Started my first job, it's a helpdesk. It looks that I get tickets and try to help people on the other side, have build some PCs and am at first week....
Pop!_OS is going to stand out with this new desktop environment. System76 is clearly giving it enough attention to make it as good or better than other Linux desktop environments.
Interesting problem here. So I self host jellyfin, happy to share my (owned) movies with my family. Well, my mother has asked me to digitize her collection too and have me host it. Originally, fine, you give your movies to me, I host them, same thing....
You can use this as an opportunity to have a conversation about what it is about those movies that she likes. This could open up to a larger conversation where you can connect and grow your relationship as mother and child. Or she might just say something vague and simple and you can ignore the movies while they sit in a separate library.
"All punctuation will be considered but avoided where possible because street names and addresses, when stored in databases, must meet the standards set out in BS7666.
"This restricts the use of punctuation marks and special characters (e.g. apostrophes, hyphens and ampersands) to avoid potential problems when searching the databases as these characters have specific meanings in computer systems."
This seems like a dumb line of reasoning. The problem has never been the signs or punctuation in a database. It's that the people in charge don't even know what BS7666 even says.
FWIW, this isn't to do with me personally at all, I'm not looking to do anything dodgy here, but this came up as a theoretical question about remote work and geographical security, and I realised I didn't know enough about this (as an infosec noob)...
I made devices to track wildlife via gps and an embedded simcard and GSM radio to report tracking data. It would be trivial to install a device to basically turn the laptop into one of those tracking devices. But this is beyond what a typical business would consider doing.
It seems Poettering is convinced doas, while decreasing attack surface, depends on SUID binary implementation which is a concern in its own right. Poettering is trying to eliminate that dependency in his `run0' implementation to reduce the attack surface even further.
... led various people to revisit the problem and come up with alternatives: most prominently there's probably OpenBSD's sudo replacement called "doas". While it greatly simplifies the tool and removes much of the attack surface, it doesn't change one key thing: it's still a SUID binary.
I personally think that the biggest problem with sudo is the fact it's a SUID binary though – the big attack surface, the plugins, network access and so on that come after it it just make the key problem…
… worse, but are not in themselves the main issue with sudo.
SUID processes are weird concepts: they are invoked by unprivileged code and inherit the execution context intended for and controlled by unprivileged code. By execution context I mean the myriad of properties that a process has on Linux these days, from environment variables, process scheduling properties, cgroup assignments, security contexts, file descriptors passed, and so on and so on. A few of these settings the kernel is nice…
… enough to clean up automatically when a SUID binary is invoked, but much of it has to be cleaned up by the invoked suid binary. This has to be done very very carefully, and history has shown that SUID binaries are generally pretty shit at that.
So, in my ideal world, we'd have an OS entirely without SUID. Let's throw out the concept of SUID on the dump of UNIX' bad ideas. An execution context for privileged code that is half under the control of unprivileged code and that needs careful, …
… manual clean-up is just not how security engineering should be done in 2024 anymore.
With systemd v256 we are going one step towards this. There's a new tool in systemd, called "run0". Or actually, it's not a new tool, it's actually the long existing tool "systemd-run", but when invoked under the "run0" name (via a symlink) it behaves a lot like a sudo clone. But with one key difference: it's not in fact SUID. Instead it just asks the service manager to invoke a command or shell under…
… the target user's UID. It allocates a new PTY for that, and then shovels data back and forth from the originating TTY and this PTY.
Or in other words: the target command is invoked in an isolated exec context, freshly forked off PID 1, without inheriting any context from the client (well, admittedly, we do propagate $TERM, but that's an explicit exception, i.e. allowlist rather than denylist).
One could say, "run0" is closer to behaviour of "ssh" than to "sudo", in many ways. Except that…
it doesn't bother with encryption or cryptographic authentication, key management and stuff, but instead relies on the kernel's local identification mechanisms.
run0 doesn't implement a configuration language of its own btw (i.e. no equivalent of /etc/sudoers). Instead, it just uses polkit for that, i.e. how we these days usually let unpriv local clients be authorized by priv servers.
