I mean, I agree, but i'm on the consumer side of that interaction. And I'm a huge advocate for hiring interns and training people up from there, but the MBAs get stroppy about that.
More people in trades isn't a solution, it's a critical need. It was getting to the point there for a while where you couldn't find a qualified tradesperson to do HVAC/Plumbing/Electrical work who didn't have a 6 month backlog for love or money, and there were more specialized trades which very quietly were in danger of not having enough people to apprentice up the next generation. There's a correction there that needed to happen, and it's a good thing for everyone that it did.
I think of it like a bid for the work order. In fact, I think I read somewhere that that's explicitly how it works for instacart: the tip values are shown before the insta employee/contractor picks up the job, and they're encouraged to only take the ones that pay worth their time.
I always figured it was intentional but for the other reason: screws soft enough that overtightening can't damage/crack the multi-thousand dollar components, the screw head cores out first.
Facts. His claim of there being no performance impact is especially dubious because A) he didn't actually remove it, he bypassed an authentication step and B) The 'only checks every few seconds and at level loads' is only the parts he definitively recognized as part of denuvo. At best, he only proved that denuvo removed by a 3rd party is no more a performance hit than leaving it running, and it's more likely that all he proved is that this method of bypassing denuvo provides no performance gains. I'm sure it was neat as a project, but this comes off to a 3rd party like some 'we investigated ourselves and found no wrong doing' shit.
The fact that that person happened to be looking on a system downstream to this one, while also having the context needed to pin it back to xz in particular is the lucky part. The same attack in any of countless other places wouldn't have gotten spotted the same way, or as quickly. That's not to say diligence on Freund's part wasn't a big factor here, but it's important to identify that luck was a big factor.
Yeah, identity is a real problem, but someone posted a proposal to solve for that that looks perfect for this sort of thing. Wish I remembered what it was called, but basically each account could attest for the others via export of encryption keys/signatures so while you has multiple 'accounts' there was only one identity which was pointed to in the signature blob.
The tricky part would be getting everyone (matrix, lemmy/kbin/mbin, pixel fed, and masto) to conform to a single identity standard. If one existed, I could see them implementing it, but we're not there yet.
I can sort of see why a chat client wouldn't have a use for activitypub/federation, with the possible exception of identity sharing once that starts to take off.
I mean, I agree, but i'm on the consumer side of that interaction. And I'm a huge advocate for hiring interns and training people up from there, but the MBAs get stroppy about that.