You have written tests for your code and now feel safe because your code is tested. But test quality is really hard to measure. The idea seems to be to introduce “vulnerabilities” (whatever that means…) and see if your tests catch them. If they do that’s supposed to show that the tests are good and vice versa.

That heavily depends on where you live though. The best answer to people objecting to that kind of work is the payroll. If you can support your family with whatever you’re doing it’s none of my business.

That’s so not how onlyfans nor deciding to become a mother works, I don’t even know how to respond to this

What exactly are the consequences relating to becoming a mother?

If you consider exposing massive rule breaking of intelligence services “fucking around” instead of suffering massive consequences for the benefit of basically everyone that uses the internet… Sure he fa&fo

You don’t know that.

That’s not the tone I like to read even as an answer to a statement I don’t agree with. No need to get that personal.

I’m not saying nobody should work on this. There is obviously demand or at least big tech is assuming demand. I’m just saying it’s not surprising to me a lot of Foss developers don’t really care.

I think the biggest problem is that ai for now is not an exact tool that gets everything right. Because that’s just not what it is built to do. Which goes against much of the philosophy of most tools you’d find on your Linux PC.

Secondly: Many people who choose Linux or other foss operating system do so, at least partially, to stay in control over their system which includes knowing why stuff happens and being able to fix stuff. Again that is just not what AI can currently deliver and it’s unlikely it will ever do that.

So I see why people just choose to ignore the whole thing all together.

I guess but bios was a thing way before uefi and while it apparently also was a pain because people implemented it differently it did work.

Afaik the mein problem with arm is the discoverability of the hardware on the bus. For x86 it’s pretty dynamic but arm needs something called a device tree.

Especially with android I don’t get it. Every vendor has to maintain their own boot loader and modify the aosp code just to get it to boot on their devices. Is it just to avoid people slapping their own os on their phones?

I never understood why booting arm is such a pain. I mean I get that the current situation is that it is a pain but I don’t get why this is the situation.

I think you are missing the part where the community also gives back to the project. At some point the project isn’t really the creation of the original author anymore.

One good thing about zstd is that the main developer is full-time employed to work on it. Alas he’s employed by meta to do that… But it’s likely harder to social engineer your way into that project

Apparently it differs between distributions

No. I won’t not do that. For security reasons.

Yeah they messed up once. It’s still miles better than just not having someone looking at the included stuff

Debian actually started to collect and maintain packages of the most important rust crates. You can use that as a source for cargo

Huh thanks for the link. I knew that just dd’ing doesn’t work for windows Isos but I didn’t know that it was the Linux distros doing the weird shenanigans this time around

The original email talks about a line that is in the release tar balls but not the repository itself that actually arms the exploit. This seems like something a maintainer should be able to verify.

Not saying that they should have immediately seen that that is an exploit, the exploit is obfuscated very well. But this should be a big red flag right?