By isolating the contexts and the resources of client and target we remove some other classes of attacks…
That doesn't seem to clear up anything other than indicating that the fork was motivated by wanting to do things differently for the sake of being able to do things differently.
Which is fine, I do this often enough. But I don't expect to get a lot of others to follow suit on that basis alone.
I guess it depends on what you're planning doing with NixOS or Aux. I wouldn't use it for anything new and critical. I'd figure out a mitigation strategy if I were relying on it for something critical.
But for experimental purposes, neither option seems like a bad call.
Disinvestment into Python, Flutter, and Dart is a clear signal that those tools are unimportant to Google. I won't be recommending that anyone use Dart or Flutter on new projects.
Odd conclusion to draw. I'm simply not inclined to recommend tools that are not going to be supported by the organization that created them. Development ecosystems are important when planning a project.
Interesting. This wouldn't be the first time that they pushed forward with tools that were later abandoned due to lack of uptake outside of the Ubuntu ecosystem if it comes to that.
Engineers over index in their own ways, but I think you're spot on with decoding the PR speak.
The Python team was very involved with the Python Software Foundation and was influencial with directing priorities for the Python programming language reference implementation (which is by far the most widely used implementation of Python). Google just gave up their say in how the language will evolve. Seems like an incredibly bad strategy. But then again, Google has been, from a financial perspective, nothing more than a digital classified ads platform for decades. If a smart MBA were running Google they'd start spinning off divisions into new IPOs and cashing in with dividends like other large conglomerates have done in the past when they have stopped inovating or actually commit to their projects long term.
I see what you're saying now. I would not use this simply because profit is an unreliable measurement. A revenue based test makes more sense. Possibly adding an investment valuation test as well. Since many VCs encourage no initial revenue when they fund startups.
I’m not exactly sure what is meant by investment valuation tests. As an example, is the investment valuation supposed to be something like “the financial contribution to this repository cannot be more than 5x the estimated cost to contract the entire source code by a reputable institution?”
I mean a test for the latest round of funding of the company establishes a value of the company and if that value is over $x, the terms apply. Fir publicly traded companies, you could just use market capitalization.
A text post on opensource@programming.dev is going to have people skim. A link post on opensource@programming.dev to a blog or webpage with a summary of intention posted in the body of the link post would get people in a better mindset to read the detail at the linked blog post.
I think you told a story from your perspective rather than introducing your idea from the perspective of trying to get the attention of a potentially interested audience that is in a casual browsing mindset. As a result, people were trying to skip past your story and get to the meat of the idea which wasn't presented concisely.
I think you might be closer than Bruce Perens to a license that more people would be willing to use. However, they explicitly name and define machine learning model training as a prohibited use of the covered work.
I have been learning C++/Elixir recently and I’ve made a distributed port scanner & and a streaming platform with Elixir (what an amazing language to work with) and some fun in C++ (also super cool to use)....
For most personal projects, hosting on the cloud may be overkill, but tempting with its supposed ease of use and benefits of scale. Self-hosting is often overlooked as a solution with the benefit of simplicity and cost....
It's a shame that he didn't do a writeup on this. It's nice to have a video to demo the workflow, but it's really annoying to go back to the video to get details to try it yourself.
Unfortunately, in this case I'm not interested in a summary. I already watched the video and would need to refer back to it for details, not general concepts.
I'll definitely use that site in the future though.
Edit: looks like it's not so good for long videos.
[Thread, post or comment was deleted by the moderator]
I'm a computer engineering undergrad in my finals and I really don't care about applying for jobs, there's so much competition and I hate just about every one of my classmates. I don't want to spend hours making shitty bloated proprietary software but 99% of jobs seem to be like that. Is it possible to actually make a career in...
I try to be positive here on programming.dev but someone gave you an incredibly thoughtful reply and you returned the favor with absolute disrespect. I think the only positive outcome here would be for me to simply block you and encourage others to do the same.
