* Posts by drankinatty

149 publicly visible posts • joined 25 Oct 2018


Got an unpatched LG 'smart' television? It could be watching you back


Re: Or your best solution is...

The LG exploits seem to be but the tip of the iceberg. What of all the other manufacturer (e.g. Samsung, e.g. a.l.) that have sold internet connected "smart" TVs with built in browsers but have not provided updates in over 5 years.... It's hard to make up a worse scenario for the average Joe that plugs an RJ-45 into his smart TV and hasn't a clue it could very well be watching him back...

Over 170K users caught up in poisoned Python package ruse


Re: Python, eh?

"Python ain’t the problem, look up a bit"

No Python isn't the problem, but this isn't the first supply chain compromise for the pypi package manager. It seems to be a favorite repeat offender for some reason. Python is fine, but I no longer trust pypi or any of the auto-dependency installers. I may revisit that if we can go twelve months without another pypi supply chain compromise.

Raspberry Pi Pico cracks BitLocker in under a minute


Re: A brilliant testament to analysis

Made even more ironic by the fact that TPM is one of the reason your computer doesn't meet the requirements of Windows 11... You read something like this and you are just left shaking your head. The supposed trusted name in computing with its "secure" OS providing drive encryption where the key to unlock it is transmitted in the clear. Bugger... Would be interesting to know just what percentage of boxes have a separate TPM chip.

Linus Torvalds flames Google kernel contributor over filesystem suggestion


And has mellowed markedly over time. Nothing like the old Linux we knew and loved: https://lwn.net/Articles/249460/

If you use AI to teach you how to code, remember you still need to think for yourself


Books not clicks are how you learn. Clicks can suppliement, but not replace them.

The problem with clicks is you are dependent on the content of the site you end up at being correct. That is far from guaranteed. There is probably an even amount of bad (or plain wrong or dangerous) examples and coding advise on the net as there is good. Peer-review is critical. Anybody can throw up a blog or article about an area of coding -- and there is no requirement it be correct or free from subtle errors just waiting to be exploited.

Book, peer-reviewed and categorized by level (beginner through expert) are the holy-grail for learning to code -- correctly. It takes far more time to break bad habits picked up on questionable coding sites than it does to learn it right the first time. E.g. https://stackoverflow.com/questions/562303/the-definitive-c-book-guide-and-list or https://stackoverflow.com/questions/388242/the-definitive-c-book-guide-and-list What the net is good at is providing good peer-reviewed references, e.g. https://en.cppreference.com/w/ and the like. Beyond that it is primary authority, the coding standard (you are using a language with an actual language-standard detailing what behavior is defined, what is left to the implementation and what is unspecified -- right?)

Be we digress. The issue of LM chatbot use is one of what they are good at. They are very good at helping you digest the information on the web being capable of narrowing down to a specific area within a language in response to a prompt, That is helpful, but that is also the limit of their usefulness. Sure, they can spit out code that may or may not be correct, but the user loses all learning that comes from a detailed chapter (or man-page, etc..) describing the subtle details of what each parameter is, how it is defined and stored and what the limitations are for the use of any function identified.

Use a LM understanding its shortcomings and limitations and your fine. Use it to "learn" to code and all you have really accomplished is to learn how to prompt a chatbot -- which will become painfully clear as you sit across a desk from a potential employer asking questions about your coding knowledge.

Could immutability be a Leap too far for openSUSE users?


Re: Well, yes, but there's a bigger picture here.

Been a SUSE user since 7.0 Pro (Air) and an openSUSE user since that Moniker was coined somewhere around openSUSE 11.0, but this alas is a clear fork-in-the-road. The powers that be in the latest ownership incarnation of Rancher have made clear, openSUSE is but a step-child and has been increasing treated as such. In the early years it was the test-bed of what would flow into SLE. Later as the ringed-build-system was ironed out there was less and less reliance on openSUSE as the testbed. The latest corporate owners and just decided to kill Leap off and screw the installed user-base. The old, we took a decade of your help to develop our product, now you can be cast off like an old worn out shoe -- we've got it from here, thank you....

A user-distro with an immutable root filesystem is as worthless as tits on a boar-hog. Need to tweak swappiness, or make another system-wide change -- tough.

Along with openSUSE I also use Arch, Debian and Ubuntu, so other than it being something that "irks the hell out of you", it's not the end of the road. Regardless of distro, it's all Linux underneath the hood. What the larger Linux community loses is a reliable traditional Linux distribution that made a name for SUSE, and that is something that will be missed. Corporate governance of Linux has always been a rocky road, just ask Mandrake...

Microsoft suggests command line fiddling to get faulty Windows 10 update installed


Re: Recurring partition size issues

I definitely do NOT think we are getting a straight story from Microsoft. After being hit by the update install error on Windows 10, I read through the proposed fix to create a larger WinRE partition and checked the status of the existing WinRE partition on the box the update failed on. The box has a functioning WinRE partition and as shown by 'reagentc /info' it is already 509 Megabytes. (almost double the size Microsoft is now suggesting will fix the problem...)

