thesmokingman @ thesmokingman @programming.dev

Posts

1

Comments

630

Joined

2 yr. ago

One of my proudest accomplishments is contributing to the XDG Base Dir spec. I fixed a typo.

Like other commenters here, I’m hopeful. Epic owning Bandcamp was pretty scary. They never really answered questions about it and a lot of folks were worried it could have gone the Epic Store route. Epic might honestly have sucked up all the data and sold it off already, though. We don’t know what the future will hold; I feel like no Epic is at worst a neutral position. Songtradr is at least in the music business and isn’t headed by Tim Sweeney.

I don’t know that I’d say The X-Files ripped off TNG. The time loop is a common plot device and Braga wasn’t the first to write it. It’s very common for authors to individually come to the same ideas when they have to create this volume of “what if” every single year, year after year. Braga says he wanted time without the screwed up timeline plot; that’s not a unique reaction by any stretch of the imagination.

If you’re talking about The X-Files episode “Monday” that was actually inspired by The Twilight Zone.

The US has zero privacy laws and, as far as I know, Reddit follows zero audit frameworks (eg SOC 2). Additionally, Reddit currently does not follow its legal burden under state laws.

I’m not saying your mistrust of the fediverse is wrong. I am saying your trust of corporations is completely unfounded and very naive. Trusting the US to do anything is equally naive (see Yahoo, Experian, and multiple alphabet agencies).

I think this is a great question! I’m not going to the extreme you bring up (which I think is a valid read of my comment). Instead, I’m applying the argument the author makes to the author. If museums are unethical because they are the product of rich folks with collections to show off, the same argument should easily apply to Ivy League universities which have long been spoken of in the same breath as the museums the author calls out. By extension, someone educated at an unethical university would be spouting unethical talking points shaped by the rich benefactors, similar to the author’s point that museums only exist to be the mouthpieces of rich people. This, in turn, establishes that we cannot trust the author. I was making an argument by contradiction in which I accept the author’s point and use it to show it leads us to weird places.

This point would be a little weak if, say, the author had included the Navajo Nation Museum or the Holocaust Memorial Museum. I made that comparison because I do not believe the author’s sweeping generalization, that all museums are unethical, is the right conversation to have. I do believe there are great conversations to have about the things we put in museums and how the provenance of those objects is tracked and respected.

This is more a Chromium vulnerability than a GPU vulnerability. Firefox and Safari aren’t vulnerable.

So you want me to invest my time adding basic contributor functionality to a project that’s been around for than a decade? A project that’s been on life support for some time and doesn’t compete with its successor (who does use basic CI tools, I might add)? A project with, if GitHub is to be believed, has one active contributor and has struggled to keep contributors since 2013?

Both the original author and I are claiming it’s time for Apache to move on. In 2023 this major project still hasn’t implemented basic toolchain fundamentals. I have yet to see you offer anything more than “open source is hard” which I don’t think the original author disagrees with. I certainly don’t. I also don’t think it’s wise to hop on a project of this scale with this complete lack of contribution flow. Unless you’ve got a good reason why all of these good folks here should, you still haven’t addressed the core problem brought up by the original author or answered my concerns about drip feeding things that tooling should be taking care of.

I’m sorry, which of those recent commits aren’t things a single linter run would catch? You had me second-guessing myself until I went through, again, a ton of diffs that just fix spacing, remove trailing whitespace, and basic typos things like CSpell can catch.

For example, the most recent commit as of writing has this: https://github.com/apache/openoffice/commit/0c72d66f1a33589bfa5729d3fc3bdd5e807826ac#diff-1ce22feeb294b6917e38bda4906aed35e50ac4828688ffc5ad370256524731bf

A commit from months ago has this: https://github.com/apache/openoffice/commit/5b179f6267cea1575fe6248ab8507bf7144666a0#diff-91750778c26e06764cafa81d4adfbf264acfa159addece80f61d4782dcb7f73c

These are the same fix on different files in different commits. That’s a linting problem that should be handled in a single commit (possibly a massive squashed PR), not something that should be drip-fed for months.

The commit history I looked through has multiple commits for something that should realistically be a single “linted the project” commit. It’s valid criticism in this case.

The author has a degree from Princeton. By this logic, her degree is unethical and her viewpoints are the unethical rants of those rich benefactors.

There’s a reason sweeping generalizations don’t work. Discussing the ethics of provenance is a great topic. Discussing what should be in museums is a great topic. Saying every museum dedicated to educating future generations about the dangers of genocide is unethical just seems like a stretch to me.

Why not both with BASEketball?

You have to define adversary objectives then separate those from normal behavior. Again, you haven’t solved the problem raised in the thread. How are you, a highly paid cyber security professional, going to prevent social engineering from allowing privilege escalation and negative outcomes ranging from fraudulent invoices to knowledgeable, intentional use of applications following expected behavior?

Read the article.

The article explicitly talks about social engineering. If you’ve solved social engineering for the positions I listed, you have effectively ended the need for most security solutions. Yes, we can mitigate its effects, but no, watching doesn’t prevent it which was the context of this thread.

Cyber gets paid but help desk folks, ops managers, general help staff, and the little people with too much least privilege who actually get shit done usually aren’t.

Source: am executive with compliance history

I really appreciate the full set of links! Are We Wayland Yet is great.

ydotool looks legit. I think the way it sidesteps X is smart. Now I’ve got something to play with this weekend! If the license commit is near the beginning, it showed up a couple of years after I stopped trying to port Autohotkey stuff.

With an average of £4.21, an increase of 20p is ~5% increase. That goes up the cheaper the beer and down the more expensive.

Speaking for myself, I wouldn’t notice a 5% increase on things I did infrequently. My monthly budget would get out of whack pretty fast for 5% increases on frequent items. The standard Netflix subscription in the UK costs £10.99 or 55 pints with the addition.

When I last looked at Wayland in 2018, a lot of automation tooling didn’t work (eg xdotool) and wouldn’t be able to work because of how Wayland was doing security in user space. Has that changed or is it still completely locked down?

Note I mean comparable tools, not things dependent on X11 APIs.

It didn’t hit me as strong as the trailers made it look like it would. It’s a really good movie; I don’t know if I’ll ever watch it again.

I think it’s fine to attribute those values to employees who fought to work at companies with those problems. I’m not calling out hidden problems; I’m calling out the issues you can easily find when you do a cursory search for information on the company you’re going to work for. If you think it’s okay to go work for a company like Meta I know you’re okay with some disgusting shit and I don’t want you near my team or my customers.

I have two problems with FAANG candidates.

First, having gone through the full interview process at several and rejected all due to laughably low base salaries, I know how those candidates are selected. The skills being evaluated have fuck all to do with what I’ve actually needed engineers to do. That gives me zero confidence in their ability to do anything meaningful. Solving tic-tac-toe doesn’t mean you can actually walk your way through security problems in an API.

Second, the toxic cultures at these companies is not something I want infecting my teams. Google, for example, is famously about making yourself look really fucking good for a performance review board, not making the company better. Amazon makes people think the talent pool is big enough for perpetual unregretted attrition and pits peer against peer. Meta completely strips any semblance of ethics and therefore customer understanding. Twitter doesn’t fucking care about security.

Most engineers meet expectations. Period. People think FAANG is hot shit. It’s not. It’s arguably worse than most run-of-the-mill places because people on the internet like to make FAANG out to be hot shit. The chances of someone actually doing something big at FAANG are so fucking tiny it’s just like thinking you’re going to make the next killer indie game.