@gregprice @crazyeddie @kevinrns@mstdn.social @linuxiac I am in irregular discussions with people working with or around the EUC on their goals of FOSS sustainability. And also around finance from work.
The ICC incident was a paradigm change moment for the civil service and political apparatus of the EU. It will take time, but you will see progressive change. People have realised the problem and decided mitigating it was now strategically mandatory.
Thomas Depierre
@Di4na@hachyderm.io
mastodon
4.5.9
SRE. Elixir Dev. Learner in Resiliency. French.
All Opinions are my own. And i have a lot.
Co-Founder and President Haruspex.dev
dom. He/him.
Blog: Softwaremaxims.com
0
Followers
0
Following
Joined December 18, 2022
Posts
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Apr 11, 2026
0
0
0
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Apr 09, 2026
@linuxiac hmm actually, as a french, I am not sure this say that all ministers will move to Linux. It can be interpreted as only saying that the DINUM own workstations will move to Linux. This is a far smaller park, mostly of people already working on the IT stuff itself
9
2
2
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Mar 30, 2026
@brian_greenberg yes? Welcome to Compliance?
I mean, you really believe it was useful? Go ask most Software Engineers or Safety Specialists... we could have told you so. There is unending research on this. Most Compliance stuff does not work that well.
Note that I am not saying we should not regulate. But yeah. Welcome to reality I guess.
I mean, you really believe it was useful? Go ask most Software Engineers or Safety Specialists... we could have told you so. There is unending research on this. Most Compliance stuff does not work that well.
Note that I am not saying we should not regulate. But yeah. Welcome to reality I guess.
1
0
0
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Mar 29, 2026
@hazelweakly funnily enough i usually use a Canadian Multilingual ISO one. Because all the accents in french are a pita in the US layout
0
0
0
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Feb 11, 2026
@pheonix nothing can be safe. It is computing. That ship has sailed a loooooong time ago
1
0
0
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Nov 24, 2025
@slightlyoff @fugueish so what you are saying is that i can embed doom in a hidden npm package that i make react depend on and noone will realise?
;)
;)
0
0
0
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Jan 04, 2023
@chrisjhorn I know and my answer is that it is so unrealistic that they do not expect it to ever be enforced.
0
0
0
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Jan 03, 2023
@shelldozer @juandesant @foosel Or when the code in the build process uses a timestamp. Bam it is impossible to reproduce. This is a classic problem btw.
2
0
1
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Jan 03, 2023
@chrisjhorn You would have to rewrite OpenSSH, OpenSSL, a huge part of the linux kernel, and drivers for a bunch of stuff, then on top of that you would have to do it for all the programming languages.... and that is just the start.
0
2
0
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Jan 03, 2023
@chrisjhorn I think you totally misunderstand what I am saying. The only way to comply is to rewrite 30 years of digital infrastructure. This would take decades if done in an organised fashion but a big company. And cost more than what Google get. This is financially not doable.
0
4
0
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Jan 01, 2023
@chrisjhorn I would put it the other way. If the regulator go for it, no vendor can ever be compliant. Ever. You cannot go without FOSS and you cannot get FOSS to the level demanded. At all. So why bother engaging for something that will never be applied.
0
2
0
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Jan 01, 2023
@juandesant @foosel Note that it would not solve making the build reproducible (which usually needs a deep change in the code) or signing the commits.
0
2
0
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Jan 01, 2023
@webology I mean there is a legit need. But from my pov, this is a classic "human error" analysis. We found the root cause! What do you mean maybe there is no root cause, but a context that makes the decision the right one to take?
Well even if it is the case, there is nothing we can do about it. So we will do what we can. Let's blame the maintainers.
Well even if it is the case, there is nothing we can do about it. So we will do what we can. Let's blame the maintainers.
1
0
0
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Jan 01, 2023
@chrisjhorn I will dive in more depth, but following a quick look, I think the reason no one talked about it is because it is... basically impossible to apply. None of that stuff realistically understands the FOSS infrastructure that supports everything at this point.
