Unions in countries like Germany and France are much more powerful. Especially VW is extremely unionized, half of the seats on the Supervisory Board are allocated to worker representatives. These employee representatives are elected or selected by the workers (usually via union and works council processes), so VW employees indirectly influence board decisions through these seats.
We should not be allying with any oppressive and dictatorial states, the US is just rapidly sliding into becoming one, and nobody wants to acknowledge it because of the consequences it would imply. If you ask me, us Europeans need to find our self-confidence, we are more than able to compete, but too scared to take the risks and responsibilities to do so.
Don't get me wrong, I would love that! I would love for Europe to step up as world super power (union), a kin to the Non-Aligned Movement - but unfortunately I don't see it happening.
It starts from the bottom up, we need to make it a priority, it is part of the defeatist attitude we have, total lack of self-confidence. We need a 'Yes we can' movement.
Indeed, petty national topics that are used to create fake polarization against Brussels, is what is keeping us from realizing the federation we so desperately need. I am so tired of the endless, unbased right-wing arguments from nationalists against the EU, which only exist to distract from their own incompetencies.
The EU actually has a great track record, it has been a massive unifying force. I think people tend to forget how shit things were even 30 years ago. I really hate this constant shitting on the EU for no concrete reasons.
It is crippled because nation states want to retain control, it is one of the main reasons. People act like 'EU politicians' should solve everything overnight, but the reality is that it is out of their purview in many cases. Only federalization would resolve this issue.
> I think people tend to forget how shit things were even 30 years ago.
About thirty years ago a European family could survive on a single salary and get by decently. Now they can't. So, I'm not sure what are you talking about.
> It is crippled because nation states want to retain control, it is one of the main reasons.
IMO it's crippled by the amount of poor decisions making and complete inability to handle even small-scale crisis somewhat successfully.
> Only federalization would resolve this issue.
On this, I agree. But given the decision making the last 15-20 years, that option is dead on arrival.
Since the only thing Trump understands is force, I am looking forward to the retaliation from and military positioning of EU member states to defend Greenland. Perhaps it is what is needed to finally impeach.
Impeaching happens when the President is held accountable, only dissatisfaction in the electorate will cause that. Trump has already committed many crimes that he could be held accountable for. If the EU pressures the US, and it messes with the quality of life, that creates pressure on him as well. It all trickles, until it becomes a storm.
7. If a Member State is the victim of armed aggression on its territory, the other Member States shall have towards it an obligation of aid and assistance by all the means in their power, in accordance with Article 51 of the United Nations Charter. This shall not prejudice the specific character of the security and defence policy of certain Member States.
I really think that the main issue is that NPM itself will execute any script that is in the "postinstall" section of a package, without asking the user for permission. This is a solved problem in other package managers, e.g. PNPM will only run scripts if the user allows them to, and store the allowlist in the package.json file for future reference.
In this scenario, if a dependency were to add a "postinstall" script because it was compromised, it would not execute, and the user can review whether it should, greatly reducing the attack surface.
Wouldn't this just make the number of packages that can be targeted smaller? E.g. I publish a testrunner that needs to install Headless Chrome if not present via postinstall. People trust me and put the package on their allowlist. My account gets compromised and a malicious update is published. People execute malicious code they have never vetted.
I do understand this is still better than npm right now, but it's still broken.
Security is usually full of incremental improvements like that, however. Reducing the scope from all of NPM to the handful of things like test runners would be an enormous benefit for auditors and would encourage consolidation (e.g. most testing frameworks could consolidate on a single headless chrome package), and in the future this could be further improved by things like restricting the scope of those scripts using the operating system sandbox features.
Security is layered, no layer will conclusively keep you safe, but each one make it harder to pierce to the core. For example, the impact of the recent SHA1-Hulud attack would be much less, as compromised packages (that previously did not have any scripts executing at install time), would not suddenly start executing, as they are not allowlisted.
There are a large subset of security problems that are solved by simply eliminating compilation steps typically included in "postinstall". If you want a more secure, more debuggable, more extensible lib, then you should definitely publish it in pure js (rather than, say, Typescript), so that there is no postinstall attack surface.
With type stripping in Node LTS now there's no reason at all to have a postinstall for Typescript code either. There's fewer reasons you can't post a "pure TS" library either.
