Spiro Floropoulos | Algora TV

Shitty software (maybe hardware too) is the shittiest shit we ever shitted

Spiro Floropoulos

Watching now

omnifidus How has the quest for quantization been going?

ghostm4gic Spiro is back

ghostm4gic hope you're doing well

ghostm4gic its worse

omnifidus What are you doing for a week or two?

ghostm4gic i'm so excited

omnifidus We are back from the ads.

omnifidus @ghostm4gic Send me a Whisper so we can chat out of the way.

ghostm4gic i don't know how to do it, twitch is not user friendly...

ghostm4gic probably cause of shitty programmers

omnifidus Click on "omnifidus" and select "Whisper".

ghostm4gic doesn't work

vancluever Hi Spiro!

omnifidus @ghostm4gic Ok. I'm surprised. Be sure you clicked on "omnifidus:" in the chat. If that didn't work, oh well.

ghostm4gic i did it, then it didn't show whispers, then i closed window, opened it again and they were there, then the window showed a message that i have blocked whispers, and now it's clear again... typical software in 2024

omnifidus @ghostm4gic If you send me a quick whisper, I'll send a note back. They are blocked by default so I can't unless you send me a quick note.

omnifidus XSS: The is cross-site scripting. It can represent a security vulnerability, but now that we use SSO (secure socket layer) this is likely not as much of an issue.

omnifidus Oops. SSO is "single sign on". Too many acronyms. :=)

omnifidus Technical debt is defined starting at the point where you implement software. So, new tools will help starting today, if the people are using those tools.

DojoDrummer Our cyber security insurance pays off ransomware. Seems to me that encourages those companies to collude with bad actors.

omnifidus @DojoDrummer That can happen. You can start a company, get a policy, and hire someone to ransomware your company.

DojoDrummer I'm not some paranoid conspiracy theorist, but known policies of this type can be played upon

DojoDrummer The insurance companies could also collude now that I think of it

omnifidus The argument I'm seeing is for better QA.

omnifidus @DojoDrummer @DojoDrummer If they did, that would be price collusion, which is against the law in some countries.

Owencodes hi bro just saying 1am for me going to go sleep soon have a good stream spirod1Hearts

omnifidus Summary: We are being reactive. Explain how we are doing that?

DojoDrummer Tooling is better because if it wasn't we'd be even more screwed

ghostm4gic you really think tooling is better?

vancluever what are we talking about here, source-available rug pulls?

vancluever like that, even

omnifidus @vancluever Spiro is trying to say that we are doing a bad job of writing good software today and it is a general problem.

vancluever @omnifidus Yeah, I've been following for a while. :) I'm more curious about the licensing part, there are a lot of issues here for sure as someone who's been a part of licensing assessments before for dependencies and have cursory knowledge of the license management ecosystems around that, but the update part is an interesting piece to me, with the current trend towards source-available licenses

omnifidus @vancluever The problem of keeping track of software licensing likely costs a lot in time spend by legal people. I'm surprised there is not an open-source project for tracking software licensing.

vancluever @omnifidus There are apps, not necessarily OSS that I know of, but there are platform ones for sure. https://fossa.com/ does license management, as an example.

vancluever That's the one I have cursory experience with.

ghostm4gic Intel is a good example

omnifidus @vancluever The FOSSA SBOM management platform is cool. Thank you for the pointer.

vancluever @omnifidus np!

omnifidus The CISQ report is every two years, so keep an eye out for 2024 soon.

omnifidus CISQ 2022 says 33% of time spent by dev's is technical debt. The first paper said 20% of time was debugging.

ghostm4gic i would say these numbers are too low

OmiKoRn Hi *

OmiKoRn THis sounds like the SouthPark version of I'm sorry apology from BP after the oil spill :D

TravisVroman Aw, I appreciate that my dude. Keep fighting the good fight bro

ghostm4gic if technical debt is growing over years that by default means people are not putting enough time into the debt

TravisVroman @Axolot2705 o/

Axolot2705 focus man focus

Axolot2705 do your thing

Axolot2705 @TravisVroman spirod1Hihi

TravisVroman !quote

omnifidus @ghostm4gic The main reason I'm seeing for additional technical debt that has been exposed during this stream is because of old open-source that has not been retroactively fixed.

vancluever Was this when people were hauling gas in plastic bags?

TravisVroman @vancluever I remember seeing that LUL

vancluever @TravisVroman yeah wild, it was too - "On May 12, the U.S. Consumer Product Safety Commission advised people to "not fill plastic bags with gasoline" or to use any containers not meant for fuel."

