HackerTrans
TopNewTrendsCommentsPastAskShowJobs

fishpen0

no profile record

comments

fishpen0
·3 месяца назад·discuss
I do this. But I hit a wall with shopify. They only allow 5 email addresses to be bound to an account and only one account to one phone number. So now I cannot get tracking information from about a dozen online stores that at some point or another switched to shopify after I already made a custom email for them
fishpen0
·3 месяца назад·discuss
In a real company? A private codebase at a minimum should still be getting regular security patching and dependency updates. Always eventually one of those updates requires some level of refactor. If I see a project with no commits, I run away.
fishpen0
·3 месяца назад·discuss
In practice this just stops victims from coming forward and deepens the cycle
fishpen0
·3 месяца назад·discuss
> But then your "lockfile" equivalent is just... a list of commit SHAs scattered across import statements in your source? Managing that across a real dependency tree becomes a nightmare.

The irony is that this is actually the current best practice to defend against supply chain attacks in the github actions layer. Pin all actions versions to a hash. There's an entire secondary set of dev tools for converting GHA version numbers to hashes
fishpen0
·3 месяца назад·discuss
It doesn't matter. We pulled axios out of our codebase, but it still ends up in there as a child or peer from 40 other dependencies. Many from major vendors like datadog, slack, twilio, nx (in the gcs-cache extension), etc...
fishpen0
·5 месяцев назад·discuss
I think it stunted out. Outside of only the densest areas, maker spaces never really formed. The stuff remains accessible as a hobby only to the wealthy who can afford all these tools and machines in the majority of the country. I'm a nearly 40 minute drive to the closest maker space and I'm in one of the 10 densest populated cities in the country. The last city I lived in, the maker space was too popular and raised their fees so high that it is also impossibly inaccessible to most people.
fishpen0
·7 месяцев назад·discuss
This pricing model will continue to incentivize them internally to not fix the hundreds of clearly documented issues that causes CI to be incredibly slow. Everything from their self-inflicted bottlenecking of file transfers to the safe_sleep bug that randomly makes a runner run forever until it times out. All of it now makes them more money
fishpen0
·7 месяцев назад·discuss
This pricing model continues to incentivize them not fixing the hundreds of clearly documented issues that causes CI to be incredibly slow. Everything from their self-inflicted bottlenecking of file transfers to the safe_sleep bug that randomly makes a runner run forever until it times out.
fishpen0
·7 месяцев назад·discuss
We are a ~20 person team who use private runners and this will increase our annual costs by ~12k/yr. This is a huge relative cost increase for us. If anything this hurts small teams that focused on expansive automated testing more than giant orgs.
fishpen0
·7 месяцев назад·discuss
gitlab
fishpen0
·8 месяцев назад·discuss
Not really comparable at any compliance or security oriented business. You can't just zip the thing up and sftp it over to the server. All the zany supply chain security stuff needs to happen in CI and not be done by a human or we fail our dozens of audits
fishpen0
·9 месяцев назад·discuss
Yeah this is mostly the "build twitter in a day" projects that conveniently ignore the reason these companies have 10,000+ developers is the 99.9% of the software that is not the frontend that actually makes the company things happen at the company. The much bigger customers of many of these companies being the advertisers and the artists/creators who have their own interfaces and analytics and billing and payment tooling. The business rules engines and feature flags with tens of thousands of rules that allow any of these companies to operate in subtly different ways for customers in different states, countries, and regions with different laws for accessibility, fair use, and using and storing data. The auth and security layers that often have multiple interfaces for employees, customer classes, partners supporting native-auth, oidc, totp, developer tokens, etc... Apps for a dozen or more different app ecosystems on hundreds of device types from the obvious web and phone-based ios/android to the less obvious carplay, watch, roku, firestick, etc...
fishpen0
·9 месяцев назад·discuss
Right, but if you just search for "house listings" you find zillow and redfin and other stuff. Becoming the new word for "listings" will tie specific brands to our use of language in very interesting ways. What happens if I register my app to a common word. In this example, can I take "listings" and astroturf my app to the top? Is this a new DNS "buying all the domains" race?
fishpen0
·9 месяцев назад·discuss
It's actually hilarious to think of a scene where all the people on the bridge are shouting over each other trying to get the ship to do anything at all.

Maybe this is how we all get our own offices again and the open floor plan dies.