Explain to me how partitioning to "Manually Increase the Size of the WinRE Partition", to the recommended 256 Megabytes, will make any difference whatsoever on a box where a fully functioning WinRE partition of 509 Megabytes already exists?? Care to guess-again MickeySoft?

Even more curious, this Windows 10 Install was from a brand new Retail Windows 10 DVD, not an upgrade from Windows 7 or 8. So the 509 Megabyte WinRE partition already present was created by Windows 10 itself during the fresh install.

The current explanation by Microsoft and proposed fix somehow seem as half-baked as the update that originally caused the problem.

New year, new updates for security holes in Windows, Adobe, Android and more


Patch-Tuesday Woes --- "Status: Download error - 0x80070643"

Seem there are many computers afflicted by See: FYI on "Status: Download error - 0x80070643" with "2024-01 Security Update for Windows 10 Version 22H2 for x64-based Systems (KB5034441)" https://www.reddit.com/r/WindowsHelp/comments/192mww0/fyi_on_status_download_error_0x80070643_with/

Systemd 255 is here with improved UKI support


Re: /usr

We have only been working on Linux FHS through versions 1, 2 (2004), and 3 (2015) for the past what? 20 years? and have little to show for it providing a consistent environment for applications to use cross-distro. I don't dislike the /usr merge just as I don't dislike packages and libraries and executables and data spread across /lib, /lib64, /usr/lib, /usr/lib64, /bin, /sbin, /usr/bin, /usr/sbin, etc...

I see benefits, but I think we should be clear-eyed about what is driving the mandate for consistency now being foisted upon the community by systemd. It has nothing to do with FOSS choice or allowing distributions the freedom to do things in their own way, it is more about the desire to have a vanilla-Linux-landscape that guarantees containers will run without a hodge-podge of compose routines. Whether it is Linux FHS or a /usr merge, once the corporate "sponsor"-camel has it's nose under the tent of open-source -- they will want to see a return with fewer resources expended in the long run. That's not all a bad thing.

As far as display changes, I'd rather the the kernel-panic and the register-dump than a BSOD and WTF? a QR Code? that I'll never use. (just trust us, use your phone to scan the square of information you can't understand and we promise we won't grab and store any of your information that gets sent along with the request to turn it into a URL -- we really, really promise this time... trust us). But this is largely a who cares? part of systemd. So long as I can hist ESC and see the reason the boot failed without having to jack with a QR code, it's not worth worrying about. Now if I can't look behind the BSOD and get the same information I could before -- that's a problem, and a bug report will follow...

But, on balance, at least for normal small-server / desktop use, the move to systemd 255 is a big "Meh". Arch moved to it this past week. The update and reboot (due to Linux 6.6.5) was a non-event, no BSOD, just an underwhelming reboot to have 0x11111111 do the same thing it did when it was just 0x11111110...

Researcher claims Harvard nixed social media research after getting Zuck bucks


Greed and Corruptions what a legacy...

Greed and Corruption has shattered our shared sense of values for the next generation. Antitrust needs to be re-fanged and I'm not sure what we do with the corrosive result of the "Citizens United" decision on the American side of the pond -- or the evidence that several of the High-9 have been caught with their hands in the cookie-jar.

The latter helps to explain the precedent-shattering rulings the court has handed down in the past decade or so. Cookies provided by those that benefit most from the decisions.

Hell-of-a Legacy to leave our children.

Net privacy wars will be with us always. Let's set some rules


How to weigh the equities?

One is intentionally evil and wants to exploit the breach of your privacy for profit. The other is just erratic in its attempt to manage one's behavior -- though not immune to the frailties of competing (and some special) interests in its application of democracy. Hardly seems like a valid comparison. There are two different bodies of law that govern intentional acts and mere negligence.... Oh what a sticky wicket...

When it comes to personal data, we're on a highway to hell


Woe Be The Professional That Loses Control of Confedential Patient/Client Data In A Rental

The Court in dismissing the case simply got it wrong.

There are a whole host of considerations beyond data simply being kept in a vehicle system where the user has no way to deleting and the data may be harvested by third-parties over which the user has no control. This is particularly true if the poor user is part of a profession that has a legal duty to protect and prevent disclosure of information to third-parties. Or when disclosure would vitiate a privilege attached to that information (like attorney-client, patient-physician, etc...)

There is a valid argument to be made that a physician or lawyer would be "grossly negligent" in using any system where they lose control of patient/client information and would be subject to being disciplined by the bar or medical board. Oh what a tangled web we weave...

You can buy personal info of US military staff from data brokers for just 12 cents a pop


We have no one but ourselves to blame...

The sad part is there are maggots out there willing to aggregate and then push other peoples pilfered data for profit.

The equally sad part out there is there are maggots willing to buy the aggregated data of dubious origin.

