The biggest issue I see is that most of the tech is someone’s IP. If it’s not patented, it’s copyrighted or trademarked. Otherwise, it should be a doable PoC with old parts and a barebones firmware. I don’t need my FOSS printer to contend with Xerox, I just need it to poop out a page when I hit print.

I’d also love to see a FOSS page description language that could dethrone Adobe’s PostScript and HP’s PCL as the standards.

On the Caveat Emptor (“Let the buyer beware”) side of things, I look at other metrics well before I rely on stars.

How many contributors does it have? How many active forks? How many pull requests? How many issues are open and how many get solved and how often and how lively are the discussions? When was the last merge? How active is the maintainer?

Stars might as well be facebook likes imo: when used as intended, they didn’t say much more than “this is what the majority of people like” (surprise, I’m on lemmy bc I have other priorities than what’s popular), now they mean nothing at all.

OP, what’s your address? I have a “present” for you

here’s the Programmer Readable version of that wall of text: https://github.com/EnterpriseQualityCoding/FizzBuzzEnterpriseEdition

Implementing Equality in Haskell:

    deriving (Eq, Ord)

After learning how easy it was to implement functional programming in Rust (it’s almost like the language requires it sometimes), I decided to go back and learn the one I had heard about the most.

It opened my mind. Rust takes so many cues from Haskell, I don’t even know where to begin. Strong typing, immutable primitives, derived types, Sum types. Iterating and iterables, closures, and pattern matching are big in Haskell.

I’m not saying Rust uses these because Graydon Hoare wanted a more C-like Haskell, but it is clear it took a lot of elements from the functional paradigm, and the implementations the designers were familiar with had descended through Haskell at some point.

Also, deriving is not the same as implementing. One is letting the compiler make an educated guess about what you want to compare, the other is telling it specifically what you want to compare. You’re making, coincidentally, a bad comparison.

ey b0ss

I live in a constant state of fear and misery

Do ya miss me anymore?

One last joke played on the colonizers invading them

Look closer at the beauty mark, I flipped the emoji

"☹️".reverse() == "☹️"

Take the passive-aggressive nerd approach:

1. Start a niche online movement that only cares about one aspect of computing and convinces people all their problems are caused by your pet peeve

2. let the company dig its grave

3. create a FOSS alternative

4. sell a premium version for businesses (it includes phone support and management-friendly marketing matetials)

5. congrats, you are now the de facto standard software in your field

Not to mention that self-hosting/federation comes with a million small headaches.

If the devs are paid, do you want to pay them to work on the project or work on maintaining a contact infrastructure?

If they aren’t paid, do you want them using what little free time they have working on the app or working on maintaining a communications network?

If it’s someone else’s forum/matrix/chat server, are you okay with 1. a third party having access to your communications and 2. being able to force a comms blackout for any reason whatsoever?

Or would you rather they use their time and money focusing on finding a provider who meets every need of the project AND every user?

I think it’s just the utopia image with colors inverted, which is a visual gag that I’m loving

1. If it’s distributed through github, and there’s no push to move elsewhere by users and contributors, then it’s effectively hosted on/through github
2. The analogy breaks down for collaborative projects, which is where the issues with github arise
3. If their problem is with the project’s distribution method, presumably the answer is yes

shit stash

“Simple” is misleading, as that’s also the branding of a suite of mobile apps (that were bought out and turned into data-harvesting/advertising tools).

Also this isn’t a file manager, it’s a password manager. Although the same dev also makes a file manager.

“Gluten Free Vegans” at that. OP doesn’t dislike animal rights, they just specifically dislike people with a potentially life-threatening allergy standing up for animal rights.

Let’s be honest though, they’ve just written both off as “overly restrictive fad diets followed by people who annoy me by talking about their lifestyles”

OP is the human embodiment of a conservative stand-up comedian, or as Tim Heidecker put it

I honestly don’t get the parallel here… They both annoy you when they talk about their respective “thing”?

You clearly used one of those adapters for a regular toilet. If you do it right, and get the new plumbing installed and an actual bidet, you can have confortable temperature water spraying on your dirty rosebud.

Also no, I don’t own one… yet. I’ve just looked into it.

For the record I agree with @fernandofig@reddthat.com, but I also want to add that a DoS is not necessarily a security risk. If it can be leveraged to expose sensitive information, then yes, that’s a vulnerability; this isn’t that.

Digging into the CVEs:

CVE-2024-24989:

#Security Advisory Description

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. (CVE-2024-24989)

Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3.

#Impact

Traffic is disrupted while the NGINX process restarts. This vulnerability allows a remote unauthenticated attacker to cause a denial-of-service (DoS) on the NGINX system. There is no control plane exposure; this is a data plane issue only.

CVE-2024-24990 basically says the same.

Some choice clauses:

undisclosed requests can cause NGINX worker processes to terminate

Traffic is disrupted while the NGINX process restarts.

So it doesn’t take down the server nor the parent process, it kills some threads which then… restart.

Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental

I was able to find that the affected versions:

NGINX Plus R30 P2 and R31 P1
Open source subscription R5 P2 and R6 P1 Open source mainline version 1.25.4

but most importantly:

The latest NGINX Open source stable version 1.24.0 is not affected.

And saving me the hassle of linking and quoting all 5 of the version history pages for the affected products, the uniting factor is: they’re all based on Open Source versions 1.25.*

None of them are using the latest stable version.

It’s not even going to affect most sites, and definitely not ones for whom downtime is a major issue: they would not be using the non-stable version, much less enabling experimental features in a non-stable version.

But the part that irks me the most is the dillution of what a CVE is. Back in the day, it meant “something that can lead to security breaches,” now it just seems to mean “hey guys, I found a bug.” And that’s bad because now you have one of two outcomes: 1. unnecessarily panicking users by leading them to believe their software is a security risk when it isn’t, or 2. compromising the integrity and usability of CVE reports by drowing the important ones in waves of “look guys, the program crashes when I can leverage root privileges to send it SIGKILL!”

If this was just a bug hunter trying to get paid, that’s one thing, but these were internally assigned and disclosed. This was an inside job. And they either ignored or never consulted the actual experts, the ones they have within their own staff: the devs.

Why? To what end? Did they feel left out, what with not having any CVEs since 2022? Does this play some internal political struggle chess move? Do they just hate the idea of clear and unambiguous communication of major security holes to the general public? Are they trying to disrupt their own users’ faith in their paid products? Does someone actually think a DoS is the worst thing that can happen? Is there an upper level manager running their own 1.25 instance that needs this fixed out-of-band?

It’s just all so asinine.