• Sign in
  • Sign up
Elektrine
EN
Log in Register
Modes
Overview Chat Timeline Communities Gallery Lists Friends Email Vault DNS VPN
Back to Timeline
  • Open on hachyderm.io

Thomas Depierre

@Di4na@hachyderm.io
mastodon 4.5.9

SRE. Elixir Dev. Learner in Resiliency. French.
All Opinions are my own. And i have a lot.

Co-Founder and President Haruspex.dev

dom. He/him.

Blog: Softwaremaxims.com
0 Followers
0 Following
Joined December 18, 2022

Posts

Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Apr 11, 2026
@gregprice @crazyeddie @kevinrns@mstdn.social @linuxiac I am in irregular discussions with people working with or around the EUC on their goals of FOSS sustainability. And also around finance from work.

The ICC incident was a paradigm change moment for the civil service and political apparatus of the EU. It will take time, but you will see progressive change. People have realised the problem and decided mitigating it was now strategically mandatory.
0
0
0
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Apr 09, 2026
@linuxiac hmm actually, as a french, I am not sure this say that all ministers will move to Linux. It can be interpreted as only saying that the DINUM own workstations will move to Linux. This is a far smaller park, mostly of people already working on the IT stuff itself
9
2
2
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Mar 30, 2026
@brian_greenberg yes? Welcome to Compliance?

I mean, you really believe it was useful? Go ask most Software Engineers or Safety Specialists... we could have told you so. There is unending research on this. Most Compliance stuff does not work that well.

Note that I am not saying we should not regulate. But yeah. Welcome to reality I guess.
1
0
0
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Mar 29, 2026
@hazelweakly funnily enough i usually use a Canadian Multilingual ISO one. Because all the accents in french are a pita in the US layout
0
0
0
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Feb 11, 2026
@pheonix nothing can be safe. It is computing. That ship has sailed a loooooong time ago
1
0
0
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Nov 24, 2025
@slightlyoff @fugueish so what you are saying is that i can embed doom in a hidden npm package that i make react depend on and noone will realise?

;)
0
0
0
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Jan 04, 2023
@chrisjhorn I know and my answer is that it is so unrealistic that they do not expect it to ever be enforced.
0
0
0
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Jan 03, 2023
@shelldozer @juandesant @foosel Or when the code in the build process uses a timestamp. Bam it is impossible to reproduce. This is a classic problem btw.
2
0
1
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Jan 03, 2023
@chrisjhorn You would have to rewrite OpenSSH, OpenSSL, a huge part of the linux kernel, and drivers for a bunch of stuff, then on top of that you would have to do it for all the programming languages.... and that is just the start.
0
2
0
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Jan 03, 2023
@chrisjhorn I think you totally misunderstand what I am saying. The only way to comply is to rewrite 30 years of digital infrastructure. This would take decades if done in an organised fashion but a big company. And cost more than what Google get. This is financially not doable.
0
4
0
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Jan 01, 2023
@chrisjhorn I would put it the other way. If the regulator go for it, no vendor can ever be compliant. Ever. You cannot go without FOSS and you cannot get FOSS to the level demanded. At all. So why bother engaging for something that will never be applied.
0
2
0
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Jan 01, 2023
@juandesant @foosel Note that it would not solve making the build reproducible (which usually needs a deep change in the code) or signing the commits.
0
2
0
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Jan 01, 2023
@webology I mean there is a legit need. But from my pov, this is a classic "human error" analysis. We found the root cause! What do you mean maybe there is no root cause, but a context that makes the decision the right one to take?

Well even if it is the case, there is nothing we can do about it. So we will do what we can. Let's blame the maintainers.
1
0
0
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Jan 01, 2023
@chrisjhorn I will dive in more depth, but following a quick look, I think the reason no one talked about it is because it is... basically impossible to apply. None of that stuff realistically understands the FOSS infrastructure that supports everything at this point.
0
2
0
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Jan 01, 2023
@juandesant @foosel I would agree, but note that here I am not talking about this, I am talking of the push to "make secure" the supply chain, by asking the maintainers to use 2FA, make their build reproducible, etc. Some of this come not from the users but straight from government
1
2
0
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Jan 01, 2023
@chainq The problem now is that this is used as a vector for cyber attacks and now everyone demands a lot of us.
1
0
0
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Jan 01, 2023
@chainq I understand this point of view, but quite simply, as the person on the other side, it is not the reality we deal with. If the corporations wanted to pay, it would be far far easier. But as an example, on the erlang ecosystem foundation side, we can barely scrape a budget to pay for a couple of 2 months projects per year.

