Whole-known-network
@nik@misskey.bubbletea.dev @lucy@netzsphaere.xyz this protocol is dog shit
@nik@misskey.bubbletea.dev @lucy@netzsphaere.xyz man if i’m in my thirties i want to be like lain and shp and mia and all the other cool people
<p><a href="https://netzsphaere.xyz/users/lucy" class="u-url mention">@lucy@netzsphaere.xyz</a> by then I hope there will be a better fedi and I'll be on that</p>
i wonder how many of you will still be around in a decade or two
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@rst" class="u-url mention">@<span>rst</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@tinker" class="u-url mention">@<span>tinker</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@AndresFreundTec" class="u-url mention">@<span>AndresFreundTec</span></a></span> you're making a mistake thinking I'm unaware of the rhetorical trick you're employing. I am. I simply do not acknowledge it as legitimate</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@rst" class="u-url mention">@<span>rst</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@tinker" class="u-url mention">@<span>tinker</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@AndresFreundTec" class="u-url mention">@<span>AndresFreundTec</span></a></span> that's not the usual definition of a "supply chain"; that's the definition of a "supply chain" that CISOs came up with as an attempt to pawn off their responsibility on unpaid labor</p><p>literally anywhere else your "supply chain" consists of organizations you're paying in exchange for services and labor</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> 100%, can’t have populism in the imperial core without sprinkling in some imperialism now can we</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@tinker" class="u-url mention">@<span>tinker</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@AndresFreundTec" class="u-url mention">@<span>AndresFreundTec</span></a></span> The usual definition of "supply chain" is all the places where you get your code -- whether a contractual relationship exists, as in, say, the SolarWinds attack, or not, as in the case described below. And consequences for the victims are the same either way, so focusing on having legal paperwork is a distraction, not a defense</p><p> <a href="https://www.reversinglabs.com/blog/more-malicious-npm-packages-found-in-wake-of-jumpcloud-supply-chain-hack" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://www.</span><span class="ellipsis">reversinglabs.com/blog/more-ma</span><span class="invisible">licious-npm-packages-found-in-wake-of-jumpcloud-supply-chain-hack</span></a></p>
<p><span class="h-card" translate="no"><a href="https://social.ridetrans.it/@analogist" class="u-url mention">@<span>analogist</span></a></span> (the "natsec" framing is still pulling up the ladder in a way, just across national boundaries rather than craft boundaries)</p>