>A pleasant dose of humanity in decidedly inhuman times.
As opposed to when?
Do tell.
I see this crap so much online. You just want an excuse to give up and be a victim. I hear it online and irl. You young people are broken, broken yet you have everything.
How old are you, and where do you live?
Life is better now than ever. I in Sweden can buy everything, access everything, and I own my apartment. Problem?
As opposed to what?
WW1? WW2? Vietnam war and corrupt nixon? The cold war when Russians accidentally invaded Sweden? Nuclear bomb fear? the 90s debt crisis? 90s balkan war? And refugee crisis? 9/11 and all that? 2015 refugee crisis?
When?
What do you compare to?
The truth is, life is getting better. All the time. We had 10% unemployment in 2016 and even worse in 2008 when I graduated. Grow up.
Atlas shrugged, but only for a month. I kid, it's well deserved. I do worry about their contract work loophole - if people disclose vulnerabilities publicly, their clients may pressure them to ship a fix anyway.
I can only applause this decision. Maintainers of FOSS project are constantly overwhelmed with close to 0 reward and with LLMs now the management of merge requests exploded even further.
The fact that they actually keep providing support to paying users is enough.
For the people here who want to do the same when they are vacation (be completely detached from work): Make it impossible for you to work! Leave your work devices behind! Log out of all accounts, remove 2FA keys after backing them up on paper and tell your partner to not give them back to you for the duration of your vacation, etc. I actually went to a country from which I wasn't allowed to work remotely. Crazy but it was that bad for me.
This is one of the reasons I work in an office every single day. I leave my work laptop there. I don't have any work software on any of my personal devices, including my phone. If I had the ability to check in on work things while out of the office, I probably would, so I make it impossible.
Or maybe don’t have devices doing double duty such that 2FA and work devices can be partitioned out from any incidental personal use. That way, even if you have one half of it, you still don’t have enough to attempt work.
Lock-out vacations were one of my favorite things about being at a bank. Auditors cared about the ability for employees to keep a thumb on the scale, so it was a policy requirement that all workers with a certain amount of access needed to take an uninterrupted vacation of N days, with login ability disabled.
Fantastic tool for shaking out hidden bus factors.
as much as I feel for the maintainers here, this sort of (again) puts the spotlight on our collective dependence on a handful of individuals basically working for free _with no backup_.
Most normal organizations stagger vacations to avoid these things. Most normal organizations _have_ to do this, because their customers require it. Here, we're all customers of curl, but not really. It's a weird, IMO unhealthy, twilight zone that isn't good for anybody.
And it surprises - and saddens - me that not even friggin curl has the financial muscles to have somebody on-call for one month...
Wonder if this means just publishing vulnerablities without contact with curl team would be responsible (you have no other path to tell vulnerable users)
For anyone who thinks this might matter for security:
* curl is mature enough that the chance of an impactful bug is basically zero
* if there is such a bug, I'm sure someone will figure out how to get in touch with Daniel and co
* if there is such a bug, it's more important that it gets patched in package managers and rolled out. Upstream releases can wait.
The headline buried the lede -- this is a way to get some summer vacation (niiice) AND encourage enterprise support contracts, which will still have availability. I don't think I've heard of this particular open source / support / summer vacation business model before but I like it!
SGTM, if I am worried about a curl exploit, I will type details into Zoo Code prompt and it will disappear in about 30 seconds and then I can upload a PR for others concerned. Enjoy your vacation and I will enjoy security for a lot cheaper than an enterprise contract!
They aren't. If you ignore vulnerability report from an entity without a support contract, the vulnerability doesn't disappear just because the entities with support contracts are not aware of it
Here's your reminder that 20-30 days paid vacation plus unlimited sick days (3+ days needs a doctor's note) is normal in Europe (e.g. Germany).
If you get sick during vacation, you get those vacation days "refunded" back. If you suddenly are called in to work, somehow, during vacation, that time cannot be vacation time.
You can't (generally) be fired without a notice period, resulting in job security to such a degree that ~6k in an emergency fund is plenty to be VERY secure, as you also get unemployment support otherwise anyway. Does this result in incompetent people not getting fired? No. You still fire them, you just have to deal with them another month after that. It's not a big price to pay.
How is this all possible? Who subsidizes it? We all simply pay some % of our income to support this system. That's it. A couple percent, a couple bucks, and we get to basically never worry about starving or becoming homeless.
You can have this, too, if you vote and protest and use democracy to make life better, not worse, for everyone.
46 comments
[ 2.5 ms ] story [ 48.9 ms ] thread> Probably not. But we will.
A pleasant dose of humanity in decidedly inhuman times.
As opposed to when?
Do tell.
I see this crap so much online. You just want an excuse to give up and be a victim. I hear it online and irl. You young people are broken, broken yet you have everything.
How old are you, and where do you live?
Life is better now than ever. I in Sweden can buy everything, access everything, and I own my apartment. Problem?
As opposed to what?
WW1? WW2? Vietnam war and corrupt nixon? The cold war when Russians accidentally invaded Sweden? Nuclear bomb fear? the 90s debt crisis? 90s balkan war? And refugee crisis? 9/11 and all that? 2015 refugee crisis?
When?
What do you compare to?
The truth is, life is getting better. All the time. We had 10% unemployment in 2016 and even worse in 2008 when I graduated. Grow up.
Signed: Former workaholic.
Fantastic tool for shaking out hidden bus factors.
Wonder if this means just publishing vulnerablities without contact with curl team would be responsible (you have no other path to tell vulnerable users)
* curl is mature enough that the chance of an impactful bug is basically zero * if there is such a bug, I'm sure someone will figure out how to get in touch with Daniel and co * if there is such a bug, it's more important that it gets patched in package managers and rolled out. Upstream releases can wait.
They aren't. If you ignore vulnerability report from an entity without a support contract, the vulnerability doesn't disappear just because the entities with support contracts are not aware of it
I thought this was due to AI slop spam before I read the blog entry.
If you get sick during vacation, you get those vacation days "refunded" back. If you suddenly are called in to work, somehow, during vacation, that time cannot be vacation time.
You can't (generally) be fired without a notice period, resulting in job security to such a degree that ~6k in an emergency fund is plenty to be VERY secure, as you also get unemployment support otherwise anyway. Does this result in incompetent people not getting fired? No. You still fire them, you just have to deal with them another month after that. It's not a big price to pay.
How is this all possible? Who subsidizes it? We all simply pay some % of our income to support this system. That's it. A couple percent, a couple bucks, and we get to basically never worry about starving or becoming homeless.
You can have this, too, if you vote and protest and use democracy to make life better, not worse, for everyone.
This is Exceptional. Perfect EuroMaxxing