Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
SYSV Fanfic
Sep 9, 2003


Well, they may have nukes but they don't have FMA Bill.

Edit: They do not do Bounty :)

SYSV Fanfic fucked around with this message at 19:11 on Dec 29, 2021

Adbot
ADBOT LOVES YOU

in a well actually
Jan 26, 2011

dude, you gotta end it on the rhyme



MononcQc posted:

https://twitter.com/fxcoudert/status/1476204806381395969

they may have nukes, but we didn’t get paid, so...

admiring the strict policy there.

on a nine figure procurement hpe can spend a few dollars to make nnsa happy

SYSV Fanfic
Sep 9, 2003


PCjr sidecar posted:

on a nine figure procurement hpe can spend a few dollars to make nnsa happy

Dudes' just a schmuck namedropping, who told his client they didn't need to buy a fortran compiler.

prisoner of waffles
May 8, 2007

Ah! well a-day! what evil looks
Had I from old and young!
Instead of the cross, the fishmech
About my neck was hung.


“customer has nukes” sounds like a brag or an indirect way of saying “customer thinks they are super important but have an awful, bureaucratic internal culture”

in a well actually
Jan 26, 2011

dude, you gotta end it on the rhyme



SYSV Fanfic posted:

Dudes' just a schmuck namedropping, who told his client they didn't need to buy a fortran compiler.

i can guess which procurement this is, and I can guarantee they’re paying orders of magnitude more for compilers than what they’d pay for a bounty

id bet they validated one of their forty year old go-boom code on gfortran a decade ago, or they need to have fma on all supported compilers before they can use it in the code

DaTroof
Nov 16, 2000

CC LIMERICK CONTEST GRAND CHAMPION
There once was a poster named Troof
Who was getting quite long in the toof


i took it as meaning the customer is a government entity and can't offer a bounty because that's not how government contracts work

ofc that doesn't preclude the contractor from paying the bounty

in a well actually
Jan 26, 2011

dude, you gotta end it on the rhyme



and hpe is not lacking in bureaucracy either

SYSV Fanfic
Sep 9, 2003


PCjr sidecar posted:

i can guess which procurement this is, and I can guarantee they’re paying orders of magnitude more for compilers than what they’d pay for a bounty

id bet they validated one of their forty year old go-boom code on gfortran a decade ago, or they need to have fma on all supported compilers before they can use it in the code

Sandia/LLM has some of the top people in the world across all CS disciplines. Probably it's just in the unit tests that have to compile and perform to fulfill the contract. If it was actually holding anything up, they would have had it implemented within two weeks.

SYSV Fanfic
Sep 9, 2003


Wonder if he bid on a sub contract for HPE thinking he'd be able to get the gfortran guys to do it for free.

SYSV Fanfic
Sep 9, 2003


lol.

https://www.linkedin.com/in/bill-long-a5a0957

rotor
Jun 11, 2001

Official Carrier
of the Neil Bush Torch

 
 
 
 
teh butts



"principal engineer at cray for 25 years" should tell you everything you need to know about this guy

SYSV Fanfic
Sep 9, 2003


rotor posted:

"principal engineer at cray for 25 years" should tell you everything you need to know about this guy

Hey, at least he let whoever implements this know that their FOSS hobby could help kill a couple of million people at once.

Edit: Is it poop touching to reach out to HPE media relations and ask whether he was implying his customer was important, or implementing features useful for perpetrating nuclear holocaust is a cool once in a life opportunity you shouldn't let pass you by?

SYSV Fanfic fucked around with this message at 21:07 on Dec 29, 2021

ultravoices
May 10, 2004

You are about to embark on a great journey. Are you ready, my friend?


yes, yes it is.

Captain Foo
May 11, 2004

we vibin'
we slidin'
we breathin'
we dyin'


i wouldn’t continue to post about doing that, no

SYSV Fanfic
Sep 9, 2003


Man, gently caress having a hobby that could make me the hacking/rendition target of a foreign nation state. I was thinking about the gfortran thing today, and realized they truly meant op-sec in the counter intelligence way.

I asked a friend who worked at a national lab. Only thing they could figure (besides contracts) is HPE/Cray exec said he knew people and could get it taken care of b/c he wanted to look important. Otherwise they'd just ask under the auspices of getting some of their open source fortran code working.

prisoner of waffles
May 8, 2007

Ah! well a-day! what evil looks
Had I from old and young!
Instead of the cross, the fishmech
About my neck was hung.


good principle for all elements of life: anything you can achieve without involving nuclear weapons, even indirectly, is best achieved without involving nuclear weapons

Tankakern
Jul 25, 2007



https://snyk.io/blog/open-source-maintainer-pulls-the-plug-on-npm-packages-colors-and-faker-now-what/

rotor
Jun 11, 2001

Official Carrier
of the Neil Bush Torch

 
 
