Whole-known-network
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> The thing that irks me about the whole OSS supply chain discussion is that software companies seem to want a similar amount of security and responsibility, but donβt want to pay for it. OSS software is delivered for free and as-is, and to me that seems incompatible with providing these assurances.</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> The result is that for a well maintained commercial vessel there are no surprises, and every part is traceable. </p><p>The cost of this process is worth it to prevent an Ea Nasir selling you bad copper, or your submarine imploding. Both the supplier and a third party have officially stated that the widget will work and have taken at least some responsibility for it. </p><p>(Though Boeing is an example of what happens if you start messing with that process)</p><p>β¦</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> The thing in shipbuilding is that you have to hire a class society like DNV or ABS that independently verifies that the vessel you built will work, and that no shortcuts were taken. </p><p>This means that from drawings, to steel, to component, to the entire ship, somebody has tested and verified that the thing you're using is actually fit for purpose. And you have a piece of paper with some signatures to prove it. None of these certificates are free.</p><p>...</p>
<p>Very fun read!</p><p>10 > 64, in QR codes <a href="https://huonw.github.io/blog/2024/03/qr-base10-base64/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">huonw.github.io/blog/2024/03/q</span><span class="invisible">r-base10-base64/</span></a></p>
<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@cheeseanddope" class="u-url mention">@<span>cheeseanddope</span></a></span> are they like... documented? are there schematics?</p>
<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@lispegistus" class="u-url mention">@<span>lispegistus</span></a></span> i.e.: I think this is too reductionist and insufficiently nuanced for the problem at hand</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> <span class="h-card" translate="no"><a href="https://nixos.paris/@raito" class="u-url mention">@<span>raito</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@flaviusb" class="u-url mention">@<span>flaviusb</span></a></span> <span class="h-card" translate="no"><a href="https://bsd.network/@cynicalsecurity" class="u-url mention">@<span>cynicalsecurity</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@dymaxion" class="u-url mention">@<span>dymaxion</span></a></span> you also cannot hold those rocks or hold them liable. You have to pay someone else to "mine" the rocks and "process" them to make them suitable for your purpose. That step is somehow missing from this discussion.</p>
<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@lispegistus" class="u-url mention">@<span>lispegistus</span></a></span> I think I don't follow this line of maximalist argument because it's been well established that we want *some* degree of control over information that is "just sitting there". even if you completely oppose any and all forms of IP (which even I don't do; trademarks have clear social utility, flawed as they are) you almost certainly don't want to be on completely unmoderated social media</p>