Your response was to call my argument sarcasm. That is directed at me rather than what I said. That’s quite literally, not figuratively, the definition of sarcasm.
I wish you the best of luck. You don’t seem to be interested in the comments unless it agrees with you and you have yet to share a perfect resource. Have fun!
I took the things defined in the comments responding to mine and extended them. If we can’t share a mixed bag, all of the things I highlighted are out. It would be logically inconsistent to think otherwise starting from your conclusions. Either we have perfect resources or we have, as I called out, to pick and choose our battles. I want to see a perfect resource not ad hominem.
Edit: genuinely surprised to see someone on a CS instance not understand reductio ad absurdum/impossibile (depending on how you feel about Gang of Four)
I’m all for it! What’s the resource that solves this problem?
It must be perfect since we can’t ever give mixed bags of advice. There are apparently better resources although I didn’t see one in the article and things like Code Complete and Pragmatic Programmer address a lot of the same things. Hell, we probably shouldn’t talk about The Mythical Man-Month anymore either. Do we also throw out Design Patterns since singletons are arguably bad design these days?
I feel like it’s wrong to idolize anything in the same way that it’s wrong to throw out many things (there are some clear exceptions usually in the realm of intolerance but that’s unrelated to this). Clean Code, like every other pattern in software development, has some good things and some bad things. As introduction to the uninitiated, it has many good things that can be built on later. But, like Gang of Four, it is not the only pattern we apply in our craft and, like Agile, blind devotion, turning a pattern into a prescription, to Clean Code is going to lead to a lot of shit code.
Cognitive load helps us understand this problem a lot better. As a junior with no clue how to write production code, is Clean Code going to provide with a decent framework I can quickly learn to start learning my craft, should I throw it out completely because parts are bad, or should I read both Clean Code and all its criticism before I write a single line? The latter two options increase a junior’s extraneous cognitive load, further reducing the already slim amount of power they can devote to germane cognitive load because their levels of intrinsic are very high by the definition of being a junior.
Put a little bit differently, perfection (alternatively scalable, maintainable, shipped code) comes from learning a lot of flawed things and adapting those patterns to meet the needs. I am going to give my juniors flawed resources to learn from to then pick and choose when I improve those flaws. A junior has to understand the limitations of Clean Code and its failures to really understand why the author is correct here. That’s more cognitive science; we learn best when we are forming new connections with information we already know (eg failing regularly). We learn worse when someone just shows us something and we follow it blindly (having someone solve your problem instead of failing the problem a few times before getting help).
I’m gonna be super hand-wavy with citations here because this a soapbox for me. The Programmer’s Brain by Felienne Hermans does a good job of pulling together lots of relevant work (part 2 IIRC). I was first introduced to cognitive load with Team Topologies and have since gone off reading of bunch of different things in pedagogy and learning theory.
Just alias pdoman=podman. I do that with all my common typos.
I’ve got friends at Boeing on DoD contracts. Not only is it waterfall, it gets tested hardcore. My experience in private industry is the exact opposite. A consultancy I know of just lost (pretty sure) a state contract because they opened shit up to the public because, surprise surprise, they didn’t test their infra changes.
Now I will say that when I have had to manage client SLAs and there is a cost to post-release defects and change requests, testing increases. Not to the level I’m super comfortable with (which is well below perfect, mind you; I like shipping more than once in a lifetime), but a bit more.
You highlighted the wrong portion of this article.
The complaint cites statements including from a March 5 conference call where Kurtz characterized CrowdStrike’s software as “validated, tested and certified.”
If the CEO is making claims that the software is tested and certified, then the CEO should be able to prove that claim, no matter where the software lives. It is very reasonable to say, at face value, the CrowdStrike testing pipeline was inadequate. There is a remote possibility that there were mitigating factors, eg some other common software update released right before from another vendor that contributed; given CrowdStrike’s assurances and understanding of where it falls in most supply chains I consider that to be bullshit. I personally haven’t seen anything convincing that shows a strong and robust CI pipeline magically releasing this issue.
Now shareholder lawsuits are bullshit in general and, as someone constantly pushed to release without fucking any confidence, I think it’s really fucking dumb to ever believe any software passes any inspection until you have actually looked at the CI/CD process in-depth.
I have not actually been able to use any Reddit results for awhile. It might be that I force old[.]reddit[.]com and Reddit has finally cracked down on that?