It seems data brokers and their clientele have become the Farangi of our time (from the Star Trek Next Gen and follow-ons).

It's the side effects on the lives of real peoples that are lost in this frenzied capitalistic data-centric masturbation. The 23andMe intrusion that lifted close to a million personally-identifiable genetic records. In this cesspool, it is the insurance companies and actuarials playing to part of the buyer maggots who with a gleam in their eye suck up all the health data for purposes they are not allowed to under HIIPA in the States. (you guys on the other side of the pond have similar medical information rules.

Six months later your parents are in tears because they are uninsurable for some nebulous reason given by their health insurer. And the chilling anecdotes just keep on coming. Good lord, where does it end? (rhetorical question)

Trinity desktop's latest release snaps into action on Q4OS 5.3


Re: just installed it

Replacing sddm with kdm (or tdm as it is rebranded) is a feature, not a bug :) Having used TDE for more than a decade and having built it for Archlinux for a couple of years, it is a solid KDE3 desktop with enhancements you would expect. While I've run KDE3 from openSUSE for the past few Leap releases, they are essentially the same. Commit sharing goes on between the two projects, etc.. Tim is smiling from somewhere tonight with the press TDE got today. Though not as actively involved now as in the past, it is a testament to the idea he had back in the 2010-ish timeframe. Kudos to The Register for covering it.

On-by-default video calls come to X, disable to retain your sanity


Re: Xitter?

And where the bleach-blond Cheeto (a.k.a. a former US President) stores classified documents according to one talented Congresswoman from Texas.

Spacewalk turns into spacework as cosmonauts grapple with ISS leak


Re: Workmanship, or micrometeoroid / space junk damage?

Krikalev and Titov and just shaking their collective heads...

Want a clean energy transition? Better start putting cash into electrical grid


It's not even 2024 and 1.5C is already slipping away...

"If the world fails to get its grid in gear, limiting long-term global temperature increases to 1.5°C will be impossible, and there's a 40 percent chance global temperature rise would surpass 2°C."

After watching the climate change for nearly 60 years, and understanding the gravity of a 1.5C change, the prospect that target was nothing but a lofty goal is chilling. I really want our efforts to succeed, but just within the past decade we have seen the warming target creep from 1.0-1.5C, and now the realization that we have a near even-chance of seeing 2C unless our grid capacity is magically doubled.

As a realist, the chances the needed grid refit/expansion can/will take place within the time required to prevent seeing a 2C rise is sadly laughable. Is there a silver-lining I'm missing? Maybe some more magic fairy dust like "Biomass"? Or, is the inevitability simply due to not facing the actual root cause, population growth?

It looks worse each time I have to think though this issue. How about a cheery climate article next time El Reg?

Windows 10's latest update issue isn't a bug but a feature – to test your patience


Re: Again?

Updated 6 - Win10 22H2 boxes Wednesday. 4 out of 6 suffered hangs at 40 and 76%. 1 suffered a reboot loop that required "DISM /Online /Cleanup-Image /RestoreHealth" to fix. All HDD boxes suffered hangs, 2 of 4 SSD boxes suffered hangs. Restarting to install the "pending installation" updates and resetting the current stuck update using the "Restart Now" button (when displayed) also worked around a hang on one box.

Update install time ballooned to more than 2 hour with required troubleshooting on boxes with hangs. Boxes with no hangs installed all updates/patches in less than 30 minutes and completed updated windows defender and re-indexing scans. No slowdowns noted on any of the 6 boxes after updates installed, but boxes are a mix of business use desktops and laptops, though the laptops do use the proprietary Nvidia driver - no non-gaming slowdowns noted. They may do just fine gaming as well - but no games are installed to test.

This issue didn't just start with October patch Tuesday, but similar partial updates were also observed during the September patch Tuesday updates as well. Seems all users receiving updates from MS are now members of the "windows insider's program" who get to do beta-testing of updates each patch Tuesday...

MariaDB ditches products and staff in restructure, bags $26.5M loan to cushion fall


Re: will this affect the free database software versions?

Doubtful, millions of beta-testers are a difficult expense to justify to the board when they are what has made your core product work since you forked it. Taking a FOSS based company public is always a tricky proposition. Ask Mandrake...

GNOME developer proposes removing the X11 session


But why?


This is the same short-sighted, self-serving thinking by Gnome devs that has turned a well-loved desktop and toolkit into small cult offerings. Another solution in search of a problem that doesn't exists. There is no practical reason Gnome cannot continue to provide and support and Xorg compatibility. The '+' is definitely gone from GTK...

Microsoft introduces AI meddling to your files with Copilot in OneDrive


On first read it sounds like MS nicked the Nextcloud Files app from Github

Steering users to a web-interface for file access? Allowing selection of which files are always sync'ed for offline use? Sounds like MS has gone cherry picking through open-source apps for its new "amazing" features....

