I get that there are some people who have anomalous abilities to self control, and i understand that they might have a hard time empathizing with those of us that dont have that level of control. However to chalk up the solution as be a better person, when in reality corporations are spending billions on research and design of addictive products is just short sighted.
We saw the same thing with smoking. Plenty of people said "meh, why cant the smoker just quit, I did". Which missed the point. The tabacco companies knew if they could get kids smoking at a young age it was less likely they'd ever quit.
Its naive to assume that the social media companies are not doing the exact same thing.
Yes there is room for individual accountability, but also we need to be realistic about the amount of energy that is being spent subverting people's attention and self control.
you seem to believe that those companies hold some magical spell over people. that's exaggerating what is actually possible. all they can do is decide what you see on you feed and things like that. some people can't handle it. well, that is their loss ... it shouldn't be mine. and no, I couldn't care less if insta or tictac gets banned. the problem is that this is setting a precedent for a dystopic, nanny state where adults are treated like children. i don't want to live in such a society.
What if? GitHub has is extremely buggy! I'm getting increasingly frustrated with the paper cuts that have become endemic across the entire platform. For example its not uncommon for one of our workflows to fail when cloning a branches of the repo they are running in.
I deliberately didn't mention this because I think most of the pain with Github over the last year is probably caused to some degree by their scale, which seems like an unrelated issue. (But maybe not.)
One of the key problems you have to solve is the how do you execute code on an untrusted device. The major cloud providers do a ton of work so you can "trust" the compute you pay for.
Without a truly zero-trust compute platform its going to be difficult to get anyone to trust their workloads to a random compute resource that isn't carefully guarded.
I doubt it, there are data centers with several decades of 100% uptime.
People often think of the large cloud providers when they think of data centers -- but their data centers are typically mediocre in terms of redundancy and uptime. Their strategy is generally to have less infrastructure redundancy and rely on software failover... e.g. failover to another AZ
The decision to block all downloads is pretty disruptive, especially for people on pinned known good versions. Its breaking a bunch of my systems that are all launched with `uv run`
> Its breaking a bunch of my systems that are all launched with `uv run`
From a security standpoint, you would rather pull in a library that is compromised and run a credential stealer? It seems like this is the exact intended and best behavior.
You should be using build artifacts, not relying on `uv run` to install packages on the fly. Besides the massive security risk, it also means that you're dependent on a bunch of external infrastructure every time you launch. PyPI going down should not bring down your systems.
This is the right answer. Unfortunately, this is very rarely practiced.
More strangely (to me), this is often addressed by adding loads of fallible/partial caching (in e.g. CICD or deployment infrastructure) for package managers rather than building and publishing temporary/per-user/per-feature ephemeral packages for dev/testing to an internal registry. Since the latter's usually less complex and more reliable, it's odd that it's so rarely practiced.
There are so many advantages to deployable artifacts, including audibility and fast roll-back. Also you can block so many risky endpoints from your compute outbound networks, which means even if you are compromised, it doesn't do the attacker any good if their C&C is not allow listed.
That's a good thing (disruptive "firebreak" to shut down any potential sources of breach while info's still being gathered). The solve for this is artifacts/container images/whatnot, as other commenters pointed out.
That said, I'm sorry this is being downvoted: it's unhappily observing facts, not arguing for a different security response. I know that's toeing the rules line, but I think it's important to observe.
Oh this is super cool. Coming from Java I've long missed JDBI and Rosetta which makes writing SQL Queries in Java a dream. I've toyed around with a similar style interface for python, and looking at this give me hope I can achieve it.
Interesting, where are you running into trouble buying meat from local farmers? I've often visit rural farms that have a store houses. Nearly all of them haver refrigerators and freezers with meat to buy.
My take on the OP is that its commitment to an idea is what matters, not how quickly its created. I love seeing people insta-clone things but is this a side project that going to see updates for a few weeks or is this something that is going to be maintained actively for years to come.
I get that there are some people who have anomalous abilities to self control, and i understand that they might have a hard time empathizing with those of us that dont have that level of control. However to chalk up the solution as be a better person, when in reality corporations are spending billions on research and design of addictive products is just short sighted.
We saw the same thing with smoking. Plenty of people said "meh, why cant the smoker just quit, I did". Which missed the point. The tabacco companies knew if they could get kids smoking at a young age it was less likely they'd ever quit.
Its naive to assume that the social media companies are not doing the exact same thing.
Yes there is room for individual accountability, but also we need to be realistic about the amount of energy that is being spent subverting people's attention and self control.
reply