I was doing some Jinja templating in a Flask app the other day and VS Code would not respect my explicit file typing through the GUI over restarts. I had to change my file extensions and install an extension for Jinja syntax highlighting to get that to work.
I feel that pain.
The problems you’re facing aren’t very clear. Can you expand a bit?
Lots of things in VS Code just work if you use the non-FOSS version and don’t need to install any system dependencies. For example, there are a ton of code formatters that you can install and run without tuning (eg I installed a SQL formatted last week with nothing else to do). There are also some that you need underlying dependencies for (eg if you want Rust extensions to work, you need the Rust toolchain; same for LaTeX); however this is true in any editor based on my experience (although some editors eg JetBrains might mask that through their GUI). Across both options, you often need to tune your extensions based on your use case or even hardware in some cases (eg setting up nonstandard PATH items).
YMMV for VSCodium, the FOSS version, primarily because it relies on a different extension registry per the terms of use. You can get around this as a user; as a vendor they cannot. Outside of tweaking the registry I’m not aware of anything else you need to do for parity.
Edit: forgot to tie all this back to my opener. What do you mean when you say it requires all sorts of work? Are you experiencing other issues than something I called out?
You realize that Bitcoin is traceable, right? You kinda picked the wrong crypto to use as an example. Unless you’re completely in the Bitcoin system and never connect to any outside system or interact with anyone who interacts with an outside system or interact with anyone who interacts with someone who interacts with an outside system or so on (it’s not quite ad infinitum), you are most likely traceable. Tools like Chainalysis have been used by governments for almost a decade.
Your other points aren’t really valid if you ever want to convert Bitcoin to something that isn’t Bitcoin. I’m not aware of complete supply chains and grids that exist solely on Bitcoin (or any combination of crypto for that matter) so things like having control of your money, needing ID, and trusting centralized entities (sure, exchanges plural) are a huge part of Bitcoin.
It doesn’t sound like you have a good grasp on the differences between this case and Ross Ulbricht.
I wasn’t aware Silk Road was taken down via FISA. I’ve read all of the long form accounts of it that I’m aware of and I don’t remember FISA being mentioned at all. Can you share a source?
The baseline cloud certs should be much cheaper. AWS Associate tiers are something like 150/test.
You might also have luck with the big consulting companies. NTT, Slalom, Accenture, stuff like that. Might be less permanent but will pay pretty well.
If you are able to find a US govt job and can make it through the whatever period you need to be a contractor until you get hired on as a federal employee, this should cover you. I have a contact in a similar situation except cluster headaches. It’s going to pay less than private sector and you might have to learn some new skills for the right role. IIRC Softrams just landed a huge federal contract and hires warm bodies; might be a great place to start.
I’ve got a lot of contacts on the market right now struggling to land a gig that wouldn’t have struggled a few years ago. Do you have DevOps skills? Any security qualifications? Get both. Are you working on certs? Do some. Have you hired a resume service? Do so. The last two are things I normally think are kinda bullshit but they are edges that seem to matter right now.
As for a recruiting firm, I feel like all the good recruiters I’ve worked with would have advocated for me. That’s a total fucking crapshoot tho. I’ve worked with plenty that have shafted me. I don’t think there’s a specific firm for this problem.
The only feature that vanilla Make doesn’t have over this is solid Windows support.
I’ve evaluated a ton of these tools for CI/CD processes and common task management. So far I have found that Make is the best solution for task management unless you need strong Windows support. If you want to go crazy, you can use Autotools but that’s really only for builds not tasks. I get it; it’s cool to reinvent the wheel with a new feature that makes one thing a little bit easier.
As soon as I read about the shoe cell modem, I thought Eudaemons. It’s rad Ars called that out too!
If you’re writing a grant illustrating its military applications I don’t really care what else you want to use it for. Looks like we disagree about intention so have fun with that.
Did man write grants to show how said fire had military applications? If so, how dare they! If not your straw man is kinda lacking.
Other answers have only called out rotating the secret which is how you fix this specific failure. After you’ve rotated, delete the key from the repo because secrets don’t belong in repos. Next look at something like git-secrets or gitleaks to use as a local pre-commit hook to help prevent future failures. You’re human and you’re going to make mistakes; plan for them.
Another good habit to be in is to only access secrets from environment variables. I personally use direnv whose configuration file is globally ignored via the core.excludesfile.
You can add other strategies for good defense-in-depth such as a pre-receive hook checking for secrets to ensure no one can push them (eg they didn’t install hooks).