I think it's the very fact that you can(and probably should; at least to some degree) do more or less exactly that is what makes this report seem so hysterical.

It's not like it's false that some Yandex software dude will probably cooperate if the FSB tap him on the shoulder and suggest that it's exciting and mandatory; while John Smith, corn-fed American patriot, is at least going to require some sweet-talking; but if you are just blindly grabbing 'package that some dude put on NPM' your problems are far deeper, and much less exciting, than nation-state sabotage. Even when doing their absolute best; programmers make mistakes all the time; so if the project is basically one dude who maybe debugs his own code if it's too broken you have basically no reason to suspect that innocent vulnerabilities are getting caught; along with the risks posed by the relatively frequent compromises of dev credentials on the various repositories, and the risk that you'll be left unsupported if the random guy gets hit by a bus or finds a new hobby and just walks away.

It's fun to pretend that tedious, labor-intensive, problems don't exist by focusing on sexy threats instead; so I'm not surprised that a 'security' vendor would be working this angle; but, fundamentally, if you are just grabbing random garbage off a repository every time one of your junior devs even thinks too hard about docker you are doing it wrong.

It also seems a bit silly because, if your real problem is nation state adversaries rather than nobody actually looking because it seems like it works and why try harder it would likely be relatively trivial for the trojan horse project to add 'legitimacy'. You want multiple maintainers because we can't trust Sinister Yuri to police himself? Ok, it doesn't take a terribly impressive intelligence agency to conjure up a few additional contributors who make changes to the project from North American or western European IPs and time zones and have a thin but plausible trail of assorted tidbits that suggest that they are consultants or employees of random little companies in friendly nations. You call that a security check?

"Request a demo of Entercept, the first and only platform designed to identify and track foreign influence in your software."

I do love a good disinterested vendor writeup...

I believe I'm correct in saying...

Only 65% to go! before actual-productivity is maximised. Let's pause on the preemptive celebrations.

I don't see why being from the UK should mean that we're subject to the whims of these people who have decided they're in charge simply because they have a monopoly on tools of coercive force.

UK citizens have as much influence over the rules the UK establishment try to use to coerce us as US citizens - zero.

I took your advice and now I'm on fire.

You're quite right to challenge me on the accuracy of my prior statements. I applaud you for your attention to detail.

"As a whole, the open source community should be paying more attention to this risk and mitigating it."

So, if I'm understanding this right, the solution is for more people to work for free so I can just blindly grab whatever; not for the people already getting their software for nothing to care even slightly about their dependencies?

Real question: What would be the point of that? Even hoarded gold would have no value if nobody but a select group of people could do anything with it.

Obviously the originalist interpretation of freedom of speech is "so long as congressional republicans claim it's 'neutral'". Very subtle constitutional law, that.

The story includes pigs and brain death. It's only natural to be reminded of Trump.

That's awesome - he should get together with Scott Adams.

The key is to ensure that the day is filled with back-to-back foosball and street fighter tournaments, rides on the transparent slide (which goes out-of then back-into the building), always sit in a beanbag petting your dog (especially on client calls) whilst having a pedicure and four-hands massage and of course swim like a caffeinated fish in bespoke lattes - then the jargon becomes the least of your problems :-)

Problem minification FTW biatches!

It won't be fine at all. Middle East and many other things countries in Africa are unable to feed themselves. There were huge problems with wheat supply there when Russia started the invasion of Ukraine. It would be several orders of magnitude worse if the EU, for example, goes under.

I think there are (at least) two different distinctions at work; rather than a direct opposition between 'buzzwords' and 'jargon' at the level you describe.

Both are jargons for the purposes of being nonstandard or very locally standardized usages within a particular group; but when people say 'buzzwords' there's a specific pejorative implication, while 'jargon' is usually implied to be legitimate and useful at least within its subject area.

Obviously legitimacy claims, rather than linguistic ones, make the boundary a bit fuzzy; but there are some tells. A jargon term(in the positive/legitimate sense) tends to go places: if someone doing analog signal processing says 'bandwidth' it may confuse ribbon enthusiasts; but it touches on a whole bunch of related concepts: bands have widths and 'wideband' and 'narrowband' are what they sound like they would be; bandpass and bandgap filters do frequency dependent attenuation in ways that either allow a particular band through or heavily attenuate a particular band. When a project manager says 'bandwidth' they mostly just mean ability to do work, with a slight extension available to say you are too busy if you don't want to say you are too busy "I don't have the bandwidth/the team doesn't have the bandwidth". If you try to extend the concept; by, say, combining the 'bandwidth' of two people you end up with The Mythical Man-Month rather than the link aggregation or NIC teaming that you'd get if you told the networking guy that you needed to eliminate a bottleneck. That's what really marks the example phrase as 'buzzword'. You've got a metaphor drawn from baseball that barely even makes sense in the context of the sport(people only 'touch base' if the timings on opposing teams are particularly tight); then 'offline' is at least meaningful in the context that it is drawn from; but actually kind of confusing in context(are you taking it offline because it doesn't need to be handled synchronously or by everyone in the meeting? Because you don't want it on the record? Because it doesn't require drawing on the connected resources it would have if it were online?), then you've got 'align', which is vague at best misleading at worst(is 'aligning your bandwidth' working on the same things, specifically avoiding overlap? some of both?).

That's really, beyond more or less subjective judgements that engineering and science are more respectable than suit stuff, what makes 'buzzwords' feel slimy. Unlike 'jargon', which can be obscure to the layman but tends to have lots of internal connections that are consistent and enlightening; 'buzzwords' tend to be a lot of relatively surface-level borrowings that lack internal implications and which range from merely not-illuminating to actively obfuscating.

Linguistically both are jargons in the sense of being specialized local vocabularies; but 'buzzword' tends to imply little or no useful internal consistency; more or less ad-hoc borrowing of shiny-sounding words from random places; while 'jargons' in the 'respectable' sense are quite often cryptic on the surface; but have relatively massive bodies of internal consistency within the jargon. "Touch base" is practically plain english compared to what a mathematician or a physicist means when they say "field" vs. what a farmer or someone with a lawn in the suburbs means; but it's also shallow: there's nothing illuminating about the implied analogy to baseball, there aren't any additional things to be inferred from the idea that the people touching base are members of opposing teams trying to reach the base first(indeed, that's probably actively misleading); while 'field' as the set with specific operators defined is a little esoteric; but there are large areas of math that use, and in some cases flow from, that definition.

If the western civilisation collapses, it will take the rest of the world with it, simply because losing a gigantic chunk of the world's economy, tech source and food supply will have disastrous consequences.