It absolutely is. The typesetting is beautiful, and it’s far easier to work with than (LA)TeX. It also doesn’t take up 2GB of disk space.

Based on some real-world knowledge, no.

For example, there’s this class that military helicopter pilots take as part of training for surviving water landings. They have the body of a helicopter which can be dropped into a big swimming pool. The pilots strap in, they’re dropped into the pool, and they have to unbuckled and exit the helicopter.

So many people fail this, repeatedly. Scuba divers are in the pool just to extract the people who can’t make it out. The issue is that when you panic, you tend to stop thinking rationally; it’s why swimmer lifesaving is so dangerous - a panicking swimmer will do anything to save themselves, including grabbing the lifesaver and trying to climb on top of them, which can result in both people drowning. In the pilot case, people panic and can’t unbuckle themselves, straining against the restraints to get out, until they have to be rescued. Even if they start well, trying to unbuckle, if they fumble at the restraints, they can panic and then they stop trying to unbuckle. Even though the helicopter is only a cockpit and a bay with big van-style doors, people panic and get lost trying to get out; they just can’t find the bay doors, and have to be rescued. For these night tests, you can’t see which was is up, and people panic and forget to take time to orient, and swim toward the bottom of the pool, and have to be rescued.

All of the theory in the world can’t protect you from panic; the only thing that helps is experience. You do it enough that you get used to it and have confidence that keeps the panic at bay.

Studying isn’t enough, because the first thing that goes when you panic is your ability to think rationally, and the OMG way to prevent panic is confidence, and that’s developed through experience. It’s why teaching always includes homework: you have to exercise the knowledge for it to become second nature.

I’ve been using systemd on most of my systems since it was released; I was an early jumper to upstart as well.

The thing I don’t like about systemd is how pervasive in the OS it is. It violates the “do one thing, do it well” Unix philosophy, and when systemd went from an init system to starting to take everything over, I started liking it less.

My issues with systemd is that it isn’t an unmitigated success, for me. journald is horrible: it’s slow and doesn’t seem to catch everything (the latter is extremely rare, but that it happens occasionally makes me nervous). There are several gotchas in running user services, such as getting in-session services working correctly (so that user services can access the user session kernel keyring).

Recently I’ve been using dinit on a system, and I’m pretty happy with it. I may switch all of my systems over to it; I’m running Arch everywhere, and while migrating Arch to Artix was scary the first time, in the end it went fairly smoothly.

Fundamentally, systemd is a monolithic OS system. It make Linux into more of a Windows or MacOS, where a bunch of different systems are consolidated under a single piece of software. While it violates the Unix philosophy, it has been successful because monolithic systems tend to be easier to use: users really only have to learn two command-line tools, vs a dozen. Is it categorically better, just because the user interface is easier for new Linux users?

dinit also has the ability to run user services, FWIW.

I’m happy to participate, but we don’t have a process yet.

Let’s say I do audit a specific version of a dependency I use. How do I communicate to others that I’ve done this? Why would anyone trust me anyway? I’ve mentioned that 'm not an infosec expert; how much is my audit worth?

I have before run programs inside firejail and watched for network activity where there shouldn’t be any, but even if that is a useful activity, how do I publish my results so that not everyone has to also run the same program in firejail? What do non-technical users do? And this active approach has three problems: 1) you’ll only see the malicious activity if you hit the branch path of the attack; looking for it this way is like doing unit tests by running the code and hoping you get 100% code coverage. 2) These supply chain attacks can be sophisticated, and I wouldn’t be surprised if you can tell that you’re running in firejail and just not execute the code. 3) This approach isn’t useful for programs which depend on network connections, or access to secrets - some programs need both. In an extreme example, there’d be no way to expose a supply chain attack embedded in a browser, which often both has access to secrets and who’s main purpose is networking.

The main problem is that we’re in the decade of Linux, and a whole population of people are coming in who are not nerds. They’re not going to be running strace or firejail. How are we going to make OSS secure for these people?

Yeah, this is becoming a real issue.

We need better tooling for performing static analysis. I recently updated a version of a package and the audit - which I can in no way perform with any authority - was time consuming because of the extensive dependency tree. I both feel more compelled to do audits, and have started hating them; they’re the least fun part of developing OSS, and I really only do it because it’s fun. When it stops being fun, I’m going to stop doing it.

That’s entirely aside from the fact that it puts a damper on the entire ecosystem for users, of which I’m also clearly one.

The OSS community needs (someone smarter and more informed about infosec than me) needs to come up with a response, or this is going to kill OSS as surely as Microsoft never could.

As long as it isn’t github.

Publish that puppy. It can’t hurt.

Don’t do it in github, though. Sourcehut is better; or if you crave that cluttered, JS-heavy feel, Gitlab.

Agent Smith wasn’t wrong. Most villains have a weak motivation; Smith’s was strong, because it is true.

Do you think I’m promoting voluntary extinction? I don’t think anyone has to do that - not only would it not make a dent in the race to doomsday, but it’s unnecessary since we’ve probably already passed the point at which we’re capable of halting the runaway ecological collapse we’ve engineered - even if there was any indication of willingness on the part of the biggest polluters to draw down, which there isn’t.

What I find funny is those people who are still making more people, as if they’re not dooming them to live through a true apocalypse: global societal and ecological collapse, technological regression, famine, and the resurgence of self-perpetuating oligarchies. A dark ages, but one we’ll never come out of.

Yup! Of the things we could be, we’re most like a virus, but parasite might work. Most parasites don’t kill their hosts, and if they do it’s a secondary action - it usually isn’t the parasite itself that kills the host, but some virus or bacteria the parasite transmits. There are some really nasty parasitic worms that will kill you, or make you wish you were dead.

We’re definitely not symbiotic, like most macro and many micro organisms are.

If we consider the the ecosystem as the host, we’re killing it; and individually, we’re micro-sized to the Earth, so I think virus is the most accurate model.

Maybe! How is it better than keeping a README?

If it’s just a command, I put it in a readme. If it’s a series of commands, I put it in a shell script. What would your tool bring to the party, and if I’m going to turn to a third party solution, why shouldn’t I use Salt or Puppet instead?

The same applies to the human race.

Brendan Fraser is really young in this photo.

You only see it that way because of your age. Old people have mostly aged out of those behaviors, but believe me, people have been doing all of those things you list for as long as the technology to do them has.

This is such a clear, succinct description of the ultimate end state of FPTP voting. Nice.

Caught in a landslide 🎤🎶

Offers the police a refreshing drink when they arrive.

New headcanon.

Except that one is automatically versioned and would have saved you this pain, and the other relies on you actively remembering to reflexively commit, and then do extra work to clean up your history before sharing, and once you push, it’s harder to change history and make a clean version to share.

These days, there’s little excuse to not use COW with automated snapshots in addition to your normal, manual, VCS activities.