I've been using https://darkreader.org/ with settings to make the text an orangey-yellow with a black background. I don't know what most websites are intended to look like by the authors. I really like the extension. I'm not sure if there's a way to make it do the reverse for you, but might be worth looking into.
Awesome! I installed that Tranquility plugin too for those times when reader view in Firefox doesn't work, which I've been annoyed with but never looked for a solution. Now I have that solution!
How being FOSS fan/advocate annoy you at work/school?
Started my first job, it's a helpdesk. It looks that I get tickets and try to help people on the other side, have build some PCs and am at first week....
Start learning at 50
Start learning at 50...
A Blog to Satisfy Your Monthly COSMIC Fix(es) ( blog.system76.com )
Do you use Firefox Sync? Why or why not? ( sh.itjust.works )
How do you handle family requests that you disagree with?
Interesting problem here. So I self host jellyfin, happy to share my (owned) movies with my family. Well, my mother has asked me to digitize her collection too and have me host it. Originally, fine, you give your movies to me, I host them, same thing....
Defaulting to Zero · Our Machinery | Niklas Gray | Archived 1 Jul 2017 ( web.archive.org )
Niklas Gray writes:...
Preview builds for the Zed editor now available on Linux ( zed.dev )
North Yorkshire Council to phase out apostrophe use on street signs ( www.bbc.com )
I wrote an interactive TUI app that gives a brief tour of the `GNU awk` command for beginners ( github.com )
Let me know your feedback, especially if you haven't learned awk yet!
How well can an employer be certain of a remote employee's geographical location?
FWIW, this isn't to do with me personally at all, I'm not looking to do anything dodgy here, but this came up as a theoretical question about remote work and geographical security, and I realised I didn't know enough about this (as an infosec noob)...
Jeremy Soller 🦀 (@soller@fosstodon.org) | Is reaching out to the KDE developer community to assist in planning interoperability between COSMIC, Plasma and KDE. ( fosstodon.org )
Jeremy Soller 🦀 (@soller) [System76 Principal engineer, Pop!_OS Maintainer, and Redox OS BDFL] writes:...
POSETTE: An Event for Postgres 2024 | 3rd annual virtual event organized by the Postgres team at Microsoft | 48 Hours of Virtual Presentations and Meetings Starting Tue, June 11 @ 3:00 PM UTC ( www.citusdata.com )
NixOS Foundation board: Giving power to the community ( discourse.nixos.org )
Cross posted from: https://feditown.com/post/328958
TUXEDO Launches Another Linux Laptop Powered By The AMD Ryzen 7 8845HS ( www.phoronix.com )
Why the second identical disk is more expensive is beyond me (tried with 1TB Samsung 970 EVO Plus NVMe PCIs).
Systemd wants to expand to include a sudo replacement ( outpost.fosspost.org )
NixOS forked ( aux.computer )
https://hachyderm.io/@jakehamilton/112355361353931366
Google lays off staff from Flutter, Dart and Python teams weeks before its developer conference | TechCrunch ( techcrunch.com )
Feedback on open source royalty license?
Feedback on open source royalty license?...
How do you find projects to work on when learning a new language?
I have been learning C++/Elixir recently and I’ve made a distributed port scanner & and a streaming platform with Elixir (what an amazing language to work with) and some fun in C++ (also super cool to use)....
The Cloud is Over-engineered, Over-priced (and Over-rated?) ( youtu.be )
For most personal projects, hosting on the cloud may be overkill, but tempting with its supposed ease of use and benefits of scale. Self-hosting is often overlooked as a solution with the benefit of simplicity and cost....
[Thread, post or comment was deleted by the moderator]
Possible to make career in free software?
I'm a computer engineering undergrad in my finals and I really don't care about applying for jobs, there's so much competition and I hate just about every one of my classmates. I don't want to spend hours making shitty bloated proprietary software but 99% of jobs seem to be like that. Is it possible to actually make a career in...
Closing the thread, I've got a suggestion to kill myself on matrix, you're the worst ( sh.itjust.works )
Command Line Interface Guidelines ( clig.dev )