HackerTrans
TopNewTrendsCommentsPastAskShowJobs

pipingdog

no profile record

comments

pipingdog
·tahun lalu·discuss
The changes to their whatsits are likely certificate expiration related.

For the longest time the rumor was that backward compatibility was mandated (through certificate gymnastics) by Jeff because Mackenzie had a 1st gen Kindle that she adored. I reckon nobody any longer gives a shit about that.
pipingdog
·2 tahun yang lalu·discuss
It's important to consider that an online service's poor behavior is amortized over it's user base (or all of the users who subscribe via the service's local copy of a given feed), so it _could_ be worse, if all those users were fetching the feed themselves.

It's also the case that a service wants to ensure they have the freshest copy or impatient users could bail somewhere else, or just do it themselves.

But, there's certainly an opportunity for a service to perform analysis on feeds to see the rate at which they're likely to have more content, as well as take cues from metadata.

At the end of the day, RSS isn't a protocol, and feed providers are just as wild west as consumers.
pipingdog
·2 tahun yang lalu·discuss
Tangent: I have an earnest interest in learning about methods for installing software obtained from the internet which would be any more secure than this.
pipingdog
·3 tahun yang lalu·discuss
The lack of consensus is on what an SBOM is for. Even the NIST recommendation which came out of Executive Order 14028 had little guidance on how to apply SBOM .

At any sort of scale, it isn't clear how an SBOM shipped with each package can be consumed to any great effect.

A central database of all dependencies, on which queries and analysis can be performed, however, can be very useful, and in a large software shop, I've seen it used to rapidly get a very real sense of the company's exposure to events like the Log4j debacle.