Back when https://slsa.dev/ was after that infamous solarwinds supply chain attack, they created a 4-level draft ( https://slsa.dev/spec/v0.1/lev... ). However, after SUSE stated, that they were able to fulfill level 4 with Open Build Service (see https://documentation.suse.com...), that level was removed before the first release was done.

It seems, that the parties involved were unable to fulfill that level and rather removed it than having to admit that they are not up to date with their processes.

Note, that Open Build Service actually allows to build container images. There is one caveat though, the SUSE people supported the two-person review and hermetic, reproducible build process since a long time, the only thing they had to add was the attestation, and obviously that was quickly done. Current Dockerfiles and other Image generators however need online access - be it for stupid little programs like gosu, or maybe, because the build requires to check some git release. This cannot work with a hermetic build, and it is definitly not reproducable. This means, that in order to create container images with OBS, you typically have to rewrite the Dockerfile in a way, that makes it independent from Internet, and you also have to provide all needed artifacts within OBS upfront.

After having done that task, you get quite some benefits in turn: Your container images are rebuilt whenever needed (OBS knows every artifact that is used, and when one is updated, it rebuilds the container image). You get automatic attestation and full SBOM. You also automatically have gpg-signed images. You can even create your own base image if you like -- and you can use basically every major distribution to create your container images, all of this fully automated and on your private instance of OBS (which is GPL) if you like.

So, what is the right people to target? It is those, who provide the Software and the Dockerfiles. If they require network access for building, any security is compromised upfront. Unfortunately, this is standard today, although a bad one.

This hits all software industry all alike. The important part to mention is: It hits all software industry. The free software movement is not affected, those who follow the free software mindset just work on what they need as before. It is also not about sharing of code that one created, it is just about the business model of software industry that is hit.

If you realize, that for traditional software industry, it is a little programming, then huge marketing, and after that endless cash in, that model will fail in not too far future.

Looking how software actually should work, you quickly learn, that Open Source software -- just like vibe coded software -- must be reviewed before serious use. That would also be needed with commercial software, but no independent review is possible there. Open Source (as in OSI and complementary to free software) is much better prepared to perform this service, and service is exactly what people will pay for in the long run.

There is another consequence for the future: Today, we are in the comfortable situation that there are many excellent programmers out there who can perform reviews. With vibe coding this will change over time. I would expect that the conventional programmers will be replaced by AI. Some will do the review part, however after those retire, Software Industry will have a hard time to find staff that really can do reviews, since you gain experience only by performing the task.

Linus Torvalds may not have written much code, but there are not many people who reviewed as much code as he did. And typically, he really can point to issues in the code. You might also not be aware, that Linus Torvalds is the original author of git -- something he wrote in 10 days and thought it would not last.

I guess there is not many people with that much impact on todays software industry like Linus Torvalds. When he reviews some code and tells that it is ok, it probably really is good. Else he simply would dump that tool.

I don't have access to opus, however I am using Sonnet since a while. What I find is, that you really have to take care what AI does. I had an issue, where claude fixed 'A', and broke 'B' thereby. After that, it noticed that 'B' was broken, fixed it, and broke 'A' by doing so. And this went on for several iterations (not even as complex as a three step circle...).

I also had occasions, when I had to tell claude, that something was already solved at some other place in the code, and it should reuse that. Sometimes, I have to tell this multiple times before the AI accepts that there is no new code needed.

Still, I find the tool really handy to get into a subject quickly. The main work changes to doing a) Designs, b) Reviews, c) Testing. Unlike other people, I always found the code easily readable and well documented. Therefore, after having done the Design, and knowing what should happen, the review is not too hard. Testing is a different story, but testing should take half of the time a project needs anyways (according to the mythical man month, which I consider still valid).

Putin takes Ukraine

Trump takes Venezuela

Xi Jinping will take Taiwan

all of them congratulate themselfs for being the biggest Bullies on earth, and the Population has no say on it, or in case of USA actively supports that. There is merely ruins of a free world, mainly found in parts of Europa and Australia/New Zealand

Thanks. You are the first to recognize the main issue with this discussion. I really like to go with "Mythical Man Month" of Fred Brooks (can be found in google books library) that states for a project: 1/3 is Design, 1/6 is Coding, the rest is QA. Now, while AI can help with each of these topics, it will not do so by its own. If you do not exactly know what to ask, and if your requests are not small enough, you will be bust.

Still, people like to concentrate on coding -- probably because software matures at the customer. That way, AI will give customers a hard time.

naah Trump only pours Money into his own pockets.

Sounds a little like Akashic records were the real thing.

At the time when IBM started to embrace Open Source Software, they had a major issue with the Copyleft principle. The fear was, that any GPL Code that gets into their proprietary code would make their private code base a derived work and thus object to the GPL license.

The answer of IBM at the time was to separate between developers that work with Open Source Software from those who work on proprietary code, to prevent Open Source getting into the proprietary Code Base.

Now, with AI having widespread access to GPL and Open Source Code, companies should be aware, that they might get into legal trouble if they use AI to create code that is added to their proprietary code base. If companies want to stay compliant, they probably have to have AI models that were not trained with Open Source Code.

Add acceleration sensors to the equation, they are really precise today. Those things can navigate for a certain range without any satellite signal. The other thing that cars sometimes do, is measuring the distance and they also know about the direction the cars go from the steering angle.

Why would you think this is about Russia? This is about anyone who flys drones close to Airports without explicit permission. And yes, anyone doing that is by definition a bad actor.

I am wondering, if an AI would do a better job than Nadella. People often talk about replacing engineers, however, AI would likely be much better suited to replace CxO jobs.

I can do that with my 1989 HP48SX . For arbitrary precision I have to use an additional library though.

Thanks for your answer, its an answer I heard too often to complain about you.

Just note, that it is exactly this adiabatic lapse that confused me 30 years ago, and after investigating, I found no reasonable explanation in current science. In fact I found relevant issues in Boltzmanns "Vorlesungen über Gastheorie", and I found people who experimentally showed that this law is not universable applicable. I am aware of the term "alternative truth", but in that case, I would just say that it is the second law, that science handles like a religion of galileos times.

Thats what I am questioning. In fact I have written a short article because to explain the situation that can be found at https://azouhr.github.io/2ndla... .

Basically, whenever a particle is flying down (randomly) it increases speed and becomes warmer, and when rising, the speed is reduced and it becomes colder. This is exactly what you see in Atmospheres, where external radiation is not too high to change the behavior.

I would be more than happy if you were able to show me the error in that thoughts, however I also learned in the meantime, that Joseph Loschmid found the behavior in 1875 (yes, that is 19th century) and was at least partially confirmed by Maxwell. Since 150 years, science has not been able to find an error in what Loschmid postulated. Therefore even thought I came to the same conclusion, I am by far not the first person to find this.