TravisVroman If it's software-controlled, it's hackable. Just saying... there are some things that just shouldn't be software-controlled at all IMO, and I say this as a programmer.

TravisVroman @vancluever Yeah, it's such a bad idea, I would never even consider trying that.

omnifidus So far, the TikTok and Facebook issues are the only non-security-cause "bugs".

Axolot2705 heated stream today ha

omnifidus The cases that normal people care about are the non-security ones.

TravisVroman @SpirodonFL See my comment above regarding stuff being hackable

Axolot2705 Not in the industry but the problems you talk about are horrendous and not talked enough. You have every right to be heated

TravisVroman @Axolot2705 This

TravisVroman The problem is that those of us who care about this stuff are the minority

vancluever This is why we're never going to be considered real engineers peepoSad

TravisVroman "It works bro, good enough"

vancluever (I've said that more than once here LOL)

vancluever (And elsewhere)

omnifidus @vancluever Real engineers are licensed. There is an easy fix.

ghostm4gic licences would be a good first step

omnifidus @ghostm4gic Licenses is what we use for doctors, lawyers, and barbers.

ghostm4gic right

Axolot2705 we got gta in a spiro rant stream before gta6

vancluever @omnifidus well yeah that's the thing, it is a protected term in a lot of places because there's professional standards. Our industry is way too chaotic for that currently, but I know there are efforts? I think ACM keeps trying to do something or was it another association?

TravisVroman The rearview mirror on the Cybertruck is a friggin camera hooked to a screen. So if either dies, you have no way to look behind you. What the hell is wrong with a mirror?

vancluever @vancluever We were chatting about it here a couple of weeks ago.

Axolot2705 @TravisVroman Lol I remember seeing that I was flabbergasted

omnifidus @vancluever It is the IEEE. I was on the committee. The cybertruck issue is because of the fact that in a truck the view might be blocked. It should have a regular mirror as a backup.

TravisVroman @Axolot2705 Like those headlights Lexus came out with a while ago that angle themselves as you drive around turns. What happens when that breaks in the left/right position?

vancluever @omnifidus oh dang man, nice

vancluever @vancluever I'd love to see some level of professional credentials/accountability come to the industry. I'm getting on the older side but I would work towards a ticket, hah

Axolot2705 @omnifidus this man this, every new technology like this can be at best a cool add-on not a alternative

TravisVroman @omnifidus But most pickups can have the view blocked when loaded. They still have a mirror. So yeah, it should absolutely have a mirror. The camera should be extra

Axolot2705 @TravisVroman You just die I guess lol

TravisVroman @Axolot2705 Or, more accurately, the person behind you does LUL

Axolot2705 @TravisVroman lol

TravisVroman Bro++

Axolot2705 Oh shit turkey mentioned

TravisVroman We need a bro counter

ghostm4gic just 80 million user of git?

Axolot2705 I am gonna put this stream on my gym playlist spyro is hyping me up on things I don't even f*cking understand

TravisVroman LUL

vancluever (Cue Dark Souls Asylum Demon theme)

s9tpepper_ just walked in, streamer already told me to get fooked ... NotLikeThis

TravisVroman @s9tpepper_ LOL Standard Spiro

TravisVroman Bro++

Axolot2705 @s9tpepper_ LOL standard spiro stream experience

s9tpepper_ @Axolot2705 @TravisVroman yep... checks out.

TravisVroman @s9tpepper_ LUL

ghostm4gic amazing

TravisVroman Bro += 3

TravisVroman Sounds like skill issues

TravisVroman LUL

TravisVroman I'm surprised it's not higher than 15

Lopta Hard-coded credentials is a Cisco specialty.

omnifidus The #1 issue I have seen for leaving these obvious issues in place is having the end of project timeline decided by upper management instead of the engineering team.