0
2
0
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Jan 01, 2023
@juandesant @foosel I would agree, but note that here I am not talking about this, I am talking of the push to "make secure" the supply chain, by asking the maintainers to use 2FA, make their build reproducible, etc. Some of this come not from the users but straight from government
1
2
0
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Jan 01, 2023
@chainq The problem now is that this is used as a vector for cyber attacks and now everyone demands a lot of us.
1
0
0
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Jan 01, 2023
@chainq I understand this point of view, but quite simply, as the person on the other side, it is not the reality we deal with. If the corporations wanted to pay, it would be far far easier. But as an example, on the erlang ecosystem foundation side, we can barely scrape a budget to pay for a couple of 2 months projects per year.
And I am all ok with these startups, it pays people working on this stuff.
And I am all ok with these startups, it pays people working on this stuff.
0
2
0
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Jan 01, 2023
@alexinshandon @kushal Usually it is associated with how much time has been sunk into it. Funding and size both help ofc.
In practice, this is more due to people that do it liking doing this work than anything else, or because there is a lot of funding and demands. I advise to read the Road and Bridges report that i linked in the post near the end :)
In practice, this is more due to people that do it liking doing this work than anything else, or because there is a lot of funding and demands. I advise to read the Road and Bridges report that i linked in the post near the end :)
0
0
0
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Jan 01, 2023
@joeldebruijn @abergmeier I am more than ready to offer "SASS with a SPA and a DPA" I even have a structure built for it for my stuff. But uh. All of this has a cost and so far no one wants to pay it.
I wonder why... oh no, i know.
I wonder why... oh no, i know.
0
0
0
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Jan 01, 2023
@dirkriehle Except nope, most packagers are not different but also the packagers are not the ones targeted by the Supply Chain people these days. The packager is not the one that has to sign their commits as an example or make sure the library can be built reproducibly.
1
0
0
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Jan 01, 2023
@boud @forgefed @khinsen @civodul There are indeed multiple initiatives. You can also add https://sovereigntechfund.de/
3
0
3
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Jan 01, 2023
@tfheen I mean, that is fair, you have that option open. In my case, I am pretty happy to get paid to do something I appreciate and that would beneficially impact far more people than what I do for a job rn. But I totally get that not everyone is in my position.
1
0
0
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Jan 01, 2023
@hook Put otherwise... We are using the same definition for "supply chain incidents" that we use with "operational incidents" like the website crashing. Aka "the system can only go wrong if humans that code it did it wrong". At no point do we wonder "what circumstances made them take that decision".
Which ofc tie it back to #LFI and #Safety-II but these are still pretty niche stuff in software. happy to talk more about them though
Which ofc tie it back to #LFI and #Safety-II but these are still pretty niche stuff in software. happy to talk more about them though
0
0
0
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Jan 01, 2023
@hook I mean I would say it did not become misinterpreted. It's just that... it was never interpreted at all. Licenses moved to be more permissive so that you can't really not respect them.
And then the "supply chain" problem came back through infosec, not through maintenance and sustainability. Supply chain these days means finding who is responsible, not realizing you depend on them.
The infosec crowd never seem to have realised this is an ecosystem problem, not a "bug" problem.
And then the "supply chain" problem came back through infosec, not through maintenance and sustainability. Supply chain these days means finding who is responsible, not realizing you depend on them.
The infosec crowd never seem to have realised this is an ecosystem problem, not a "bug" problem.
2
2
0
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Jan 01, 2023
@pnathan I highly doubt it. I think we will see or a massive movement in government to tax businesses to fund digital infrastructure... or the requirements and demands will just not bubble up at all.
4
0
1
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
Thomas Depierre
@Di4na@hachyderm.io
SRE. Elixir Dev. Learner in Resiliency. French. All Opinions are my own. And i have a lot. Co-Founder and President Haruspex.dev dom. He/him. Blog: Softwaremaxims.com
hachyderm.io
@Di4na@hachyderm.io
·
Dec 31, 2022
As a maintainer of OpenSource libraries and packages, there is something that kept feeling off in the whole Software Supply Chain discourse. I think this comes down to something simple.
I am not a Supplier.
You can read more explanation there https://www.softwaremaxims.com/blog/not-a-supplier
#opensource
I am not a Supplier.
You can read more explanation there https://www.softwaremaxims.com/blog/not-a-supplier
#opensource
455
16
487