seds boosted
@rysiek And of course that's ignoring the real solution.

Supply chain risk is fucking easy to solve.
Know your dependencies, yourself as much as possible and then with other people you trust to make software repositories.
That's what distros are for, which also means that if you do not trust a software repo you've picked: Leave it.

It's also why I've been avoiding entire software ecosystems where dependencies are managed by stuff like dependabot without any reviewing process going on.
Or ones where librairies can't be packaged by themselves.

Rule of thumb: companies that insist in the GPTW should be avoided. They are generally WPTW (Worst place to work)

seds boosted

Another terrible feeling to have: when one of your goals ends up being one of your worst nightmare

it hurts to know that I had one expectation and the results were completely different.

seds boosted

Bet they don't have *this* emoji on twitter :catjam:

@kaushalmodi interesting, this might help me with some future refactor I plan to do

almost 32 years of Python, and they haven't had a chance to get a decent, fast package manager


seds boosted

Open Source Textbook: Introductory Statistics with Randomization and Simulation -


The original server operated by the Mastodon gGmbH non-profit