Why would thet be a conspiracy theory. The public facing guy who is behind Warfronts has 4 other channels that peddle content unrelated to natsec/warfare. If you follow "cappy army" and the drama he went through at "task and purpose" his former employer it becomes pretty clear that there are entire media companies behind what looks like "a single hobbyist content creator expat living in Prague" ...
Agree on the only solution being reducing dependencies.
Even more weird in the EU where things like Cyber Resilience Act mandate patching publicly known vulnerabilities. Cool, so let's just stay up2date? Supply-chain vuln goes Brrrrrr
Aren't many channels funded by the companies they pretend to get sponsorship from? If you look at the OSINT and Natsec adjacent topics there are many who have had the same sponsor for years: ground.news ... many pretend that they are indie content creators when they are just the marketing / growth hacking arm of the sponsor.
Uninstalled my AirBNB because of 2 resolution issues with hosts that were not in my favor despite me providing all documentation and (damning) evidence.
The reason I should have uninstalled it much longer is because it's toxic for rent prices. I now pay more for hotels and sleep well.
We do have tools in every step of the sdlc so we can find issues as early as possible. Anything that is exploitable and left unmatched is a compliance violation so we take it very seriously. That said, exploitability is very (expensive) hard to proof, so in practice we try to mitigate via upgrading instead of long pointless discussions about risk. The second thing this forces us, is to look at complexity and tech-debt in a new light.
The AABill hits hard against Australia being a useful jurisdiction alternative to the US. Heck this law has made it impossible to hire any Australian National into security critical positions outside AUS. And the same law made services by fastmail and Atlassian suspect.
Because extending trust usually works retrospectively?
Or
which battle tested applications exist today using crypto+, that illustrate it's a better choice than what sofar held up under libsodium (which is a lot)?