Right now the only codebase I care about them fixing vulnerabilities in are the 3800 repositories that got stolen from GitHub.
"Vulnerabilities in the software that makes the internet" is honestly lower priority than "The platform that the software that makes the internet uses to make releases" If buyers of those internal repos find ways to break into GitHub such that they can cut software releases, or poison github actions from a distance, then we're all in a very ugly mess.
Don't forget that in those 3800 repos is likely also npmjs.org itself.
yet. The hallmarks of enshittification are there. We've all been through the cycle of "this product is too good to be true, and provides considerably more value than it costs" "Customer Acquisition/Market Capture" phase. And we know what has to come next. They have to make the product profitable, because you cant just burn up VC money forever.
Theres two different steps, there is signing and there is notarization. You sign with the developer certificate using productsign/codesign, and then there is notarization, which you use notarytool to submit your signed binaray to apple to notarize.
finally you then take their response and staple it to your binary. Its a lot of steps.
The meme investors can stay irrational long before gamestop gets a growth story. If they haven't given up on their get rich quick scheme that's lasted over five years now, I really don't think they're going to jump ship now.
The sad part is that gamestop is offering 55 billion, yet only has 9 billion in cash. The only way they come up with that much capital to buy ebay is to dilute the existing shareholders to a point that "to the moon" will just be moondust.
Yeah, thats FUD. Cloudflare hasnt called anybody demanding huge sums of cash and holding your domains hostage. As a registrar they're fine, dont play scammy scum upsell games (because they have a real business model that isnt just registration skim).
If you’re not capable of setting up DMARC correctly then it’s a safe assumption you aren’t capable of adequately securing your email server. Which is even easier to mess up with much higher consequences. Even if you are not intending to be a spammer, if your server gets pwned you will become an unwitting one.
I set up my orgs SPF/DKIM/DMARC (we self host, they have feelings about corporate data sovereignity...) it look about 30 min having never touched them before, and maybe another 15 to write an ansible playbook to rotate the keys.
We do have a _tremendous_ amount of spam fail these checks, as well as a few legitimate organizations.... Some of our peer companies have sent out notices that they will bounce anything that fail these checks in the coming years, and we're probably going to to do the same before too long.
"Vulnerabilities in the software that makes the internet" is honestly lower priority than "The platform that the software that makes the internet uses to make releases" If buyers of those internal repos find ways to break into GitHub such that they can cut software releases, or poison github actions from a distance, then we're all in a very ugly mess.
Don't forget that in those 3800 repos is likely also npmjs.org itself.
reply