HackerTrans
トップ新着トレンドコメント過去質問紹介求人

pipingdog

no profile record

コメント

pipingdog
·昨年·議論
The changes to their whatsits are likely certificate expiration related.

For the longest time the rumor was that backward compatibility was mandated (through certificate gymnastics) by Jeff because Mackenzie had a 1st gen Kindle that she adored. I reckon nobody any longer gives a shit about that.
pipingdog
·2 年前·議論
It's important to consider that an online service's poor behavior is amortized over it's user base (or all of the users who subscribe via the service's local copy of a given feed), so it _could_ be worse, if all those users were fetching the feed themselves.

It's also the case that a service wants to ensure they have the freshest copy or impatient users could bail somewhere else, or just do it themselves.

But, there's certainly an opportunity for a service to perform analysis on feeds to see the rate at which they're likely to have more content, as well as take cues from metadata.

At the end of the day, RSS isn't a protocol, and feed providers are just as wild west as consumers.
pipingdog
·2 年前·議論
Tangent: I have an earnest interest in learning about methods for installing software obtained from the internet which would be any more secure than this.
pipingdog
·3 年前·議論
The lack of consensus is on what an SBOM is for. Even the NIST recommendation which came out of Executive Order 14028 had little guidance on how to apply SBOM .

At any sort of scale, it isn't clear how an SBOM shipped with each package can be consumed to any great effect.

A central database of all dependencies, on which queries and analysis can be performed, however, can be very useful, and in a large software shop, I've seen it used to rapidly get a very real sense of the company's exposure to events like the Log4j debacle.
pipingdog
·3 年前·議論
It would be hilarious if the fear of being faked turned out to be the final blow to demands for privacy.