Isn’t Ubuntu Pro basically just an extended support for a set of universe packages for their LTS versions and free for private use?

How is making enterprises pay for extended LTS because of corporate no-update-just-insert-coin mentalities even remotely close to ransomware?

Like I get everyone who doesn’t like Ubuntu for various reasons, but this sounds completely dumb to me.

NPM allows for code to be executed while you install the package which is different from maven or nuget and allows for easy exploitation paths

This is the winner. Combine that with a vastly bigger group of inexperienced developers (and I’m willing to die on that hill), and you have a lot of people running node / npm as an admin / root user, who have close to zero idea what they are doing, hitting their project with third party dependencies left and right for no particular reason (left-pad, is-number, ansi console and similar useless crap), and then your dependency management allows for code execution. Also, from my personal feeling, it seems that npm simply cannot properly audit the packages due to the sheer mass. From a technical standpoint it’s close to trivial to put your malware onto npm, and then you just need to get someone to install your package, which is way simpler than in other package managers

The smallest footprint for an actual scripting probably will be posix sh - since you already have it ready.

A slightly bigger footprint would be Python or Lua.

If you can drop your requirement for actual scripting and are willing to add a compile step, Go and it’s ecosystem is pretty dang powerful and it’s really easy to learn for small automation tasks.

Personally, with the requirement of not adding too much space for runtimes, I’d write it in go. You don’t need a runtime, you can compile it to a really small zero dependency lib and you have clean and readable code that you can extend, test and maintain easily.

I’m very interested to hear what went wrong.

We’ll probably never know. Given the impact of this fuck up, the most that crowdstrike will probably publish is a lawyer-corpo-talk how they did an oopsie doopsie, how complicated, unforseen, and absolutely unavoidable this issue has been, and how they are absolutely not responsible for it, but because they are such a great company and such good guys, they will implement measures that this absolutely, never ever again will happen.

If they admit any smallest wrongdoing whatsoever they will be piledrived by more lawyers than even they’d be able to handle. That’s a lot of CEO yachts in compensations if they will be held responsible.

Right, completely forgot that locking exists in SVN, and I guess it definitely makes sense if you’re collaboratively editing unmergeable files.

Thanks!

Serious question, why do they use SVN, as in what does SVN better than Git for the department using it?

It’s not surprising per se, but it’s something that people should be more aware of. And a lot of this consumption is not providing global services (like the Google search or workspace suite) but the whole AI hype.

I didn’t find numbers for Google or Microsoft specifically, but training ChatGPT 4 consumed 50 GWh on its own. The daily estimates for queries are estimated between 1-5 GWh.

Given that the extrapolation is an overestimate and calculating the actual consumption is pretty much impossible, it’s still probably a lot of energy wasted for a product that people do not want (e.g. Google AI “search”, Bing and Copilot being stuffed into everything).

Please don’t take personal offense, but you have merely a project scaffold with an unrealistic goal that will be blocked and C&D’d into the ground, without any other projects created.

It doesn’t matter how hard you’re working on your anonymity, this project will be ripped apart by a horde of lawyers in seconds. You’re not only doing something questionable or against ToS, you’re directly attacking and sabotaging their monetization. This will not be taken lightly by the legal team of reddit.

You want to provide a better, cooler, more robust and other random buzzwords API than the own of reddit. So, you alone, want to provide a better API than the whole team of reddit does for their absolute core product, all by scraping. This is simply not realistic.

While we’re at the topic of monetization, scraping, ETL into your own model and providing the API - for the amount of content that reddit has (quantity, not quality) this will be a highly resource intensive task. How do you plan to fund that, since your API will be better than the official one, I can expect at least the same performance as well, right?

And also, most importantly, even if you magically achieve working around all that and get that working - why? Who is your expected user group? Pretty much every software using reddit moved away from reddit or simply has died. AI gen content is rampant, and most discussions seem like bots talking to bots. There is literally nothing to gain from an API to reddit - so why would anyone bother using it?

So, the “license to kill” is fine, as long it’s non US citizens?

Your definition of democracy and basic human rights is fucking unhinged.

It might be, but to be fair, that’s what the glorified autocompletion is actually good for, if it’s actually used a supporting tool, and not to pump out quantity over quality.

Man, the disclaimer at the bottom that Business Insider is partnered with OpenAI to allow them to train on their articles is really the cherry on top.

I get that online services cost a shitton amount of money to operate, but the sheer level of degrading quality is not OK. This is just one example of how services are completely barreling towards the shitter at 100+ MPH with no brakes or airbags. I feel some guilt for using content blockers, but that guilt is being wittled away every single day because of websites like this.

