Don Browne

(1/2) 👋 We made some big announcements today at the #OSSummit. Here's the first. Today, we're introducing the OSS Trust Graph, a way to model trust in #opensource ecosystems. It maps the connections between open source contributors and projects, and, through our “proof-of-diligence” algorithm, uses that data to build an understanding of the relative safety and sustainability of those projects. We think this Trust Graph can help in two ways: 1) Identifying malicious activity. We can’t say with confidence that the OSS Trust Graph would have uncovered the XZ vulnerability, but we believe it’s a step in the right direction. We know that the hostile actors’ introduction of many relatively unknown “sock puppet” accounts would have driven down the score of the project. While there would be a fair amount of activity, the introduction of relatively unknown individuals all contributing to the same project would lower the project’s score, providing a signal to the community. 2) Identifying open source projects that need support. Through changes in scoring, the OSS Trust Graph could help us understand when high-contributing maintainers leave a high-scoring and widely used project, leaving it vulnerable to being abandoned or to a hostile takeover. Likewise, it could help identify high-scoring projects with a low number of high-scoring maintainers that could benefit from additional support and funding. Read more about this and sign up for private beta access here: bit.ly/3w6y5HH

(2/2) Our second announcement: Minder Cloud! Having high-quality intelligence about open source packages is only as useful as an organization’s or a community’s ability to drive policies that shape developer behavior. That’s why we launched the open source software security platform Minder last November, as a way to apply and continuously enforce policies across the software delivery lifecycle. Today, we are launching Minder Cloud, a fully managed version of Minder that makes it easier for open source developers and communities to set up and enforce policies to help them produce safer, more sustainable software. To that end, we have committed to making Minder Cloud free forever for use on public repositories. Read more and get started with Minder Cloud here: bit.ly/4aynMv4

@phoronix @AlmaLinux Note that RHEL 8.8 only came out two days ago, and not the same time as 9.2: #RHEL8" target="_blank" rel="nofollow noopener">access.redhat.com/articles/3078#…

.@AlmaLinux 8.8 Released For Those Relying On RHEL8 phoronix.com/news/AlmaLinux…

@adamgordonbell Crystalites?

What should users of the Ruby-like language Crystal call themselves? crystal-lang.org

@nahratzah I saw the tweet message and for a brief moment interpreted organ in the “vital body organ” sense of the word.

@nahratzah I’ve missed deadlines for those things by multiple months, and I _had_ access. IOW - don’t worry.

@unadevine @Kopp1969 @Ashstartsover If you don't care what the answer is, it's not a good question and you shouldn't ask it. Totally agree that getting the candidate to just talk is important, but I think a lot of people will freeze up or overthink this question.

@Kopp1969 @Ashstartsover Well you don’t know, do you. I used to ask throwaway questions in interviews, it relaxed people, and you’d learn more when they let their guard down. I don’t think those people interviewing your daughter would have placed much emphasis on her answer for a sandwich job

18 year old daughter did an interview for a partime job in a sandwich bar to have a few bob for college. She was asked, "where do you see yourself in 5 years time"? It is such a stupid question with no purpose. Only an inexperienced interviewer would ask it. She's only 18 FFS.

@nahratzah I know Fortran, but I have no idea about this stuff. String handling under Fortran is ugly and best given a wide berth.

@nahratzah Did the current heatwave kill it?

@stankowic_devel @VMSSoftware This happened to me as well

The x86 webinar with Clair Grant is today at 10 AM EST! Register here if you haven't: vmssoftware1.webex.com/mw3300/mywebex…

@VMSSoftware Nice touch with the shark - you folks should create a VSI version of the old shark logo for x86: upload.wikimedia.org/wikipedia/en/7…

VMS Software Inc. wishes everyone happy winter holidays!

@nahratzah Really sorry to hear it :(

@nahratzah Even more confusing - An Post switched from anpost.ie to anpost.com a few years back

@MuirCait ... I had to look up Perspicacious in the dictionary

@adamgordonbell Maybe he’s meant to request a 50:50 so that C becomes the right answer

@nahratzah Hope Flip is ok. Might want to ask the vet to provide some sedatives in case Flip has some more seizures in future.

@nahratzah Is Virgin Media your ISP? I had to restart my modem multiple times today.

@nahratzah I think it’s included in IE11, which can be removed. The Edge browser is basically just reskinned Chrome

@Luas one of the ticket validators at Rialto has been flakey for a couple of months - says it cant validate the ticket when the other machines are able to. Can you please fix.

@Luas This thing at the Rialto Luas stop has been beeping all day/night long for a number of days... can you make it stop?