IT support hotline: Remember to turn the timer off and on again.
Middle manager: I need the task done yesterday. Yes, I know it's a holiday. Yes, I know the assignment breaks two DNS specs and several hundred federal and state regulations. Just get it done. No, you're not allowed to use utensils during working lunches, that's against company policy.
Exactly the wrong sorts of people will take this to mean we should remove access to important resources for anyone struggling.
The last paragraph seems to present a reasonable suggestion. But Hansson forgets that struggle occurs on a spectrum. There is no single, visible, hard line between normies and certifiables.
He should probably read a book or five about neurodiversity.
If the product genuinely worked, it would make a natural candidate to upstream into the operating system. Better to wait for the feature to arrive there. Than to risk scams and bugs meanwhile.
`crit` loops over `cross` target triples for Rust projects, generating binaries for dozens of platforms. Now your users can enjoy more ways to install your apps.
That's.... I don't know how you even arrived at that idea of that being what happens? Are you imagining some kludged together perl script to hackily save the tarballs, written by someone who is then immediately let go?
What they're suggesting is basically setting up a cache for it locally in-between them and the "main repo" and ensuring the cache doesn't delete after x days and/or keep backups of the images they depend on.
If the package disappears, or the main repo falls over (cough github, cough), your devs, CI & prod aren't sat twiddling thumbs unable to work...
and if the package is nuked off the planet? You've got some time then to find an alternate / see where they move to.
No, you're wrong. Everyone who wants to stay in business and makes money actually does it. Has been my experience in all big companies, it's a business continuity problem /not to do it/.
You can and should run security in the vendored images.
What are you talking about?
Malware and spyware is just as likely (if not very much *more* likely - depending on the definition of malware or spyware*) to be in corporate sponsored software than it is in foss software, and that idea extends to software distribution.
I would expect the security and quality of images in a decentralized system to be far superior to any centralized system spun up by some for profit entity.
* malware and spyware could be defined here as software that allows remote keylogging, camera activation, installation of any executables, etc - i.e. root access - which is precisely what most corporate entities make software to do (e.g. "security solutions" that you have to install on your work computers). This is also most web services which are 90% tracking with an occasional desired application or feature these days.
I've never worked somewhere that didn't have an internal Artifactory with copies of everything.
Not doing that is unusual, and actually less secure. Do you think it's sane or secure for all of your builds to depend on downloading packages from the public internet?
That's a fair point, and when someone with a working brain mentions the fallout throughout the Internet that would result, I expect Docker Inc. will reverse course and embark on a PR campaign pretending it was all a mere tawdry joke.
I am confused by the meaning of Docker's announcement. They keep saying "organizations" will have Docker images deleted. Does that include personal FOSS images or not? Because the vast majority of Docker Hub images are uploaded by individual contributors, not "organizations."
Too bad about their poor relationship with the FOSS community. I've applied to them for years, and actually merged some minor patches to Docker to help resolve a go dependency fiasco. Zero offers.
I guess the next logical move is to republish any and all non-enterprise Docker images to a more flexible host like the GitHub registry.
You can go beyond Kubernetes into serverless, but other than those two, your tech department would be deviating from industry standards and paddling upstream by hand.
At first glance seems like a snarky dismissal, but this is actually valid, actionable advice. If you can arrange your data flow in such a way that sorting is unnecessary, you've avoided an expensive optimization problem altogether.
CEO goes to submit timesheet.
Corporate issued hardware explodes in face.
IT support hotline: Remember to turn the timer off and on again.
Middle manager: I need the task done yesterday. Yes, I know it's a holiday. Yes, I know the assignment breaks two DNS specs and several hundred federal and state regulations. Just get it done. No, you're not allowed to use utensils during working lunches, that's against company policy.