOS Stream vs HashiCorp BSL: the view from downstream | IT Ops Query by PodBean Development 
Post details
Josh Koenig and David Strauss are co-founders at Pantheon, a platform for building and operating websites. Josh is the chief strategy officer, and David is the CTO. Open source software is a big part of the web, and Pantheon is a downstream user as well as a contributor to several open source projects. David is an early contributor to systemd, a component of Linux distributions, a member of the Drupal security team, and was a founding member of the first Fedora Server working group in 2011. Josh and David share their views as downstream consumers of open source software as well as members of the community, touching on why enterprises don't contribute more to open source, the approach to open source policy and licensing changes by two different major vendors in Red Hat and HashiCorp, efforts to shore up the security of the web by moving to memory-safe languages, and more. Come for the industry insights, and stay for the many colorful analogies in this discussion, from tugboats to tofurkey. Editor's Note: This episode was recorded before IBM agreed to acquire HashiCorp.

 Listen

Listened to Is it too late to opt out of AI? featuring our favorite tech lawyer, Luis Villa (Changelog & Friends #46)
Post details
Tech lawyer Luis Villa returns to answer our most pressing questions: what’s up with all these new content deals? How did Google think it was a good idea to ship AI Summaries in its current state? Is it too late to opt out of AI? We also discuss AI in Hollywood (spoilers!), positive things we’re seeing (or hoping for) ...

 Repost

Reposted Dr. Victoria Grinberg (@vicgrinberg@mastodon.social)
Post details
You don't owe anyone a follow (this includes me). Not even people you've been mutuals for a while. Not even people you know on real life. Not even people whose profile you check often. Sometimes they just post too much. Or post stuff you don't want pop up on your list (but want to check on your terms). Or they start (re-)posting hate (you don't owe them a call out; especially not if you don't think it will go well). Sometimes they are lovely folks but just bore you with their favorite sports.

 Repost

Reposted Hazel Weakly (@hazelweakly@hachyderm.io)
Post details
Y'know how there's a pattern of behavior where someone says something is bad about the tech industry or community or OSS software or something, and then every single nerd within a 50 square mile radius says *WELL ACKTUALLY*?? I just realized that if, like, even 10% of them just... Sat down and spent some energy fixing the problem instead of insulting someone for experiencing it, we would've solved all those issues by now

 Repost

Reposted Dan Gillmor (@dangillmor@mastodon.social)
Post details
I've been using the Chromium browser for certain websites, and that's about to end. Google's greed-fueled moves -- this time to disable vital extensions that provide better privacy and security -- are unacceptable to me. The stakes here are quite high. If Google succeeds what it's attempting to do -- forcing us to use only Google-approved privacy and security choices -- we're in trouble. Firefox looks like the best way forward at this point.

 Repost

Reposted abadidea (@0xabad1dea@infosec.exchange)
Post details
Attached: 1 image This is a graph of Discord’s algorithmically inferred gender (extracted from “request your data” json; axes are probability and days) for a user whose display name is “Tiffany”, whose bio is “she/her”, whose pfp is a drawing of a girl and whose profile theme color is pink. Algorithmically inferred gender is worse than useless. Presumably the issue is that she talks about programming, and all the deliberate “I am explicitly telling you I am a girl” signaling in the world can’t convince a computer. I sometimes watch a livecoding streamer whose youtube stats claim his audience is 99% male even though you can see fem-coded chat participants regularly. Algorithms like this are deleting the women

 Repost

Reposted james (@james@strangeobject.space)
Post details
Basically if you’re losing sleep over the fact you don’t like a Q* or you think there are too many groups represented on a flag then I’d like to congratulate you on your comfortable life and suggest you put the energy you have for arguing against representation into something more useful. If it doesn’t hurt anyone beyond making you personally uncomfortable that is decidedly a YOU problem. *I am aware of the “queer was used as a slur against me and thus it’s painful for me to see” but your discomfort can be healed through reclamation of language and community support, rather than force others to be uncomfortable and disincluded because you don’t like the way they refer to themself. I am not aware of any valid arguments on why we should not add black, brown, trans, intersex and whatever future styleguide updates come to the progress flag.

 Repost

Reposted Joscelyn Transpiring (@JoscelynTransient@chaosfem.tw)
Post details
I still think corporations have Pride Month backwards: this isn't a month to make money off me, this is a month to give me discounts for doing the public service of being this gay! I should be able to walk into any Target and get 30% off by kissing another girl or showing the cute bandaid from where I did my HRT shot! I should get free coffee at starbucks for walking in with carabiners and a fanny pack! I should be able to demand any random driver pull over and become a free uber by waving a rainbow flag so I can go spread my gayness across the city! Strangers should just hand me a twenty because I'm slouching bisexually in public!?! #RainbowCapitalism #Queer #PrideMonth #Pride

 Repost

Reposted Hannah, sometimes 🏳️‍⚧️ (@Hannah@chaosfem.tw)
Post details
The other day at work, in an online meeting, a fuckhead said the phrase “Well, it’s probably because she’s a woman and she doesn’t know what the hell she’s talking about”, referring to an external contractor. I’m not out, but I stopped the meeting and said “You don’t get to talk like that in front of me. Now, I have to call HR.” There was laughter. To which I replied sternly, “It is not funny. Do better.” There was no laughter then. I don’t put up with that shit. Misogyny, any kind of trans- or queer- based phobia, racism. None. That’s how you ally - you speak up. You challenge the notion that these fuckers are in a safe place. You DO have power to create change. Be the voice for the voiceless. Afterwards, two of the other attendees reached out to me to thank for my courage to stand up to one of the “cool kids”. I don’t need thanks, I need people to be better. BE BETTER.