Mastodawn

The libxml2 maintainer is no longer accepting embargoed security reports. They just get treated like regular issues.

This bit in a comment on the announcement really resonates with me:

> these companies make billions of profits and refuse to pay back their technical debt, either by switching to better solutions, developing their own or by trying to improve libxml2.

Too often a company will depend on some library, and then when there are issues with it, shame the maintainer into fixing them. "There's a problem with your project, it is your responsibility to fix it".

No.

You chose to build on top of this library, and with that took on all responsibility that comes with that choice. Any tech debt or bugs are now YOUR tech debt and bugs. What are you going to do about them?

https://gitlab.gnome.org/GNOME/libxml2/-/issues/913

Triaging security issues reported by third parties (#913) · Issues · GNOME / libxml2 · GitLab

I have to spend several hours each week dealing with security issues reported by third parties. Most of these issues aren't critical but it's still a lot of...

GitLab

Caitlin Condon 1d ago

Ben Ramsey 4d ago

libxslt project maintainer steps down, citing the amount of time it takes to triage embargoed security issues.

“I’ve been doing this long enough to know that most of the secrecy around security issues is just theater. All the ‘best practices’ like OpenSSF Scorecards are just an attempt by big tech companies to guilt trip OSS maintainers and make them work for free.”

https://gitlab.gnome.org/GNOME/libxml2/-/issues/913

Triaging security issues reported by third parties (#913) · Issues · GNOME / libxml2 · GitLab

I have to spend several hours each week dealing with security issues reported by third parties. Most of these issues aren't critical but it's still a lot of...

GitLab

Caitlin Condon 1d ago

M.S. Bellows, Jr.1d ago

Dear Entire World:
We're sorry. Most of us, anyway. So fucking sorry.

Show thread

Caitlin Condon 1d ago

Remedies for jet lag parts 2 and 3

Caitlin Condon 2d ago

Meredith Whittaker 4d ago

'Meredith,' some guys ask, 'why won't you shove AI into Signal?'

Because we love privacy, and we love you, and this shit is predictable and unacceptable. Use Signal ❤️

Caitlin Condon 2d ago

I don't know why, but it's endlessly amusing to me that "wanton noodles" is a popular (and fucking delicious) dish in Singapore. These noodles ain't demure or mindful, they're here to sex it up!

Caitlin Condon 3d ago

Sam Bowne

3d ago

Eight-foot-tall ‘Dictator Approved’ sculpture appears on National Mall https://archive.is/Eeiu1

Show thread

Caitlin Condon 3d ago

@TheOldGuy oh my god, HEROES

Caitlin Condon 3d ago

Remedies for jet lag part 1

Caitlin Condon Jun 13

Reilly Spitzfaden (they/them)Jun 12

I have a laundry list of reasons I refuse to use “generative AI,” but this is by far the biggest one:

“The real threat posed by generative AI is not that it will eliminate work on a mass scale, rendering human labour obsolete. It is that, left unchecked, it will continue to transform work in ways that deepen precarity, intensify surveillance, and widen existing inequalities. Technological change is not an external force to which societies must simply adapt; it is a socially and politically mediated process. Legal frameworks, collective bargaining, public investment, and democratic regulation all play decisive roles in shaping how technologies are developed and deployed, and to what ends.”

https://www.versobooks.com/blogs/news/is-the-ai-bubble-about-to-burst

#AI #GenAI #GenerativeAI #ChatGPT #Labor #Work

Is the AI Bubble About to Burst?

In the years since Automation and the Future of Work first appeared, a new wave of technological enthusiasm has swept across the popular imagination. The catalyst this time has been the rapid advances in generative artificial intelligence, spearheaded by companies like OpenAI, Google DeepMind, and Meta. Once again, a c

Verso