One-Drive? The privacy policy for that thing is a nightmare? (yes, I do select "e-mail privacy policy" so I can read them) Far to much gray about the rights MS grants itself and "third-party" associates over your files. "HowTo" disable One-Drive has been a perpetual moving target - keep your favorite links current. On last glance at the official OD howto, I did find an odd surprise. The MS support page suggested removing OD altogether -- really? I guess that's one way to steer users to a "new" OD web/browser-interface.

Easiest way to make sure OD is off by default - configure the install to login with a "local account". Never a MS account.

Gone are the days of looking forward to new features in Windows. Over the past decade, new features seem primarily to be good for MS, not the user. (How do you like to targeted ads popping up in Win 11?) Nowadays, reports of new features from MS are more cringe inducing events than an expectations of something useful. If MS would only learn the basic axiom "A New Feature to One is a Bug to Another if it can't be TURNED OFF".

MS's AI playing with my files certainly falls at the cringe-inducing end of the updates scale. Let's play hide-n-seek with the uses files by shuffling them into multiple colored folders. A mix of reds and oranges and yellows and greens should really help the color-blind users out. Never mind the shuffled files were necessary to existing batch or windows script host files. What could possibly go wrong....

Long-term support for Linux kernels is about to get a lot shorter


Re: Stable not in the stable

Well, it really depends on what function the box serves and whether it's public facing or not. I see both sides. I run Arch for servers and any box that has to have what the latest kernel provides. For a daily driver, I run openSUSE Leap on the laptop. (and a mix of Ubuntu and Debian spread across several Pi's and WSL installs). From the kernel standpoint on Arch we have 6.5.5-arch1-1 released a few days ago upstream, openSUSE has 5.14.21 in it's "enterprise" approach to backporting, the older Pi's have 5.10 on them still chugging away on buster. All get updates when then appear.

However, I've also had a few "back-office" boxes, the tired old workhorses from days gone by that are not public facing and just won't die. They do one or two things and do it well. Like, (remember the day), a 3.4.6 box that functions as a fax-server and backup DNS/DHCP for the LAN. The kernel hasn't been updated in years, but bind/isc dhcpd, hylafax and avantfax have. Since it's not public facing, it's not worth the wipe and reinstall until the drives croak (they are RAID 1 and the databases are backed up to the recent boxes anyway). Is it ideal, no, does it pose an undue security risk, no, not unless someone with physical access does something terrible to it - zero chance of that in my world. The functionality will die with that old box though, there will be no need for a fax server in any future box, and it not worth migrating that to the current servers.

So I can see both sides and it really depends on what the box does and its exposure to any threats. For anything public facing, update religiously, but if you have an old clunker humming away in some forgotten corner of the server closet that only talks over the LAN and perhaps a telephone line -- the updates are not as critical

Google killing Basic HTML version of Gmail In January 2024


Re: Will Miss Plain Old HTML Mail

E-mail is supposed to POA (plain-old-ASCII). What is anything bug a simple html interface needed for? (sarcasm unfortunately intended)

Ironically, and with credit due, Squirrelmail was recently updated to run on PHP 8.3 -- and it's all plain old html tables (it will display html/images in frames if you configure it to, but -- don't). So there is still hope for simple e-mail interfaces out there. (and the total package is still less than 2M)

I haven't used gmail's new interface, I just use it as an imap host for tbird or alpine, but I feel safe in predicting the "new" interface will not be capable of displaying half the message list in the same amount of screen real estate. That tends to be the side effect of all web UI "improvements" -- loss of concise information.

'Small monthly payment' only thing that stands between X and bot chaos, says Musk


It just leaves you shaking your head?

A guy, who must have some shred of intelligence somewhere, lights $22B on fire sending advertisers and users scurrying from twitter like lemmings over a cliff and his answer is to make the platform as unpalatable as possible in the shortest amount of time.

Am I missing something here? Why on earth would someone now want to buy a seat on a sinking ship? It never ends well. This will be a case-study in how to destroy shareholder value taught as a cautionary tale in universities for years to come.... So much promise pissed away by a combination of arrogance and incompetence.

Linux 6.6's in-kernel SMB networking server graduates


Re: Magical rusty thinking

The only reason rust exists is to save crappy programmers from themselves. Yes, if you never learned to count, C can provide a challenge in managing memory. But for anyone that can count and do any type of sane bounds checking, the magic of rust quickly evaporates as if covered with Naval Jelly...

Bombshell biography: Fearing nuclear war, Musk blocked Starlink to stymie Ukraine attack on Russia


The Ugly Underbelly of Capitalism and Greed - Money over Principle

We on both sides of the pond should pay careful attention to this story and the foreign policy implications of technology, critical to our shared national security, being in the hands of for-profit companies or petty individuals. After having stood shoulder-to-shoulder for a century protecting our shared values and freedoms, allowing a private company to make critical military decisions puts all we have accomplished at risk.

