If only you could use ChatGPT during an interview the same way as when you’re employed. Then everyone would finally recognize how outstanding you are

I believe writing the pure kernel is doable in time, but Linux has a ton of drivers, also implemented in C. I also believe it’s not unreasonable to assume that those are the source of most of the issues that Rust would solve. I’m nowhere close to actual kernel development myself though either.

Migrating such a huge, complex code base over however as much time to a different language seems completely unrealistic to me though. What you’re saying is right. It makes more sense to keep a pure C Linux kernel and work on a replacement in parallel. No matter how great a new language is, you can’t expect an entire community of seasoned contributors to adopt it. It’s unreasonable

I’ve been maintaining multiple release channels for most of my projects. I always have a nightly build and a dev build that I run manually or on every push. Actually versioned releases either happen directly after completing a milestone or when the release schedule calls for it.

Operator overloading allows you to redefine what each operator does. It’s essential to achieve a truly fucked up code base

Best to sit your hands if you have greasy palms

Reddit is free. Other people paying for your free service is a very weak argument to bring up. If Lemmy dies today, nobody but hobbyists and amateurs will care. Just like with LE.

I’ve been there. Not every CA is equal. Those kind of CAs were shit. LE is convenient. There are more options though.

I actually agree. For the majority of sites and/or use cases, it probably is sufficient.

Explaining properly why LE is generally problematic, takes considerable depth of information, that I’m just not able to relay easily right now. But consider this:

LE is mostly a convenience. They save an operator $1 per month per certificate. For everyone with hosting costs beyond $1000, this is laughable savings. People who take TLS seriously often have more demands than “padlock in the browser UI”. If a free service decides they no longer want to use OCSP, that’s an annoying disruption that was entirely not worth the $1 https://www.abetterinternet.org/post/replacing-ocsp-with-crls/

LE has no SLA. You have no guarantee to be able to ever renew your certificate again. A risk not anyone should take.

Who is paying for LE? If you’re not paying, how can you rely on the service to exist tomorrow?

It’s not too long ago that people said “only some sites need HTTPS, HTTP is fine for most”. It never was, and people should not build anything relevant on “free” security today either.

People who have actually relevant use cases with the need for a reliable partner would never use LE. It’s a gimmick for hobbyists and people who suck at their job.

If you have never revoked a certificate, you don’t really know what you’re doing. If you have never run into rate-limiting issues with LE that block a rollout, you don’t know what you’re doing.

LE works until it doesn’t, and then it’s like every other free service on the internet: no guarantees If your setup relies on the goodwill of a single entity handing out shit for free, it’s not a robust setup. If you rely on that entity to keep an OCSP responder alive for free so all your consumers can verify the validity of your certificate, that’s not great. And people do this to save their company $1 a month for the real thing? Even running the shitty certbot in compute has a larger cost. People are so blindly in love with this “free” garbage. The fanboys will never die off

I wasn’t actively aware of this for most of my life until I recently visited a clients office. Buying someone a cup of coffee is an entire thing. There’s no free coffee. You have to purchase every single cup. And you first have to walk several minutes to the place where they sell the coffee. It blew my mind. I’m used to drinking one cup after the other without even giving it any thought. Coffee machine right next to me or around the corner. There, coffee incurs friction and cost.

So when you invite someone for a cup of free coffee, this can open doors for you. I’m not kidding. People get all excited when you offer them a coffee break on your dime. And there’s levels to it too. There’s the regular coffee, and there’s the premium one. For the premium you have to walk longer and wait in line until the barista serves you.

It’s a key component in office politics when coffee access is regulated.

Why anyone would restrict access to legal stimulants in the office is unclear to me though. Put espresso machines on every desk!

The only time I came across this subject was when there were malicious commits in a code base. When else would this matter? The commit contains your name and email address. Who cares about time zone? Just as anything in a commit, these metadata can be freely manipulated and serve purely as information for other developers. Who are you scared of seeing your time zone in a commit on a seemingly public code repository? This is such a pointless non-discovery

So you fucked everyone because of a beef you had with AWS. Go fuck yourselves. Moving people off Elastic products is the right move either way. Don’t look back.

So a documented core aspect of the tool is a leak. Impressive research

To add to that for clarity: With the original Mono, you could run a regular Windows .net application on non-Windows without any additional work (with limitations, as native Windows API calls were unsupported). With the modern dotnet, you can compile new applications from source that will run anywhere

Messing with the computer is pretty important though

I totally agree with you on the phishing aspect. Good thinking.

I would prefer it if people already knew the domain from prior association. I still download desktop software regularly on the developer website, even though I am also aware that this is not without safety concerns. I know this is an unrealistic expectation at this point, but I dislike that the Google/Apple Stores have more trust, even though they regularly publish fake apps or apps with security/privacy issues.

Ultimately, publish on multiple channels regularly and let your users be aware of alternatives. Then they are enabled to switch when they need to, and it might also be easier for new users to recognize which release channels are official

Valid. I never had anyone do my assignments for free and in few minute though. It seems unreasonable to assume that this has no multiplying effect. After all, I have no hard numbers either

It’s good to have established release channels that don’t rely on third parties in the first place. Everything beyond that is for convenience and strictly optional.

What exactly was the tool we cheated with in the past that was equivalent to LLMs? What is your certainty based on?

That makes sense, but my understanding is, what Google considers Family content is not an add-on to regular content. Your content is not also for children, it is catered towards them. This implies using dedicated Google functionality, special SDKs, and so on, to comply with law. So your product needs to be designed in a very specific way to be eligible. I’m not aware of how Google Play restricts children from installing certain apps, but you can always install an app through a parental supervisor account.

To me, this story seems like a lot of crying over a situation that is not fully explained.