Posts by Doctor Syntax

And this could be bad news for Open Source.

From TFA:

(If you're wondering where open source code fits into this planned approach to liability, the strategy has this to say: "Responsibility must be placed on the stakeholders most capable of taking action to prevent bad outcomes, not on the end-users that often bear the consequences of insecure software nor on the open-source developer of a component that is integrated into a commercial product.")

That answers your question "You pick up some package for nowt off NPM, who is the responsible person?". You are, at least in the first instance. If the package is deliberate malware then the author, and any third party who planted it in the repository, would also be responsible. If a particular repository were to become conspicuous for hosting malware then its operators might also become responsible; it would certainly encourage them to be able to demonstrate that they were making serious efforts to curate the contents.

My take on this is that it gives those who use FOSS in commercial products an incentive to take a more active interest in what it is they're using, review it, fix problems and send the fixes upstream.

Re: Worrying.

For a pile of dust & gravel just rely in the ejection impulse. Send up a solar-powered gizmo that parks itself on the asteroid scooping up handfuls & ejecting it. No need to achieve high velocities and wiith enough warning the entire asteroid could be thrown away. My H Robinson could design something suitable in a trice.

Re: Link?

Or the Up Yours Jack.

It's simply a matter of whose expectations it won't meet.

Re: As bad as having a monthly fix for security and other issues is...

In the situation I was remembering we'd had the accountants do all the UAT on the new hardware (old H/W wouldn't support the Y2Ked version) so the obvious time to switch over was when the office was shut down over the long break. So rather than go with the signed off, known Y2K compatible version, they insisted on running the first 2 months of 2000 with a known incompatible version. It didn't go entirely as badly as feared (thanks to the vendors going above and beyond by dialling in several times to fix database errors*) but it didn't go well.

*Small S/W houses have a different attitude to customer service.

Also independent of the courts. Taken together those are quite significant factors.

Re: You're not kidding about the buzzwords!

Quite. If evidence were needed that blockchain's time has gone it's right there in that sentence.

Re: The guy is an asshole. End of

"he's rich"

But for how much longer?

Re: ChatGPT - help me write

Maybe someone asked that and it's what caused the outage.

Re: It's useful. (Unlike most must-have tech)

"Well, you should be able to ask any search engine for exact search terms and exclusions and actually get a result on that basis."

And back in the 1980s you could so there's no good reason why you shouldn't now.

Part of the reason that you can't may well be to sell you advertising. The other part might be that the providers of such engines don't like the idea of failing to produce a response hence, apart from advertising, your results might be a load of irrelevant nonsense.

Re: Well well

"And I believe it would be hard to find a person interested in IT who think Linux and open source software is made by people living in their parents' basement."

Not hard at all. There usually seem to be a few here.

Re: It's on a par with "hanged" and "hung"

The plaintiff was hanged? That's rough justice.

Re: Unix was always diverse

"what really did it for the commercial Unices was the huge and extortionate licence and royalty fees that came with them"

Yes. If SCO had realised the possibilities of the mass market and set their prices accordingly its likely that neither Windows nor Linux would have got any hold on servers. There were a lot of businesses running on PC-architecture with SCO and some industry-specific application. They didn't need an in-house admin. I had a few of those under my wing and even taken together then they weren't my main customers.

SCO's window of opportunity lay before Linux was sufficiently polished to use in production and package vendors realised it was worth porting to. They missed it and then doubled down on that with their litigation.

Cool is neither here nor there as far as I'm concerned but keeping opened mail in the inbox is only marginally less sensible than keeping it all in the deleted bin. The reason people expect all their mail to be in the inbox (or in deleted) is because they're not provided with a system that makes any better provision.

Imagine physical mail trys on your desk. Somebody brings mail and puts it in there. You read it and put it back. Next day somebody brings more and puts it on top. You read that and put it back. In a few days you only get to read the items of new mail that you dug out from amongst the growing pile but you're unsure whether or not you missed any. In a few years or sooner the intray contents are piled up to the ceiling. There's another growing pile, the copies of the mail you sent out, and you can't match the replies to the originals when you need to.

It would be a stupid way of handling physical mail so why do we do the equivalent with email? Especially why do we do that with email when it should be possible to use the system to help handle it? The answer is that although better is possible it doesn't seem to be implemented. What is implemented is a thin wrapper around functionality to exchange messages with a server.

You and I make use of folders but my experience is that the implementation is clunky which is why few people do so.

Re: Better idea.

I'm not sure just when it was but I think the rot set in when stuff other than home directories started being stuffed into /usr.