And I am all ok with these startups, it pays people working on this stuff.
0
2
0
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Jan 01, 2023
@alexinshandon @kushal Usually it is associated with how much time has been sunk into it. Funding and size both help ofc.

In practice, this is more due to people that do it liking doing this work than anything else, or because there is a lot of funding and demands. I advise to read the Road and Bridges report that i linked in the post near the end :)
0
0
0
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Jan 01, 2023
@joeldebruijn @abergmeier I am more than ready to offer "SASS with a SPA and a DPA" I even have a structure built for it for my stuff. But uh. All of this has a cost and so far no one wants to pay it.

I wonder why... oh no, i know.
0
0
0
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Jan 01, 2023
@dirkriehle Except nope, most packagers are not different but also the packagers are not the ones targeted by the Supply Chain people these days. The packager is not the one that has to sign their commits as an example or make sure the library can be built reproducibly.
1
0
0
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Jan 01, 2023
@boud @forgefed @khinsen @civodul There are indeed multiple initiatives. You can also add https://sovereigntechfund.de/
3
0
3
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Jan 01, 2023
@tfheen I mean, that is fair, you have that option open. In my case, I am pretty happy to get paid to do something I appreciate and that would beneficially impact far more people than what I do for a job rn. But I totally get that not everyone is in my position.
1
0
0
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Jan 01, 2023
@hook Put otherwise... We are using the same definition for "supply chain incidents" that we use with "operational incidents" like the website crashing. Aka "the system can only go wrong if humans that code it did it wrong". At no point do we wonder "what circumstances made them take that decision".

Which ofc tie it back to #LFI and #Safety-II but these are still pretty niche stuff in software. happy to talk more about them though
0
0
0
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Jan 01, 2023
@hook I mean I would say it did not become misinterpreted. It's just that... it was never interpreted at all. Licenses moved to be more permissive so that you can't really not respect them.

And then the "supply chain" problem came back through infosec, not through maintenance and sustainability. Supply chain these days means finding who is responsible, not realizing you depend on them.

The infosec crowd never seem to have realised this is an ecosystem problem, not a "bug" problem.
2
2
0
0
Open post
In reply to
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Jan 01, 2023
@pnathan I highly doubt it. I think we will see or a massive movement in government to tax businesses to fund digital infrastructure... or the requirements and demands will just not bubble up at all.
4
0
1
0
Open post
Di4na
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
Thomas Depierre
Thomas Depierre
@Di4na@hachyderm.io

SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com

hachyderm.io
@Di4na@hachyderm.io · Dec 31, 2022
As a maintainer of OpenSource libraries and packages, there is something that kept feeling off in the whole Software Supply Chain discourse. I think this comes down to something simple.

I am not a Supplier.
You can read more explanation there https://www.softwaremaxims.com/blog/not-a-supplier

#opensource
Musings about software

I am not a supplier

For the past few years, we have seen a lot of discussions around the concept of the Software Supply Chain. These discussions started around the time of LeftPad and escalated with multiple incidents in

455
16
487
0
313k7r1n3

Company

  • About
  • Contact
  • FAQ

Legal

  • Terms of Service
  • Privacy Policy
  • VPN Policy

Email Settings

IMAP: mail.elektrine.com:993

POP3: mail.elektrine.com:995

SMTP: mail.elektrine.com:587

IMAP/POP3 use TLS. SMTP uses STARTTLS.

Support

  • support@elektrine.com
  • Report Security Issue

Connect

Tor Hidden Service

khav7sdajxu6om3arvglevskg2vwuy7luyjcwfwg6xnkd7qtskr2vhad.onion
© 2026 Elektrine. All rights reserved. • Server: 14:37:09 UTC