As just one data point here, let me say thank you for all your writing on it; it was super useful to have things to point at to say “we don’t have to just blindly do a thing the auditor suggested!” for our SOC2.
At least concert tickets are somewhat aligned with listening to music, unlike autoplaying video podcasts on the homepage rather than showing my playlists.
A lot of these videos get recommended to me, and although I haven't done hardware designs in 10+ years at this point, it's pushing me to get back into it again - and PCBWay lives in my head rent-free for when I do. If it were a one-off sponsorship I'd have forgotten about it, but the consistency across a load of different channels really cements it.
I think it's understandable for both Backblaze and most users, but surely the solution is to add `.git` to their default exclusion list which the user can manage.
The aggregators can choose who to index, and we operate one at fair.pm - the idea being that you only federate repositories that meet requirements, and can defederate those which are bad actors. (End users can install directly from repositories though, and can always switch the aggregator if they find the rules too restrictive - no lock-in.)
What aggregators? How would I locate fair.fm? Is there a Whole Earth Guide to Repositories that’s human-curated? What is the published malware incidences and non-responses rate for each repository?
An "aggregator" is the thing that discovers and lists repositories - the equivalent of a search engine. Anyone can operate one themselves, and we (the FAIR project) operate a canonical one on our website, which is fair.pm.
Currently the reference implementation is for WordPress, but we’re working to bring it to Typo3 and other software at the moment too. The protocol is comprised of a core plus per-software extensions when needed.
I see. Are there other similar projects for other ecosystems? I guess more broadly I'm intrigued by the idea of the decentralized supply chain concept, the way you described it sounds like it was more broadly applicable.
You can check out the protocol at https://github.com/fairpm/fair-protocol - anything WordPress or Typo3 specific are in the extensions, and the core protocol is self-contained. We'd love to work with more ecosystems to bring FAIR to them, and we've already had some discussions with others including maintainers of popular (dependency) package managers.
We didn’t give up! We’ve pivoted efforts - focussing more on the technical part of the project, and expanding into other ecosystems. We’re currently working with the Typo3 community to bring FAIR there, as well as expanding further.
(AMA, I’m a co-chair and wrote much of the core protocol.)
On one of my old MacBook Pros, I managed to do this naturally through friction from my wrist moving back and forth on the keyboard for years; good idea to get ahead of it.
