• mox@lemmy.sdf.orgOP
    link
    fedilink
    arrow-up
    6
    ·
    3 days ago

    This is one of the more important reasons to minimize dependencies and be very picky about the ones we adopt.

    • Case@lemmynsfw.com
      link
      fedilink
      arrow-up
      2
      ·
      1 day ago

      I don’t disagree. My last job was using winget to update some things. I raised the concept of trusting otherwise unknown updates, but I was pushed aside for the quick utility.

      I’m only a student of cybersecurity, but I harshly judge my former “security expert” on far more than that.

      Like fuck, the help desk has to install every patch, to every machine, through a spreadsheet?

      No, deploy that shit from a server. Fuck.

      In a way, I’m glad I left. In another way, I would really like a pay check again… and I moved to a well, tech illiterate state. Fuck me.

      • mox@lemmy.sdf.orgOP
        link
        fedilink
        arrow-up
        1
        ·
        1 day ago

        My condolences. Unfortunately, people are sometimes designated the in-house expert on a thing just because they seem slightly less ignorant of it than anyone else in the organization. That leaves more than a few people making decisions that impact security and privacy without good understanding or sound judgment in those areas.

        Maybe you should train up and become your state’s new security expert?

    • 3h5Hne7t1K@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      2 days ago

      Absolutely this. It almost seems like a controversial opinion sometimes, but microdependencies is a code smell imo. This could largely be improved by providing a more extended standard lib, at the cost of innovation and velocity maybe. I found this interesting: https://blessed.rs/crates

    • Acters@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      2 days ago

      IDK about you but the company I work for can’t live without npm packages doing almost everything. For example: the is-even package.