Wednesday, January 4, 2023

"You are not buying from a supplier, you are a raccoon digging through dumpsters for free code."

On a private slack (fun way to get much of the pleasure of social media without being in a global space... if you can find the right one) someone posted I Am Not A Supplier, about the the sometimes surprisingly brittle "Software Supply Chain". My thoughts were:

It's a tough one. Like my first thought is, what if there was a way of paying for the software libraries. (admittedly the renumeration would end up looking more like Spotify :-D ). But then a lot of individual folks wouldn't actually want to be legally liable if their code was responsible for something...

I know I suffer from "NIH"/Not Invented Here, and I prefer to keep things vanilla and what's baked into a well-established thing like a browser or PHP itself. But I also know that doesn't scale, and when you get to something seriously mathy and big, like an SSL library or what not, it's hopeless.

It does make me think back to the Linux vs Microsoft days. I guess one thing is Microsoft was willing to take on more liability, top to bottom. But cheaness (along with some more elegant design philosophies) won out...

Definite shades of that "I’m harvesting credit card numbers and passwords from your site. Here’s how." I wrote about a few years ago.



No comments:

Post a Comment