 
 
teh butts



It should come as no surprise to anyone that I support this dude 5000%


also lmao @ github revoking his access to his own loving source code, that is some loving shameful bullshit

rotor
Jun 11, 2001

Official Carrier
of the Neil Bush Torch

 
 
 
 
teh butts


https://twitter.com/VessOnSecurity/status/1480189534625320960

gently caress this rear end in a top hat, and not in the good way

akadajet
Sep 14, 2003



lmao at his meltdown
https://web.archive.org/web/20210628030444/https://marak.com/blog/2021-04-25-monetizing-open-source-is-problematic

akadajet
Sep 14, 2003



rotor posted:

https://twitter.com/VessOnSecurity/status/1480189534625320960

gently caress this rear end in a top hat, and not in the good way

ed: nevermind. you side with the meltdown guy

akadajet
Sep 14, 2003



I'm pretty sure I've used faker for some one off test type things. I wouldn't appreciate this guy putting malicious code in a dependency because he didn't like his npm fame.

Cybernetic Vermin
Apr 18, 2005



hardly counts as malicious, just intentionally broken. which should also be a reality check on how many unknown people could push actually malicious code into your codebase.

Sagebrush
Feb 26, 2012

Well, actually...


:qq: by discontinuing the free software i was relying on, you're hurting me :qq:

Sagebrush
Feb 26, 2012

Well, actually...

also gently caress people who write "coz" instead of "cause."

rotor
Jun 11, 2001

Official Carrier
of the Neil Bush Torch

 
 
 
 
teh butts


akadajet posted:

I'm pretty sure I've used faker for some one off test type things. I wouldn't appreciate this guy putting malicious code in a dependency because he didn't like his npm fame.

If you want dependable code, your company should pay for it.

Progressive JPEG
Feb 19, 2003



i have some idiot spare time rust stuff and if one of the dependencies started spamming in a for loop i'd just lol out loud at it

sure there'd be some annoyance with needing to pin a not-busted version but ultimately not a big deal. it wouldn't be the first time i've had a dependency introduce a regression

so i think the "this hurts the little people just as much" argument is a bit bullshit, it's not like my desktop music visualizer or half finished DNS server have an SLA or paying customers

rotor
Jun 11, 2001

Official Carrier
of the Neil Bush Torch

 
 
 
 
teh butts


Progressive JPEG posted:

the "this hurts the little people just as much" argument is a bit bullshit

akadajet
Sep 14, 2003



rotor posted:

If you want dependable code, your company should pay for it.

lol if you think paying for code makes it dependable.

akadajet
Sep 14, 2003



if you want to make companies pay for your open sores project do the old fashioned thing and license it under gpl and offer a commercial license

FamDav
Mar 29, 2008


dude apparently really lost it

https://nypost.com/2020/09/16/resident-of-nyc-home-with-suspected-bomb-making-materials-charged/

Shaggar
Apr 26, 2006


Nap Ghost

rotor posted:

https://twitter.com/VessOnSecurity/status/1480189534625320960

gently caress this rear end in a top hat, and not in the good way

lol this rules. hopefully some of these idiots learn not to use js

FamDav
Mar 29, 2008


also i was curious about the retool scumminess thing and the cdn was embedded into the library. retool was dumb for not catching that but guy is acting like he didn't just set things up to have everyone using it hit his domain

akadajet
Sep 14, 2003



Shaggar posted:

lol this rules. hopefully some of these idiots learn not to use js

yeah the biggest problem with npm is the lovely people who contribute to it

rotor
Jun 11, 2001

Official Carrier
of the Neil Bush Torch

 
 
 
 
teh butts


akadajet posted:

lol if you think paying for code makes it dependable.

it totally does not, but at least you have a leg to stand on when you're bitching about it breaking

raminasi
Jan 25, 2005

a last drink with no ice


i'm trying to imagine a world where i have to explain to executives that a critical application broke because some random internet guy got mad and broke some free stuff we used and yep, hard to come up with any sympathy for counterfactual me

rotor
Jun 11, 2001

Official Carrier
of the Neil Bush Torch

 
 
 
 
teh butts


"he should have just quietly taken his project offline"

"why cant he just protest quitely somewhere no one will hear him?"

MononcQc
May 29, 2007

"I believe I did, Bob."



Any open source dependencies you get in a project of yours is just a loaned, temporary piece of code you don't have to write, for the time being. If it goes, it goes.

"But I don't like this perspective, it makes me feel my product is far more brittle than I thought"

Yes, exactly.

Wild EEPROM
Jul 29, 2011


oh, my, god. Becky, look at her bitrate.


Sagebrush posted:

:qq: by discontinuing the free software i was relying on, you're hurting me :qq:



i especially like when apple made that change to prevent cross app tracking on my default, Facebook immediately went with “thinknof the small businesses that will suffer”

Adbot
ADBOT LOVES YOU

rjmccall
Sep 7, 2007

no worries friend

Fun Shoe

think of the small, struggling adtech startups (whose entire business model is to get acquired by facebook or google)

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply