Well it’s going to put a damper on my Ansible “coding”.

You think I want to properly learn that piece of junk? It was obsolete and archaic before it was released, and it survives on naivete and churn cost and nothing else. There is no part of my time doing yaml for Ansible that I want to actually retain or build on, and without chatGPT to slop-in the changes I need to make, I may be forced to do it myself. And I lack the crayons now and alcohol for after.

Actually subjecting my brain to Ansible directly in real-time is a horror. It is just so fucking lame compared to everything else – it even pales compared to the DevOps we were doing in 2002 before it was even called that. Let my have my robots to slop the Ansible and save my sanity !

I think for about 2 weeks Voat had potential. Then the Nazis moved in and it was doomed.

This sounds like a reeeeeally bad company doing shit work. Toronto? Which (pub)cloud is Canadian, anyway?

The five-assed monkey of cert lifetimes.

As useless measures go this will certainly be one; especially while CRLs are a thing.

This website is a blank page.

Ha ha ha.

I love how lennart’s cancer tries to replicate fucking syslog and it’s this bad. What a mess the kids worship.

Every part of what you just said can be encapsulated in proper packaging so you don’t even need to care – about pre/post upgrades, or even dependencies and checks before it starts.

The lack of a proper release is the absolute only thing keeping me from using it.

Bill Gates spent a lot of his pro years running a bad company quite well, and exploiting a dominant position in the market that any soulless biz guy would love to have.

He seemed to get a conscience around the time he stopped running the show, and seems to be different while not regretting his behavior in that phase.

I think we can decide he was a bit of a cock back then, while still noting he’s done some good work since. We are nuanced enough, right?

The installation workflow begs for supply-chain exploits. Given this and its oob install, it probably breaks iso27002 as well.

I’ll wait. NextCloud and OwnCloud both have 27002-compliant installs (the latter needs some review), so I need to stick with those.

The same can happen for maven, crates, gomods, and other.

Yes.

The problem is [intricate dependencies]

Nah. Dependencies are fine. The method of bringing those in and validating them is where the supply-chain risk accumulates. We knew better when we still had mentors.

Only a risk to those using npm; doesn’t matter where they exercise those bad dev procedures. Don’t quit using GitHub if you’re already okay with all the other issues it has.

Still container-dependent?

Sometimes, an app can be an app and not some hosted web service mess.

Remind me of the recent source ownership issue? I thought there was a “thanks for all the community work over a decade and we want to participate; oops now we own it” story.

This.

You install a virus scanner on your smb fileshare or your mail server, for instance, and pipe attachments through it to protect windows boxes. That’s the only sensible use.

Yet, idiots make policies like “all servers must have AV installed for safety” and thus some shit app sucks down all the CPU time and scans memory (ohai PCI compliance) just because the CTO doesn’t know what ‘less’ does.

OCIS is a modern app that is massively better since its written with modern languages / frameworks

Ah, the sparkle makes it better? I know a guy who made his RAM light up in his plexiglas case, and claims it made the computer faster. Same deal?

OCIS talks a good talk, almost suggesting it’s enterprise and scalable and such, but it still suffers from the same supply-chain risk that all the black-box container miasma does, and the same “just get your kerbal space shuttle launching and then you too can host this awesome simple install” math. The ‘single black-box binary’ isn’t a good fall-back measure.

Now, I realize I’ve cast aspersions on our holy neu-paradigm installation fad, and I get the downvotes. If people don’t understand why validation is an important part of the validation-proves-consistency-thus-reliability of enterprise build/release, that’s okay. Most people don’t know they even need proper releng practice anyway, but may react with downvotes. But we need to do better where it matters; and that’s a line that’s going to seem as arbitrary as a bedtime is to a tween.

Kaspersky isn’t there to protect us; just to fill a niche and create business for itself. Idiot nepo CTOs who don’t know better can be coerced to sign a fud-based invoice and then they make bank.

Npm says what? Random appimages and flatpaks would like a word as well.

It’s true we generally need no antivirus - so far every demand to install one is rooted in stupidity, including policy built by stupidity - but we’re losing the struggle to not install random shit like idiots.

Appimages and flatpaks frustrate validation and thus break iso27002.

Anything else?

This. If I pay the cost in frustration and anguish and soul-searching and demanding justice from an uncaring god, I want something for it. I want documentation. I want my lessons learned from the post incident review. I want something I can hack into mgmtConfig to make sure nothing else will do that too.

Struggling for no payoff is the absolute worst thing.