LibreOffice 7.6 arrives: Open source stalwart is showing its maturity


Bootnote: The missing feature from LibreOffice Writer (not 1, but 2 missing features)

In addition to outline view, there is one other feature that LO lacks -- the ability to create a table of authorities for legal briefs (appellate briefs). Where word shines is it allows embedding field-codes in the citations within the document identifying which table the citation belongs too. Nothing complicated, simply an index type code that identifies which table to put the entry in. Be that the Table of Cases or Table of Statutes, etc.. By allowing the field-code to be embedded, it matters not if paragraphs or pages are added or removed from the brief or the brief reordered in a significant way, a quick keystroke to regenerate the tables puts everything right.

This feature goes back in work quite a ways. I don't recall exactly, but I believe it was present in word 1.0f that came on floppies or came soon thereafter. (which means the Reg's recent article about the all time favorite office version installable on XP, was fully equipped for the job...)

While feature requests have been filed, with both OpenOffice prior to the fork and with LO after the fork, it remains just that, a feature request in LO. While LO can generate tables, bibliographies, etc.. it has no simple way of accommodating changes to the document and then simply regenerating the tables so that the page numbers for the citations are updated in the tables. Instead, searching for each citation, manually checking and manually updating page numbers in the tables is required. It's Achilles heel being the lack of embedded field-codes within the citations themselves identifying the associated table. With 50-100 citations sprinkled across as many paragraphs, if the document is reordered, added to, or deleted from in any significant way, updating the table of authorities in writer quickly becomes an unwelcomed chore.

So there are at least two significant missing features in writing that the Open Document Foundation needs to add to keep up with the Jones's (or Gates or whoever is in charge now)

Soft-reboot in systemd 254 sounds a lot like Windows' Fast Startup


Re: A "new feature" is a "bug" if it cannot be "turned off".

Unfortunately, this is a case where El Reg (unintentionally) has made a mountain out of a mole-hill.

This isn't some "change" in the way systemd will work, it is simply the addition of a new subcommand to systemd. You can choose to use it, or not use it, it's not something that systemd will impose by default (which is how I read the article to begin with). You either use the soft-reboot service and soft-reboot target, or you just continue using the normal graphical (or multi-user) target and 'systemctl reboot' instead of the new 'systemctl soft-reboot'. Arch has the soft-reboot man page up at https://man.archlinux.org/man/systemd-soft-reboot.service.8.en

Whew... Glad I misunderstood the article.... Now the only fly-in-the-ointment will be -- what the distro maintainers do with the new subcommand. Heaven forbid they configure soft-reboot as the default.


A "new feature" is a "bug" if it cannot be "turned off".

Hopefully the folks at freedesktop remember that axiom in implementing this ridiculous fast-boot feature. As I sit, I have a 12 second power-on to full-desktop from cold-start. What the hell do I need a fast-boot feature for? On Arch, with kernel updates weekly, if there isn't a clear way to turn this thing off -- that will cause a problem that never existed before.


Re: something else to shout about

Reminds me of "Never trust anyone over 30..." (which sounded good until I passed that milestone in the 90's...)

Three signs that Wayland is becoming the favored way to get a GUI on Linux


No NVidia support, Supports only a few desktops, and No input config utilities.

Here we go again, same old scenario, 2nd, 3rd, 5th, 8th verse. Somebody gets a bug up their butt that their next great killer app is ready for prime-time and starts marketing chatter like the My Pillow goof claiming their new app is the best thing since sliced bread and they dupe a couple major distros into foisting the tech onto the user-base who then deals with black-screens, crashes, frozen displays, hardware incompatibilities, app incompatibilities and feature loss for the next 10 years. The backdrop in the Wayland camp is they just want to get the damn thing out the door and claim it's done and at release-quality. (just like KDE 4.0.4a was release quality in openSUSE 11.0... or Gnome 3 was release quality.... take your pick)

Now it wayland's turn to be the my pillow goof. Problem is there are very few desktops that are actually supported and there is no easy replacement of X with Wayland -- period. Wayland breaks every desktop and requires extensive mods to make work. Gnome is basically the only major desktop that fully supports Wayland -- and that isn't a good thing for Wayland either. Basically a my pillow quality Gtk GUI with libadwaita hacked on top and all XDG menu categories blown away so every other desktop is left with a royal menu-mess. Gnome's attitude -- "sucks to be you, you should run Gnome..." Wayland isn't much different, the fact it isn't even close to a 1:1 replacement for X and breaks a lot of stuff -- just means "sucks to be you devs, now just re-write your desktop for Wayland... in your spare time..."

If you run NVIdia graphics, you are out of luck. If you rely on xinput or xmodmap for configuring your input devices -- "sucks to be you", there is no similar functionality or utilities for Wayland. You just can't configure it to your liking the way you can X (starting to sound a lot like Gnome 3 on...)

Don't get me wrong, I'm not against Wayland at all. I'd love to see it mature, provide the features we have come to expect in X, support the most common high-end graphics cards and provided a much easier port from X than it currently does. But, until it can, don't blow smoke up our skirts about how ready it is for prime-time without being candid about its current short-comings and limitations.

