HackerTrans
TopNewTrendsCommentsPastAskShowJobs

lars_francke

no profile record

comments

lars_francke
·23 hari yang lalu·discuss
Partially. Yes. Look at the budgets of these orgs and you'll see what I mean.

I use the term similar to who it's used for non-profit. The orgs I'm involved with are almost exclusively not involved in the actual standards creation.

If the secretariats were to shut down tomorrow I'd say the actual work on the standards could continue without anyone noticing.

There is a reason that at least the EU is considering modernizing the system. https://single-market-economy.ec.europa.eu/consultations/pub...

ISO, CEN, CENELEC, ETSI are stuck very much in the past.

So yes. Overhead.
lars_francke
·23 hari yang lalu·discuss
As someone working in standardization: I don't know any standardization organization where the people doing the actual work of writing standards are paid for their work. I certainly am not.

In the organizations I know - including ISO - the money is basically exclusively spent on "overhead".
lars_francke
·3 bulan yang lalu·discuss
Because of bureacratic overhead. We did employee people from other EU countries in the past because I personally honestly don't care where someone is from or where someone lives. But you need to learn the rules of every country. And they are often subtly different. We even struggle with UK & Germany already. It's annoying. And we have like 0,1 FTE to take care of HR stuff and anything "out of the ordinary" eats into that time and money budget.

The rules need to change. The rules will not change. So we're stuck.
lars_francke
·3 bulan yang lalu·discuss
It's not us. It's the customers that struggle with the pace already. In the enterprise world we operate in having more than one release a year is already considered breakneck speed.
lars_francke
·3 bulan yang lalu·discuss
Thank you :)
lars_francke
·3 bulan yang lalu·discuss
Stackable | Product Engineer - Web & UI | Remote (Germany/UK) | ~20 people | Full or part-time

IMPORTANT: ONLY APPLY IF YOU ARE PHYSICALLY BASED IN GERMANY OR UK! (I received almost 100 applications, about 85 of them did not read the details)

We build an open source data platform on Kubernetes. The product (Stackable Data Platform - SDP) bundles 12+ open source data tools (Trino, Apache Kafka, Apache Airflow, Apache Superset, etc.) and makes them work together. Right now everything is Infrastructure-as-Code only. We need someone to build a UI layer on top.

No mockups, no Figma, no product roadmap waiting for you I'm afraid, just a bunch of ideas :) We're all backend people and need someone to own this end to end. Play around with our product stack, figure out what customers actually need, build it.

Stack (because we got started without you...): Svelte/SvelteKit, TypeScript, TailwindCSS. SDP itself is Rust, Java, Python on K8s. Three releases a year. Not SaaS. Quality matters.

100% remote, Germany (UK possible) only, no other countries, sorry. No Scrum, minimal meetings. Interview process is usually just two conversations. The position isn't on our homepage yet as I'm on vacation. Send a mail to [email protected] and I'll get back to you next week. Please mention HN in your mail. My personal mail is also in my HN profile. I'm the Co-founder and CTO.

https://github.com/stackabletech/ | https://stackable.tech
lars_francke
·6 bulan yang lalu·discuss
Because that's what everyone is used to.

Maplibre supports different projections if you want.
lars_francke
·6 bulan yang lalu·discuss
This is a terrible idea in my opinion and it's been tried/is being tried by services like thanks.dev. Yes, we need something here but this is not it. The reality is more complex.

It doesn't work well in practice. Because then people like https://github.com/sindresorhus?tab=repositories&type=source would get a shit ton of money because of the pure number of dependencies. And yes our stack also contains his code somewhere in a debug UI but our main product is entirely written in a different programming language with way fewer dependencies but if one of them goes away we'd be in trouble. In other words: Dependency count is not a good metric for this.

GitHub actually offers something in that direction: https://github.com/sponsors/explore

My "idea": Lots of companies will have to create SBOMs anyway. Take all of those but also scan your machines and take all the open source software running on there (your package.lock does not contain VLC etc.) and throw it in a big company wide BOM, then somehow prioritise those using algorithms, data and just manual voting and then upload that to some distributor who then distributes this to all the relevant organisations and people and then (crucially) sends me (as a company) an invoice.

