Heh. Maybe whoever they hire can fix it so that posts like this one (deep links to specific static content) appear without JavaScript enabled.

Someone watching Silicon Valley could be forgiven for coming away with the impression that most software developers spend 90% of their time screwing around waiting for solutions to unexpected bullshit interruptions…

So yeah, pretty accurate.

Oof. I’m anxious that folks are going to get the wrong idea here.

While OCI does provide security benefits, it is not a part of a healthly security architecture.

If you see containers advertised on a security architecture diagram, be alarmed.

If a malicious user gets terminal access inside a container, it is nice that there’s a decent chance that they won’t get further.

But OCI was not designed to prevent malicious actors from escaping containers.

It is not safe to assume that a malicious actor inside a container will be unable to break out.

Don’t get me wrong, your point stands: Security loves it when we use containers.

I just wish folks would stop treating containers as “load bearing” in their security plans.

It amused me that the votes on your comment (a simple factual statement) reflect how many people here vote without knowing what the fuck they’re talking about.

maybe I do not need SSH.

Heh. FYI, I’ve heard those words paired later with “fuck, I should have just used SSH”, fairly often.

I have to object to the supposed necessity of C. In particular, the bolded claim that an OS not written in C is still going to have C involved.

Such an OS could instead have written its non-native parts using assembly.

Agreed! That’s a great point!

I appreciate your clarification. Not everything has to run C. It’s just a trend in today’s products.

I was attempting to humorously reference Monty Python’s Spam sketch, where it seems like everything on the menu has at least a little Spam in it. Every device I could think of, that I’ve toyed with enough to guess what it has running, is running at least a bit of C.

For an attempt at a counterpoint, I thought of a few devices, like my PineWatch, that run an OS codes entirely written in one language. But… That one language is, of course, C.

legacy convenience.

Yeah. I think legacy convenience is, indeed, why there’s C in so many places, even places it doesn’t have to be.

There’s so many folks with so much hardware driver expertise in C, and they teach our next generation, so I figure that will continue until something really compelling changes their preference.

I appreciate your point. There are lots of non-C ways to create bytecode. My (amused) point is that we don’t seem very fond of any of those methods, today.

The essence of your answers is “yes, but…”. And the “but” is mostly about how slow Python is in contexts that need to be astonishingly fast.

It depends how complex the hardware is and how much time we’re willing to waste.

Technically, when I deploy a Python program to a BBC Microbit, that’s (more or less) what is happening. Pure Python code is making every decision, and is interacting directly with all available hardware.

We could still argue semantics - virtually no (modern) computer exists that isn’t running at least one tiny binary compatibility driver written in C.

I believe the compiled C binary on a BBC Microbit to bootstrap a pure Python OS is incredibly small, but my best guess is that it’s still present. The C library for Microbit needed to exist for other languages to use, and Python likes calling C binaries. So I don’t imagine anyone has recreated it in pure Python for fun (and slower results).

(Edit: As others have pointed out, I’m talking about MicroPython, which is, itself written in C. The Microbit is so simple it might not use MicroPython, but I can’t imagine the BBC Microbit team bothered to reinvent the wheel for this.)

Of course, if you don’t mind that the lowest level code has got to be binary, and very few people are crazy enough to create that code with Python, then…

It begs another interesting question: Just how much of an OS can we get away with writing in Python.

And that question is answered both by RedHat Linux and Debian Linux - and the answer is that both are built with an awful lot of Python.

In contrast, Android is mostly Java with lots of C a C Linux kernel. Windows is mostly C# and lots of C. iOS is mostly Objective C and lots of C.

You can have an OS built with almost any language you want, as long as you also want parts of it built in C. (Edit: This is meant to amuse you, not be guidance for what is possible. Today, we love our C code. C didn’t always exist, and might someday no longer be our favorite hardware driving language.)

An interesting current development is discussion around rebuilding parts of the Linux Kernel with Rust, which can run just as fast as C. This would effectively cause RedHat, Debian and Android to replace some of their C code with Rust. To date, there’s been a lot of interest and discussion and not a lot of (any?) actual funding or work completed.

This is my moment to shine. I hire developers specifically for their Cybersecurity qualifications, and I always look at their GitHub profiles.

So… There’s like a security badge you can get? Neat.

But no, I guess I don’t care about that.

Lol. Yeah. Your point stands.I’m not disagreeing with or trying to correct you. Sorry if my comment came across that way.

I’m just trying to commiserate that cowboying changes into production is so common that it is some folk’s work reality, even on well run teams - i.e. when their peer’s teams are poorly run.

They’re referring to the tendency to reload the dev environment from production a couple times each year, while production is being tweaked daily without any record of changes applied.

Remember, however bad our own shop is, someone out there puts up with crap that even our own team doesn’t have to put up with.

Yeah. Warning - uninvited poetic waxing on feature flags and leadership choices, incoming…

We all agree we inevitably do some live testing at our customers risk, because no test environment is perfect.

With feature flags, we’re able to negotiate how many of our customers to test on, at a time.

But some of us prefer to forgo feature flags and risk our entire customer base on every change. It saves money, at least for a little while.

I’m not exactly fun at executive leadership meetings, but somehow I keep getting invited to them. Heh.

Absolutely.

My environment sucks almost as much as the next one. It just pays better and we get to be angry at difficult real problems caused by the previous people, instead of stupid self-inflicted problems caused by our own shortsightedness.

Edit: I mean, there’s still some problems caused by our own shortsightedness, obviously.

And technically I didn’t say you would like my answer, just that I’ll pay more because you asked. Lol.

Why does my Xbox video game account have better security than my money?

One is designed to securely collect and keep as much of our money as possible, and the other is just a bank.

you want domain admin access to every computer/server you touch as well?

Heh. I’ve had it. It’s not all it’s cracked up to be. And I didn’t even get one of those humorous “all I got was this lousy T-shirt” shirts.

Asking questions like that can cause hiring managers like myself to have no choice but to offer you higher pay grades, because that question is a strong signal of experience.

Why you do it?

The pay range in my country varies between comfortably above a living wage and holy cow, that’s quite nice.

Can I get a browser built entirely on Electron?

Yeah. I know in my heart that I will get off my ass and move some projects over to Codeberg after federation arrives.

Hopscotch is the one I’ve been recommending, but it has a “use us before we also enshitify” vibe, so I’m going to check out Insomnium, the open fork of Insomnia.

I’m genuinely wondering, if this is a situation where the open-source community just uses curl and that’s why there’s only corporate gunk for those who want more features.

Yeah. Pretty much. As one of the folks who could code a new solution in go in a weekend, I have not - because curl plus some trivial one-liners in Bash, Python or PowerShell is already a 90% solution to what I need.