Sharks are cool and comfortable!


Elden Thing | Back & Body Hurts Platinugggggh Rewards Member


Profile pic and banner credits: sharkaeopteryx art by @superkiak! eggbug by eggbug! Mash-up by me!
[Alt-text for pfp: a cute sharkaeopteryx sat on the ground with legs out, wings down, jaw ajar, and hed empty, looking at eggbug and eggbug's enigmatic smile.]
[Alt-text for banner: a Spirit Halloween banner with eggbug and the sharkaeopteryx that Superkiak drew for me looking at it with inscrutable expressions]


I'm a Vietnamese cis woman born and currently living in the U.S. You may know me from Sandwich, from Twitter or Mastodon (same username), or on Twitch as Sharkaeopteryx. I do not have a Discord or Bluesky account.

Ask me about language learning/teaching, cooking/eating food, late diagnosis ADHD, and volunteer small business mentoring. Or don't, I'm not the boss of you.


I think people deserve to be young, make mistakes, and grow without being held to standards they don't know about yet and are still learning. So, if you are under 22, please don't try to strike up a friendship or get involved in discussions on my posts.


Please don't automatically assume I follow/know/co-sign someone just because I reposted something from them—sometimes I do, sometimes I don't. Also, if you think being removed as a follower when we're not mutuals is a cardinal sin, please do not follow me.


🐘Mastodon
search for @sharksonaplane@mastodon.sandwich.net and hit follow if you want
Hang out with me on the Auldnoir forum! (you can DM there!)
discourse.auldnoir.org/
Follow me on Twitch
twitch.tv/sharkaeopteryx
Add my RSS feed (not working yet but I'll get to it!)
sharkaeopteryx.neocities.org/rss.xml

CadenceCivet
@CadenceCivet

Possibly my biggest issue with the philosophy of having passionate individuals maintain and build critical infrastructure is that you've basically created a FOSS project, but now you're using it to run critical infrastructure.

And judging by what I've seen on Mastodon about the xy backdoor, placing the onus of the blame on the individual who wasn't policing pull requests for what seems like a significant portion of the infrastructure as a whole (please correct me if I'm wrong here) seems to be the preferred approach.

Now, I'm a complete dumbass when it comes to Linux systems, but a supply chain attack that can compromise a Lot of Shit because one person is the single point of failure makes me squint my eyes so much they may as well be closed.

Isn't this the same community that welches about putting one's eggs all in one basket like with the Microsoft or Apple spaces? And yet...

I'm not liking what I'm seeing and I'm not too confident that FOSS communities are willing to nor will they possibly learn something from this if their takeaway isn't "Don't build so much shit off of the idea that Bob Will Never Fuck Up"


CadenceCivet
@CadenceCivet

Having been repeatedly physically threatened by Washingtonian voters in person when I worked for the state park system, voters, who through voting for legislators enabled the passing of the SB 5622 bill in 2011 so that they would have to pay for user fees for parks instead of having a massive amount of them shut down due to a lack of money to fund them otherwise...

Generally have no fucking idea that it costs money to maintain things and hire people to maintain these things, and then make sure those people stay there, by funding higher wages and benefits and pension programs.

In short, people take public services for granted until they do not exist. I accept this as a general rule.


You must log in to comment.

in reply to @CadenceCivet's post:

If I had to put a rosy take on the culture of this: the exploit was caught by a Debian packaging maintainer, someone who is totally independent from the people who wrote the original code and who works for a nonprofit. They did this while microbenchmarking and debugging the unstable branch while getting it ready for stable release, and they only caught it because they started stepping through the executable and noticed it certainly didn't match the source code. With a proprietary OS, getting a new experimental version that has some small slowdowns in a remote access tool is Tuesday, and detailed analysis is only possible for the vendor.

That said, I agree deeply that the whole approach of "idk let's just trust the guys we implicitly trust and continue to hope their free labor is top notch" is flawed -- I'd love to see a FOSS guild or similar, where commercial end users either pay the guild a percentage of their gross or suffer without the giant stack of high-quality software it provides. Of course, given the vocal minority of right-libertarian shitheads in the greater community, I'm not optimistic we'll see such a united front for mainstream projects any time soon.