You're too dumb to use click-to-cancel, Big Biz says with straight face


Re: How hard can it be?

Hell ... free trials nothing ... just try and find a way to cancel amazon prime... Rulemaking on this issue is desperately needed. Until then the "invisible button" scam will continue to be used to hook people into monthly charges.

After Meta hands over DMs, mom pleads guilty to giving daughter abortion pills


It's all fscking insanity - I'm embarrassed for my country

There is a reason the very first substantive right in the First Amendment is the establishment clause, "Congress shall make no law respecting an establishment of religion, ...". The best way to destroy a society is to inject religion into its policies and politics. No matter how you slice it, the entire right-to-life position is grounded in religious moral beliefs. Though it is likely having its intended effect of fracturing the electorate to make certain segments easier to control at the ballot box - knowing those led like sheep lack the intelligence to discover the ruse. Not much different than the role the church played from the Norman conquest though the dark ages...

Will Flatpak and Snap replace desktop Linux native apps?


Re: Snaps and Flatpaks are a bloated security nightmare

As one of the thinking silent majority, a tip of the hat to you sir. You have fully captured the sentiment. All you need read in the article is the passage after "The goal?" to understand why there are a few so willing to kick sand in the face of what Linux stands for to push for containers.


Are you out of your ever loving bleeping mind?

""I run my Linux desktops on modern systems with powerful processors, 16GBs of RAM, and speedy SSDs. Frankly, neither performance nor a lack of RAM has been an issue for me." -- well goodie for you (horse clap...)

What of the many that have finally got the parts for a dual-core Athlon, 2G of RAM and a 500G 5400 RPM drive -- I guess your view for a vast many "those people" is (... it sucks to be you...)

That is the point. Unless you have the latest greatest system (SSD absolutely required) because you "must load not just the application but the containerized operating system" including "all its necessary libraries and associated files" -- from the container, on top of a containerized OS on top of the OS you are already running... (real user-benefit there) Not to mention the multiple versions of "all its necessary libraries and associated files" that will be duplicated, many times over, in containers for apps built using common libraries or toolkits.

Where we are in complete agreement is "All containerized apps run slower than their native counterparts." (full-stop)

Let's just dumb-down Linux (the same way the KDE and Gnome devs have done their respective desktops) to the point it offers no real benefit over the Redmond offering. Let's admit devs and distros are just too dumb to implement FHS fully and throw the baby out with the bathwater.

What's really going on here and who are you? Some spokesperson from a fledgling containerized software consortium? Why would anyone so blatantly throw sand in the face of the Linux ethos so completely?

Ah.., the quiet part out-loud... " The goal? To build ["a vendor-neutral commercial and technical ecosystem to publish and distribute end-user applications"] for Linux PCs." (bracketing of internal quoted passage added). So somebody has finally cooked up a scheme to monetize app development where the end-user pays and you are the enthusiastic spokesman for that? Sure sounds like Redmond isn't looking on from a mountain-top, but is right there in the burrow bending the mole over...

No thank you.

Ubuntu 23.04 welcomes three more flavors, but hamburger menus leave a bad taste


Unfortunately, the inept hamburger is more a limitation of the current Gtk toolkit and poor design decisions made in the troubled "improvement" from Gtk+2 to Gtk4. The ability to actually program with toolbars, icons and menus was removed in Gtk+3 in favor of buildable xml type lists (which brought with it the icon spacing nighmare and everything taking 2X the space it did in Gtk+2).

Gtk4 has gotten worse, with much of its look and feel provided in the now coupled libadwaita which has all the visual appeal of "milk toast". The hamburger is the result of dumbing down the toolkit in a frenzied race to make it a one-size-fits-all UI that would run on a desktop, tablet or hand-held. What you see now is the result. Not all barbs are reserved for Gtk, Qt isn't free from compromise decisions and KDE auto-sizing hell is nearly as bad.

Unfortunately, what you get now is the lowest-featured, plainest looking, common-denominator of a CSS styled desktop (which comes served with a hamburger).

Open source at America's famous Los Alamos Lab: Pragmatism as its nucleus


Engineers and wonderfully practical

“Being able to burst into the cloud is wonderful, but don't neglect the core engine in your car...." Words of wisdom in today's "where's my data?" -- or -- "the cloud is down?" world.

Apple pushes first-ever 'rapid' patch – and rapidly screws up


This is the reason "you turn off this default setting..."

Automatic updates - while good in theory - are rarely as good in application. While this screw-up only resulted in a few stray internet availability error messages, there is a long history of bricked devices (personal assistants, etc..) that have resulted from this "good in theory" idea. I've always found it far better to not let anything touch my devices until I review what will take place and give it the nod.

