What have I been writing when I haven’t been writing here?
Duck Alignment Academy
- The best way to make a decision is to decide — In most cases, a good decision made quickly is better than a great decision made slowly.
- The real problem with EOL software — The problem with end-of-life software isn’t the lack of vulnerability and bug fixes. It’s knowing when software is truly end-of-life.
- Moderation queues need context — Many tools lack a good way for moderators to indicate “this message is still in the queue on purpose.”
DevOps Digest
- Can we move forward with the Open Source AI Definition? — The OSAID is imperfect, but is it good enough? We’ll have to wait and see.
Kusari
- The Best Way to Secure Your Open Source Supply Chain is to Participate — Open source software powers 75-90% of modern applications, but it comes with challenges. Companies can secure their supply chains by actively participating in the open source projects they rely on.
- Rust Won’t Fix Everything: Moving Toward a Memory-Safe Future — Rust offers powerful tools for addressing memory safety issues, but rewriting all C and C++ applications in Rust isn’t feasible due to the sheer volume of legacy code and the challenges of reimplementation.
- Threat Modeling in the Software Development Life Cycle (ghostwrite) — What are you defending against? From upstream dependencies to code repositories, threat modeling ensures you’re prepared to mitigate risks, reduce vulnerabilities, and avoid costly compromises.
The idea of EOL software needing a clearer indication of its status is really important. Too often, we only realize the risks once vulnerabilities start surfacing, and by then, it’s too late. Maybe some kind of proactive end-of-life announcement system would help?