That’s only partially true. “Simple” pages like a wiki are stupidly cheap in comparison of operational costs. This is not some online image editor, some huge social media outlet or whatever. From a content perspective, the traffic to be served is an absolute joke.

What drives costs for operations up is stupid design decisions (e.g. Cora) and bloating your own page using several ad providers, trackers and a metric fuck ton of additional services like disqus and whatever all of this idiotic shit is called.

And what drives “cost of operations” up the most is pure greed, because for most parts there is no longer an internet community, where someone wants to contribute something cool. Maybe that’s where they started, but seeing their page hits climb obviously makes them think about monetizing them. Just add some non intrusive ads, page views still climb, and you see the money coming in - in the case of Fandom with mostly zero effort, since the content is brought by the editors, who even also generate ad views, while generating content. Add one more ad, income doubled. Add a potentially more intrusive ad bringing more money per view - maybe your income triples. It’s all just a pump and dump until it becomes the ad-riddled trash, but you don’t really need to care, since it’s still high ranking in Google results and still brings in visitors.

Obviously this does not apply to all, but to a fucking lot if not most pages, and it’s getting even worse with gen-AI content and “features”.

Or you can just use vscodium.

If you use a dockerized environment, that will only work better on Linux. .NET8 is AFAIK natively supported on Linux, so there shouldn’t be too much of an issue apart from the usual clunkyness. Visual Studio will probably be more of a problem. The “easiest” way would probably be to switch to jet brains or vscode. If you are hardstuck on VS for whatever reasons, you probably should be able to do some voodoo with running it in docker and using the container as a remote desktop, but this will be PITA to setup and maintain.

The color scheme and the bug keycap have been the single reason to buy it, ngl

Yeah, Gateron Silent Reds are basically “off brand” Cherry MX reds, with same specs. I’ve read that they are supposed to be a bit smoother, and definitely can confirm that, they definitely feel very smooth without any additional lubing

Before you talked about the Fediverse as a whole, now from a single user perspective.

IMO it affects the Fediverse as a whole by abusing it. The whole idea is an open network, where instances can federate with each other to bilaterally share information and create a seemingly single platform. This is not the case with the planned Threads integration, because they explicitly plan to feed on the content, but hiding sharing their own content behind an (for most of their userbase) obscure opt-in.

From a single user perspective it doesn’t affect you directly. But it affects the platform you are part of with malicious intent.

I am not against Threads joining the Fediverse, and I do actually think it would be great for the growth of the Fediverse if actual big players join, and if it brings content that I personally do not like to see, I can use the tools available (e.g. blocking user/communities/instances) to hide it. But only if they plan on joining as a “regular instance” like any other - but Meta does not intent doing so, since they have chosen the opt-in with obvious intent of simply gaining additional content on their walled platform for their own gain.

The problem is not them reading data, but that Threads will take Fediverse content, and display it on Threads. In the opposite direction, Fediverse will only see the select few user content that do actually opt-in, and let’s be honest here, most users won’t know what the Fediverse is, except for again the few people that are on both platforms. This is absolutely not “playing nice” as you’ve put it before, and purely parasitic and, again, purely a greed decision by Meta. I don’t really know why you are shilling so hard trying to excuse absolutely unexcusable behavior.

https://www.threads.net/@mosseri/post/C051TLnud8U

There’s your playing nice. They want to feed on ActivityPub data, while only contributing in a per-user opt-in selection. It’s a joke, and both their motivation and what they are doing is absolutely fucked. It’s another cog in their data ingestion machine that they can keep fucking around with, again.

I really can not comprehend why anyone would give this advance of trust to Meta, when all signs are showing you to bail.

Meta has React, RocksDB and pytorch, and a few other “niche” frameworks and tools. “Half of the internet […] run[ning] on open source code and infrastructure that Meta built and maintains” is a big, big exaggeration. Also maintainance is done by the OSS community for big parts, and I’m really curious what open source infrastructure Meta is running.

I’m not saying Meta has no relevance in OSS, but I can hardly think of an open source org that does open source purely for its own benefit. React helps them shape the web in the way Meta wants it, their ML stuff is important for their own internal needs (ads, BI, and the whole social networking, etc.), their AR/VR/XR contributions are for the Quest, and KI/LLM since they need it themselves instead of relying/partnering with OpenAI. Meta (the company) absolutely does not stand by the principles of open source, no matter how much you want to sugarcoat it.