A second thought is that open source software rose up in the era when we were trying to build a great interconnected world of business, communications, and more. Now that there is an effort to tear that apart, it isn't at all surprising that open source software can be caught in the crossfire. I think this is the tip of the iceberg and one reason I plan try to focus work on projects which are set up in a way which doesn't enable a single country to say who can or cannot be a part of it.
This is a shot across the bow of pretty much anyone working on the Linux kernel from outside the G7. Living in Southeast Asia, I will certainly be having plenty of conversations as to whether *BSDs are likely to be better bets for countries in the Global South.
The problem is that everyone outside the G7 lives under the constant threat of ever-expanding US sanctions. Successful open source projects will likely find ways to avoid being told who they can or cannot have contribute to them.
Not reusing passwords at all is pretty impractical. If you really want to depend on a single password manager then you have some other issues. Usually I have settled for rotating, compartmentalized password modules which allows me to somewhat rather than fully contain a compromised password. And if your modular password has three slots (term taken from linguistics) then you can compose passwords which reuse parts, are memorizable, and not automatically reusable on other services.
The problem though is that since one has a number of passwords which may be different but closely related, a human may be able to infer a few possible passwords from a few compromised ones. In other words it still dramatically shrinks the key space an attacker might want to try to brute force. Preventing re-use is then a problem for 2fa regimes.
For my part I won't use passwords I cannot memorize and keep memorized in relation to the web site.
People in crisis mode do stupid things. This is why the first thing you should do in a crisis is wait a few seconds. Then calm down and think things through. Evidently they never got this memo.
The comment was US-specific. Similar doctrines are found though in Canadian, British, and continental European (though not so much in Scandinavian systems which often do allow totally one-sided contracts in the idea that promises are binding but with other limiting factors).
The idea in systems which have this rule is that contracts are exchanges of promises and there must be an exchange in order to be valid.
It seems to me that this is what happens when you have nobody in leadership who can do crisis management.
First thing you do in a crisis? Take a few breaths and calm down. Take the pressure off of yourself. Agree to a timeline and start gathering ideas. Brainstorm. Engage in risk assessment. Then decide, act, and re-evaluate.
This is becoming a larger trend and it will hurt open source generally because of the efforts at pushing American culture war issues globally.
I try hard to work with projects which are not Western-centric for this reason or at least which have a commitment to a community which admits of disagreement on issues.
This is an outstanding postmortem of this incident. I really did not expect it from Forbes.
Accidents will happen. One thing that will be important going forward is a proper operational response to the problem and this is likely to become more complicated as time goes on. After all if these have been on the road for 5 years, would it really be necessary then to stop operations?
> After all if these have been on the road for 5 years, would it really be necessary then to stop operations?
I imagine they wouldn't be running the same software for 5 years. Whenever there's an update, the "days without accident" for that particular version is set to zero, so I suppose until you know why the accident happened, it's the right choice to assume that all vehicles running that version might be affected.