So long as you are reasonably diligent on updates, the risk of you being exploited between the time some company issues a fix-all "automatic update" and when you normally look for updates is quite low. On the iPhone, how hard is it? There is a big red-dot that appears over the settings apps when updates need attention.

Texas mulls law forcing ISPs to block access to abortion websites


Re: Florida.... Hold my beer

"MAGA" == Morons and Gullible A-holes


Gov'nor Hot-Wheels' Hypocraucy Knows No Bounds

After living in this state for nigh on 57 years and watching administrations come and go, Governor Hot-Wheels and crew are by far the most dishonest, arrogant hypocrites to ever call Austin home. From shielding chemical plants and storage facilities that blow up neighborhoods, to rolling back decades of election rights to cure fictitious "voter fraud" (yes, there was an actual reason Texas was one of the states subject to pre-clearance under Article 5 of the voting rights act -- before the Robert's Court gutted it), to fake "crises" used to amend the state constitution to take away rights of injured patients and nursing home residents to hold providers accountable for the harm they do, to the endless social "wedge-issue" politics of license-less open-carry of handguns, abortion and illegal immigration -- these jackasses take the cake.

I mean -- where else is the state attorney general under indictment for securities fraud..... (way to go Kenny boy) This Texas is not the Texas I grew up in, or care to call home and it is a sad reflection of our collective inability to self-govern. But, inevitably, the pendulum will swing back.

Why ChatGPT should be considered a malevolent AI – and be destroyed


Bummer -- you just happened to interact with the Fox News thread in ChapGPT....

But seriously, the well written article exposes vexing questions and ramifications regarding AI, both in its design and training, and the real-world consequences of reliance on what it produces. Moreover, it's highly unlikely the geniuses at openAI can just open up a source file and "Hah!, there is the errant code -- this will be an easy fix." Why? Worse than a complicated multi-threaded program, much of what goes on in piecing together answers from mountains of trailing data involves a lot of non-deterministic code paths, meaning there is no way to simply re-run the author's question and expect to get the exact same responses back. You should, but there is no guarantee the algorithm will run the exact same as it did last time making determining why it did what it did virtually impossible to debug.

With the malevolent ChatGPT problem exposed, ensuring there are no other repeats should be a top priority, but that is on openAI. Is the present focus on the model, or on sales and monetization? On average that does not bode well for the model being fixed.

Who writes Linux and open source software?


Re: Are commit numbers really of any interest to the big wide World?

I think you have hit the nail on the head from the numbers standpoint. The whole premise of "who contributes the most" on GitHub is amorphous. Attributing the number of commits to someone and saying they win doesn't really expose any new or exiting fact about open-source.

It's just numbers, e.g. "Google is leading the way with 5,757 compared to Microsoft's 5,513 and Red Hat's 3,656...." -- well Duh... the more manhours you dedicate to code on GitHub, the more commits you are likely to have. Nothing about what projects benefit or whether the commits are serving a narrow interest of the payor, etc..

The broader message is yes, leading tech companies do contribute, heavily, to open-source projects -- good. And when then devote their efforts to bettering core libraries or toolkits used by all (e.g. openssl/openssh, etc..), all ships are raised. If the effort is devoted to making a library easier to hook for usage or personal information -- then not good.

The point the article dismisses is those talented and dedicated individuals that don't have corporate interest in their projects, or that work on educations projects that aren't monetized, deserve the same recognition for making open-source what it is today.

There's no place like... KDE: Plasma 5.27 is out and GNOME 44 hits beta


Good things come to those that wait, and wait, and wait...

"When GNOME 3 first appeared, the app formerly known as Nautilus got a serious prune and lost quite a lot of functionality. ... But now, some new features are making their way into file manager."

And poor gnome users only had to suffer 15 years with a crippled file manager. Man, that's progress.

(don't laugh, konqueror fared no better when KDE4 appeared, and it's still not up to par for single-click use Plasma)

The quest to make Linux bulletproof


Re: It's all about making it easier...

... making the root file system read-only. The only way to install software, including updates, is during a reboot, using a new command, transactional-update... WTF?? Easier, you have got to be kidding me???

I just needed the update to dos2unix -- and now I have to reboot? No thanks.

...If you have a cluster of hosts running lots of containers, this should not be too intrusive ... It's less convenient for a non-clustered machine ... (ya think?)

How many of you are reading this off a cluster? SUSE's ALP will be a cluster alright for the community of users that have supported it for the last two decades, a cluster ....

Seems distributions that once championed "User Choice" in Linux are now abandoning the community and choice in favor of the corporate customer.

Thunderbird email client is Go for new plumage in July


Re: Upgraded interface

I may as well start my "Missing/Broken Features" list to keep track of all the functionality this new group of "Kids with crayons" breaks when the new UI debuts. Imagine, calendaring forgotten, lightning just too much trouble to support. Or, we decided news groups were outside of the core mission (or one in a million pre-canned cop-outs on why a longstanding feature is missing or broken in this new "supernova"). Unfortunately seen it too many times in the past two decades. 99% of these revamped UIs go to hell in a handbasket and it takes 2+ years to get back to par with features the "old" UI had no problem providing

(It was 8 years for KDE4 and they finally threw in the towel for Plasma and FW5 -- which has now nearly been 8 years and there are still a mix of Qt4 dialogs required...)