TravisVroman That's 69 e's, @SpirodonFL

ghostm4gic and funny that unemployed devs now can move to cybercrime increasing it further

Axolot2705 Oh my god my eyes

TravisVroman "Climate change * the bible"

TravisVroman lol

s9tpepper_ out of curiosity I wonder how much of this cybercrime are state actors ... like N.K. that just stole a few billion in crypto a week or two ago

vancluever Wait tho... undiscovered, or *undisclosed*?

vancluever What I mean are 0days are a thing.

vancluever *is

vancluever Yeah for sure. The happy path would have been someone using log4j in a critical path would have done a security audit on their system a long time before log4shell and discovered/reported it.

omnifidus Critical infrastructure: electrical grid, drinking water distribution, roads, rails, etc.

ghostm4gic 200-300 third party components on average, wow

ghostm4gic would be nice to see this number over years

vancluever As an unemployed OSS maintainer, reeeeeee

omnifidus @vancluever It is highly like that someone did, found the problem, and did not fix it upstream so other people would know.

vancluever @omnifidus I didn't want to say it, but yeah ;)

vancluever @vancluever that's what I was getting at in my original comment, really

omnifidus @vancluever We (software people/engineers) need to start saying the embarrassing things.

navajo_renegade its higher

omnifidus Of course it is not better. Everything is more complex so it does not get better. The one thing that helps is people hiring large companies to do their software. That generally improves things.

ghostm4gic isArray

ghostm4gic my god

vancluever wait, were there vulns in font awesome?

ghostm4gic so not only they all were using isArray dependency, they managed to be lucky enough to get a vunerability with it :D

omnifidus I don't think anybody is surprised to see a database on top.

omnifidus Remember, "isArray()" is part of Java (oracle).

Axolot2705 ma man is just sipping coffee while watching the world burn

phrackery Are you getting a cert?

TravisVroman @Axolot2705 As one does. Specifically this chad.

SpirodonFL TravisVroman is here to kick back and relax! Leave them alone…

TravisVroman !lurk

Axolot2705 @TravisVroman my guy was dressed up as deadpool 2 weeks ago. Now this. He is on his element

omnifidus If the Tech. Debt is 20-40% and bugs only require 20% extra work, this does not make sense. It means that known issues are being ignored.

ghostm4gic exactly omni

undg111 ough .....

undg111 honey for my eyes

undg111 and ears

ghostm4gic and its assuming CIO says the truth and do not underestimate their debt, hightly unlikely

undg111 ill not demonised it as you do dough.

undg111 its a bit more to it than blablablabla

undg111 bla

undg111 blabla

Axolot2705 gonna lurk until I sleep have a good one you angry sleep deprived unhinged gremlin. axolot42DumbBabySpiro axolot42DumbBabySpiro axolot42DumbBabySpiro

omnifidus Quite a few frameworks for ATD (assessing tech. debt) is nice, but someone has to use them.

omnifidus We ARE focusing on the right stuff. We need to redirect just a little bit.

omnifidus ...or, as you just pointed out, we need to not ignore the problems we already know are (or a likely to be) there.

FsB Gaming security seem too broad and ambigu even on owasp

omnifidus What is the URL for this one?

ghostm4gic i'm not surprised at all

SpirodonFL https://wifitalents.com/statistic/software-project-failure/

omnifidus As a reminder, IBM has a LOT of experience in developing SW and HW. Their Z-machines had 99.9% uptime. That's a single system, which means it almost never goes down. Virtually everything else we do is an attempt to save money by using less expensive (and often less well-designed) systems.

ghostm4gic nobody even talks to users

ghostm4gic ceo gets a report and nobody else can see that

omnifidus You will have a hard time getting some of the reports (like PEW). You can certainly ask for them.

omnifidus What are the "People Manager" numbers--> click on that to change the bar graphs, please.

omnifidus Top graph?

SpirodonFL https://survey.stackoverflow.co/2024/professional-developers#developer-experience-professional-question-pm

omnifidus Ok. That kinda suggests what management thinks. It is similar.

omnifidus I have a couple of important points if you have a minute.

omnifidus A couple of the issues were easy to understand for non technical people.

omnifidus For instance, the TikTok follower count.

omnifidus When you present this, try to focus on things like that.

omnifidus They are easy to understand.

fajar bun thx m8. gl

omnifidus Then, you can start to point out that the other problems are not so obvious, but are "similar".

omnifidus This brings a larger audience on board.

Moldy Apple your mom says no matter how shitty the software you make is, you are still her pudding pop

omnifidus All the dev's know about this. It is similar to the "change the oil in the car today" or "buy a new car tomorrow problem.

omnifidus That was the second one.

omnifidus Keep it aimed at your mother's understanding.

omnifidus This is like a New york Times article. Everyone has heard this before. the TikTok (and Facebook) problems were very damning about poor QA and tech debt.

TravisVroman Good stream, my dude

omnifidus cmgriffing.

omnifidus Nice work.

ghostm4gic oh no, not this guy

omnifidus Nice work with the research, Spiro.

vancluever Nite Spiro! See you soon!

TravisVroman Have a good one