@bob_zim @deliverator excellent points all around. Regarding rigor, something that absolutely needs to enter the public discussion sphere is confidence metrics for probabilistic software (i.e. any machine learning algorithm ever, especially computer vison). Any probabilistic algorithm being marketed without a probability disclosure is wildly irresponsible and should be publicly shamed. I’d go as far as saying probability disclosures ought to be legally mandated, as well as disclosure of the dataset used to produce that measurement.
While software doesn’t decay in the literal sense, it does decay metaphorically. Vulnerabilities are found and need to be patched. Dependencies become deprecated or unmaintained.We run out of seconds since 1 January 1970 countable by a signed 32 bit integer. The left pad incident was a wake-up call for dependency maintenance. I’m vaguely aware of some frameworks for assessing the risk added to your project by a dependency, but I’ve never heard of a dependency being excluded from a project because of its risk. In that sense, we’re still in the fuck around and find out stage of software development. I hope we can change that soon.
TheMagicalC
@cwg1231@defcon.social
Amateur radio and physical security enjoyer, computer hater and programmer. Born onto the front lines of the fight for accessibility in education. Musician, maker, and artist. Tea and coffee lover, nuclear professional. Trans rights are human rights. Over 18.
defcon.social
TheMagicalC
@cwg1231@defcon.social
Amateur radio and physical security enjoyer, computer hater and programmer. Born onto the front lines of the fight for accessibility in education. Musician, maker, and artist. Tea and coffee lover, nuclear professional. Trans rights are human rights. Over 18.
defcon.social
@cwg1231@defcon.social
·
Dec 28, 2025
0
0
0
Loading comments...