Thomas Depierre

@neil from an EUC perspective, look at it like France's would. This is not about being fully independent. This is about reducing dependency so that you can be less impacted if someone you depend on go bonkers.

Look at the ICC sanction situation to understand where they come from.

They don't care about geographic borders. They care about outcome. Like. We all depend on the US not blocking the use of package registry. We could setup a new one ofc, not that hard. But we would be vulnerable in the meantime and it would inflict significant cost.

Also note. Commercial software, even european, is still mostly made of FOSS. So the EUC sees it as a massively strategic thing to ensure that the FOSS can keep flowing.

Mar 19 at 7:23amWeb
Show threadThomas DepierreMar 19

@neil the whole "replace microsoft" discussion is sadly missing the forest from the tree. It matters, kinda, but it is a few decades late. Software changed since then

Language package managers are more like rare earth production.

Show threadThomas DepierreMar 19

@neil on cost, i have two pieces and more to come, but mostly... I think it would be cheaper than we think to massively reduce risks and threat over the whole thing

https://www.softwaremaxims.com/blog/hobbyist-gravity-well

https://www.softwaremaxims.com/blog/how-foss-won-consequences

The Hobbyist Maintainer Economic Gravity Well

In the OpenSource Supply Chain discourse in the past few years, we got many versions of the same article. The title is usually something like “unpaid maintainer of library X demand Big Company to shut up or pay them money”. There are variations on that theme, like Github Sponsors launching, pieces that explains how the CRA will magically make companies pay maintainers, etc. It is usually cheered on by the peanuts gallery, which applaud making the Evil Big Tech pays for the abuse they impose over their “exploitation of the Commons”.

Musings about software
Show threadThomas DepierreMar 19

@neil i hint at solutions there, but I am still trying to put it into nice words that makes sense to policymakers.

https://www.softwaremaxims.com/blog/memory-safety-end-history

Where did the Rust go?

There is a term that is on a lot of lips lately. “Memory Safety”. The theme of the early 10s for software security is “Move to memory-safe languages”. You hear and see it everywhere

Musings about software