For password protection, dump LastPass for open source Bitwarden


Re: KeePass

Specifically keepassxc the follow-on to keepassx and compatible with keepass files. The only downside to keepassxc is the damn ridiculous Qt build that takes 20 minutes compiling away on what should be a 5 second build. But you take the good with the bad. keepassxc is actively developed and imports all previous keepass and keepasx databases.

Clean user interface (though I will always prefer the original keepasx interface under KDE3 -- hard to beat). The keepassxc interface is flexible enough it can be made to look close -- putting only the details you need in summary view and a single-click to bring up the details. The only "network" involved in moving a copy of the database to the iphone via "Files" and you have your encrypted database available there to.

I've never trusted and won't trust some cloud based service with the keys-to-the-kingdom...

This is the end, Windows 7 and 8 friends: Microsoft drops support this week


With the passing of Win7, we morn the loss of the last true windows desktop. So long Aero...

There was a time when with each new windows release we looked forward to the new sleek desktop innovations and the new look and feel of the OS. When window managers and desktop UI were written solely for the PC desktop and could take full advantage of the x86 architecture. With Win8, there began the push for the OS to work not only on the desktop, but on a tablet and phone as well. Compromises were forged to be able to cannibalize as much from desktop as possible to find a least-common-denominator that could be the base of all three.

Instead of the eye-candy that admittedly does nothing but make a boring desktop a bit more exiting, Aero was gone and replaced with a nondescript titlebar painted across the top of the application window that looking vaguely similar to the plane titlebar around icon-groups in Win3.1 (remember those -- but even those had raised edges and shadow). The ability to tailor the desktop to your liking also disappeared, no more choosing the titlebar height or scrollbar width without a registry hack.

So, in my eyes, what is lost with the passing of Win7 is the last desktop UI dedicated to the PC desktop. Don't get me wrong, I'm not knocking Win10 for being Win10 or Win11 for that matter, well maintained (and freed from most of the bundled cripple-ware they ship with, and with a careful trip through every [yes every] setting), all Win releases have functioned just fine for the time-periods they involved and we have all became skilled in the game of patching security holes on the 2nd Tuesday of the month.

Windows 10 runs just fine, no complaints. However, it has the desktop appeal of roughly a '48 Studebaker compared to a what once looked closer to a sports car. Windows 11 is no different. (I skipped Win8, 8.1 entirely)

The look-and-feel and the ability to tailor the look-and-feel to my liking is what I will miss most with Win7 gone.

Welcome to the age of the drab multi-architecture base desktop UIs with all the appeal of warm-tapioca. But hey, err.., the code could have run on the Windows tablet and phone -- is we still had such things....

PyTorch dependency poisoned with malicious code


Accessed $HOME/.ssh/ -- there go your GPG private keys...

This "Research Project" excuse holds little water if, in fact, it targeted $HOME/.ssh/. That's where your GPG keys live by default (both the PRIVATE key(s) and your public key(s)). Since github, and virtually all ssh accessible hosts allow public-key/private-key authentication, with both your keys, in many instances, the "researcher" can simply add your private key to his $HOME/.ssh/ directory and turn around and ssh into your box or any system you have used public/private key authentication to access. (and just why were the .git config files targeted -- oops, yes, to identify the repositories you have access to)

Yikes! And with most of the GPG keyservers down since the 2018 debacle, retracting a key is a thing of the past. Better ssh-keygen again and then withdraw your old public key hash from all authorized_keys files on each server you access. (easier said than done since it is something akin to removing your credit-card number from each site you have purchased from). Unfortunately -- you are the card company regarding your GPG keys.

This is the "nightmare scenario" where the "researcher" basically gets all the keys to the kingdom and your kingdom's address from your .git config files. Let's hope there were no admins using the compromised python package -- or all remote customer sites are now likely wide-open to this so called "researcher".

And just what were the first 1000 files from $HOME for??? Bad juju all the way around...

By all means, we trust you when you say you have now deleted all ill gotten data. The real question is what did the "researcher" do with it before he got caught? Times like this make me really glad I hate python so much.

Vanilla OS 22.10: An Arch and Fedora-compatible Ubuntu


Containers -> Nope, Gnome bundling libadwaita..., next please....

Once you got to "containers", that was all that was needed to know it's a not-for-me distro. "Gnome" sealed the deal --> next!

Patch Tuesday update is causing some Windows 10 systems to blue screen


Typo in the worst place?

Maybe I'm just not up with the latest cannonical path names, but the destination path given for the xcopy command seems like it has one too many "\\"? The article says "C:\windows\\system32\hidparse.sys" -- was that intended?