Hacker News new | ask | show | jobs
by oaw-bct-ar-bamf 1554 days ago
Or how about this. Don‘t use code that some stranger puts on the internet for critical stuff.

critical stuff has to be defined per application.

For controlling aircraft engines or car engines I for sure as hell do not accept unreliable packages.

That’s why contracts exist that hold software suppliers LIABLE for faulty software.
2 comments
eternityforest 1553 days ago
Until now, there was a social process of trust and reputation that was good enough.

At the moment, supply chain attacks seem to be mainstream enough that a normally trustworthy person could consider doing them, so trust becomes harder.

This is why you don't accept or encourage antifragile/vigilante/cowboy/etc behaviour, or any kind of sabotage of infrastructure.... now it's cool and trendy. There's millions of wannabe unabombers who just need any excuse to disrupt tech.

Remember that guy who wanted people to suddenly pull npm packages without warning?

Tech culture used to be way more awesome. Now it's a bunch of people who wish they were doing pure mathematics or random weekend tinkering, who hate their industry, and would be perfectly happy to see a lot of it gone, and a forced return to the days of paper notes and brass keys with no tracker.

link
YetAnotherNick 1554 days ago
The entire thing depends on the definition of unreliable. Is log4j unreliable? Is gcc unreliable? Are intel chips unreliable?
link
oaw-bct-ar-bamf 1547 days ago
Is there an entity behind the code / package / library that you are using that you can hold Liable in case of ill-behaviour. Don‘t use gcc for mission critical stuff. Use a compiler that is backed by people who are responsible for the compilers behaviour by contract. Greenhills / Hightec Alliums Tasking Compiler. The list goes on and on. As for chips: cooperate with the manufacturer. Specific your requirements for the chips behaviour. Get it manufactured. If it is available off the shelf and matches your spec, go on and buy off the shelf but TEST if it actually behaves like stated on the sales PowerPoint slide. If not report back to the manufacturer and get it fixed.
link