Data Science

  • 20 Posts
  • 138 Comments
Joined 2 years ago
cake
Cake day: June 17th, 2023

help-circle


  • I’ve been comparing crates on crates.io against their upstream repositories in an effect to detect (and, ultimately, help prevent) supply chain attacks like the xz backdoor1, where the code published in a package doesn’t match the code in its repository.

    The results of these comparisons for the most popular 9992 crates by download count are now available. These come with a bunch of caveats that I’ll get into below, but I hope it’s a useful starting point for discussing code provenance in the Rust ecosystem.

    No evidence of malicious activity was detected as part of this work, and approximately 83% of the current versions of these popular crates match their upstream repositories exactly.







  • "All punctuation will be considered but avoided where possible because street names and addresses, when stored in databases, must meet the standards set out in BS7666.

    “This restricts the use of punctuation marks and special characters (e.g. apostrophes, hyphens and ampersands) to avoid potential problems when searching the databases as these characters have specific meanings in computer systems.”

    This seems like a dumb line of reasoning. The problem has never been the signs or punctuation in a database. It’s that the people in charge don’t even know what BS7666 even says.









  • Engineers over index in their own ways, but I think you’re spot on with decoding the PR speak.

    The Python team was very involved with the Python Software Foundation and was influencial with directing priorities for the Python programming language reference implementation (which is by far the most widely used implementation of Python). Google just gave up their say in how the language will evolve. Seems like an incredibly bad strategy. But then again, Google has been, from a financial perspective, nothing more than a digital classified ads platform for decades. If a smart MBA were running Google they’d start spinning off divisions into new IPOs and cashing in with dividends like other large conglomerates have done in the past when they have stopped inovating or actually commit to their projects long term.






  • Seems like political tensions stemming from developments with situations Israel/Gaza/Iran and Ukraine have piqued the discontentment over accepting donations from organizations that profit from contracts with the US DoD.

    The lead developer/organizer of the NixOS project seems to be pro authoritarian in their political values and this has also lead to an uneasiness amongst a number of contributors although things seem to be civil overall.

    It seems that the “toxic” behavior from Hamilton was derailing technical discussions over concerns about the funding from military contractors.

    I may have got some of this wrong, but it seems that everyone involved is trying not to draw attention to the broader political aspect of the schism in the community. So people out of the loop are having trouble figuring out what is going on.