I submitted a package-lock.json file to the playground and got a vulnerability report after processing. The sort order next to the pie chart is weird. Medium / High / Critical / Low. I'd expect Critical / High / Medium / Low?
The vuln report ended up in my email spam folder.
I had to hit 'resend' multiple times to receive the verification email. Once I did, I had to either create a new account or login. I don't yet have a password. When I tried to create an account, it said my email was already taken. This onboarding flow seems quite janky.
Is Vulert Open Source software? I couldn't find any links or repos. What does "Join the Open-Source Security Movement" mean in this context?
I submitted two open-source tools. The submission form has a field for 'License' in which the only two options are 'Free' and 'Commercial'. Those aren't licenses. Maybe adjust that field to either say 'cost' or 'terms', or actually have a license field which lets you paste an SPDX entry (or entries) or pick a license from a list.
There certainly used to be a strong push to have internal people use the product a lot more during the development cycle. There was also a real desire to make the devel version actually usable. That fell by the wayside, sadly.
Having your developer workstation break while you have a backlog full of stuff to do, would absolutely make you less motivated to run the developer release. Especially if you're not on the desktop team.
I suspect it was a lot easier to feel like that was one's duty when the company was smaller and you were closer to every piece of it. It was also probably easier to get issues resolved when you knew exactly who to talk to. Maintaining that culture as you grow is probably quite the challenge!
First comment on the video - from the maker of the video - is
" FIX (worked for me): write Ubuntu ISO to USB flash with dd"
So, yeah. Okay.
(Speaking as ex-Canonical, and still Ubuntu user. I upgraded my ThinkPad 2 days before release, and it was a catastrophe I had to manually un-fudge with the help of the apt maintainer. It was a packaging problem).
My feeling on this particular release is that it was rushed out, and should probably have been kept back for a month or two. The xz and t64 (2038) issues occupied some unexpected time this cycle.
Also, there used to be a dedicated QA lab which did a whole slew of automated tests. I don't believe that still exists.
Also, also. The Ubuntu community has shrunk, which means fewer people doing QA.
Also, also, also. The guy running the desktop team left the day after the release. Read into that what you will.
I feel obligated to mention that I run Arch and have done for a long time :).
About the upstart thing... even the creator of Upstart acknowledged that systemd's design is more sound -- on Canonical's bug tracker no less -- and kudos to him for doing that. TL;DR: Upstart was essentially callback hell in a different form.
... but to GP: my point wasn't really about when projects were started per se, but they should have been ended much sooner than they were. I absolutely support innovation around the platform, but maybe we shouldn't be too stubborn.
Love that book. It enabled me to have one of my favourite flights of all time. Sat next to Chris Turner, chatting about his time at Acorn for about 9 hours.
Been using and contributing to (and working for) Ubuntu on everything since 2005 or so.
I still use it for everything. I don't have time or inclination to switch. However I have been somewhat convinced to take a look at Nix (packaging) for some of the tools I use. But all my existing systems are fine. So likely when I next get a work machine (next week) I'll probably (if allowed) use Nix to install anything developer related over and above the stock image and supplied packages.
Curious how that works out for you. I've taken to installing most packages on my Mac with Homebrew (especially stuff like Inkscape, Firefox, etc) and it would be interesting to add nix as a layer on that on my next Mac.
I submitted a package-lock.json file to the playground and got a vulnerability report after processing. The sort order next to the pie chart is weird. Medium / High / Critical / Low. I'd expect Critical / High / Medium / Low?
The vuln report ended up in my email spam folder.
I had to hit 'resend' multiple times to receive the verification email. Once I did, I had to either create a new account or login. I don't yet have a password. When I tried to create an account, it said my email was already taken. This onboarding flow seems quite janky.
Is Vulert Open Source software? I couldn't find any links or repos. What does "Join the Open-Source Security Movement" mean in this context?