We've tried doing the right thing but sponsoring is hard - it works differently for every project/foundation and the administrative overhead is huge.

The reality is that "we" as an open-source community suck at taking money and I believe this is partially on us.
lars_francke
·8 bulan yang lalu·discuss
A battery truck is allowed to have 42 tons.

I'm no expert but a far stretch but if this most basic fact is already wrong then my trust in the remaining stuff diminishes. On top of that they is only relevant if all truck loads were limited by weight.

So, I believe that argument to be wrong in its entirety. And if we then factor in the CO2 costs, hydrogen is the clear loser in all regards.
lars_francke
·8 bulan yang lalu·discuss
There's a fabulous YouTube channel on electric trucks in Germany if the topic interests you.

German version: https://youtube.com/@elektrotrucker

English: https://youtube.com/@electrictrucker this has fewer and shorter videos unfortunately.
lars_francke
·8 bulan yang lalu·discuss
In case it makes you feel better: I wondered the same thing. It's not explained anywhere on the blog post. In that poste they assume everyone knows how pricing works already I guess.
lars_francke
·10 bulan yang lalu·discuss
I'm using a different approach for local testing where I don't want to redownload images over and over: https://github.com/stackabletech/k8s-local-dev

Basically it's a k3s configured to use a local mirror and that local mirror is running the Zot registry (https://zotregistry.dev/v2.1.8/). It is configured to automatically expired old images so my local hard drive isn't filled up).
lars_francke
·10 bulan yang lalu·discuss
That is not true.

There is a process, it's usually tedious but it exists. I did it for Singapore, the US and Israel. They mostly took multiple months but I never wanted to take any chances. For the US it was a "B-1 in lieu of H-1B" visa for example.

Attending a conference is something different than what these workers did. There are rules around what a "business trip" is and what is not and what "work" is.
lars_francke
·12 bulan yang lalu·discuss
Thank you!
lars_francke
·12 bulan yang lalu·discuss
I've been using SXN-210 for over a decade and I love them.
lars_francke
·12 bulan yang lalu·discuss
Not commenting on the substance but on the https://opensourcemaintenancefee.org/ homepage itself. It only works in dark mode and is unreadable in light mode.

The repo doesn't allow opening issues. Maybe the author reads here... (long shot)
lars_francke
·tahun lalu·discuss
Honest question: Does this not already exist?

- https://vulnerability.circl.lu/

- https://osv.dev/

- https://vuldb.com/

And a few others?
lars_francke
·tahun lalu·discuss
I mention this in another comment. The infrastructure for an alternative is already partially in place.

In my opinion it's mostly the industry needing to adapt to a new setup that needs to happen. It was just "easy" to rely on what's already there. A lot of company policies need to be adapted etc.
lars_francke
·tahun lalu·discuss
ENISA in Europe has the mandate of building a EU vulnerability database for the NIS 2 directive anyway and it's coming soon...

And CIRCL in Luxembourg are providing vulnerability-lookup which can also assign IDs but in a more decentralized way: https://www.vulnerability-lookup.org/documentation/

VulnerableCode can help with discovery etc. https://vulnerablecode.readthedocs.io/en/latest/introduction...

So, parts of this are already in place and I assume this will be a big boost towards a new vulnerability ecosystem.
lars_francke
·tahun lalu·discuss
The CVE program was started over 25 years ago. It is very reputable (until yesterday) and it was very much in the interest of the US to be seen as the stewards of this.

The funding requirements can't be that high and I'm willing to bet that other countries and entities would have happily stepped up if they had the chance.

Up until recently CVE was very centralized and only in the last few years have there been steps in more decentralization with CNAs taking more responsibility, Red Hat as a CNA of last-resort etc. So, the cost of doing all of this work has already been shifted partially (!) away from the US but I have not seen any movement towards e.g. moving the program to a foundation which could have been done.

Personally I would conclude that it was the responsibility of the US to pay for this because they wanted to and it was in their best interest to control this program.