The claim is that audio and video are E2EE. I’m not sure how you’re unable to disprove that using the linked code, audit report, and COTS debugging tools. Can you expand on that? I see a lot of FUD without anything more than “they’re not libre” which, again, doesn’t do a great job of selling your point.

Interesting. I was able to access the linked whitepaper and repositories without trouble and the 3rd party stuff too. Do you have local config preventing you from downloading the source code to review?

While I can respect your distaste for non-libre software, you’ll need to back up the malware claim. There are real security concerns out there in common non-libre; labeling things that are not libre as malware solely because they are not libre muddies the waters and makes your message much less palatable.

Annnnnnnnnnnnd we’re done. Good luck! I highly recommend you take some time to understand how draft can mean more in the technical space. It might help you in the future when you are discussing things like drafts, specifications, and proposals.

You said

This proposal is a new iteration of the language and standard library. It would provide safe language features for preventing such problems existing in the first place.

Either it’s a draft or it’s a new iteration of the language. Can’t be both.

Right now, we have to compile the compiler for this ourselves. Pardon my skepticism; I’m not sure this is mature enough.

Edit: I’m talking about the project not the idea. Sean Baxter has shown up everywhere for awhile talking about this. I think his idea has a ton of maturity. I don’t know that the project itself has enough maturity to mainline yet.

Where does the document number come from? I can’t find anything about the SG or linked orgs that defines a sequence.

I have heard the same rhetoric about IDEs, autocomplete (Intellisense, Jedi, etc.), DevOps, and frameworks. The kernel of truth across all of them is the separation between a dev and good dev. It is getting easier and easier to have something built for you using AI in your IDE in a framework that abstracts all the things away dumped into a prebuilt pipeline that deploys your artifacts for you. A dev can do that. A good dev understands the tools and knows when to dig into things.

I have yet to see a decrease in the number of good devs I meet even though IDEs slowly replaced text editors (and editors became strong enough to become IDEs). Frameworks have enabled more good devs to focus on business logic. DevOps provides solid guard rails for everything.

I don’t know if there’s an increase in the number of superficial devs. I haven’t interviewed junior dev candidates in awhile. I do know the market is flooded right now so I’d argue there might be other factors.

Also overall I do agree with the idea that letting copilot do everything for you means you don’t understand anything. Shit was the same way when cookbooks were common.

Here is the original fabric because that apparently doesn’t get linked in an article about solving who is on said fabric

https://imgur.com/gallery/recognize-celebrities-ao0hWN3

$2/mo is pretty close to what Reddit premium was back before they turned the Reddit silver meme into a real thing! That’s a great amount to donate. Don’t sell yourself short.

You’ve turned this into a catch 22. If there were no female characters, you could argue that’s sexist. If the idiotic boss was female, you could argue all of the dumb characters are female so that’s sexist. If Jarod were the only female, that would be sexist.

How does this sketch get rewritten in such a way that it is not casually sexist?

I do not actually understand the use case of —keep over the default —mixed, which I use regularly to restage patches or fuckups. I very frequently use —hard to test something out and blow it away without worrying about any changes. This whole conversation is fascinating because it highlights just how different everyone uses git and equally how bad sweeping generalizations like “—hard is something to avoid” are (without incredibly specific caveats).

It seems like —keep makes sense if you’re not using stash before trying to change history when you have local, uncommitted changes? That might be why it’s not clicking with me; any time I fuck with history I stash anything local I might want to keep.

A single character, per your definition, is not blatant malicious code. Stop moving the goalposts.

It’s clear you don’t understand the space and you don’t seem to have any interest in acting in good faith based on your other comments so good luck.

I mean anything is a good fit for future, science fiction AI if we imagine hard enough.

What you describe as “blatant malicious code” is probably only things like very specific C&C domains or instruction sets. We already have very efficient string matching tools for those, though, and they don’t burn power at an atrocious rate.

You’ve given us an example so PoC||GTFO. Major code AI tools like Copilot struggle to explain test files with a variety of styles, skips, and comments, so I think you have your work cut out for you.

That’s fair! I agree with that.

Neither wins here. I cannot tell you how many libraries I have had to replace because FOSS devs move on. It’s probably greater than the number of products I’ve had to abandon for lack of support but I’m not sure what that is at a percentage level. In the DevOps world everything burns constantly, paid and free.

That’s true! It also seems like you might not have experience dealing with attacks at scale? Defense in depth involves using everything. If I can reduce incoming junk traffic by 80% by masking returns, I have achieved quite a lot for very little. Don’t forget the A in the CIA triad.

There are competing interests here: normal consumers and script kiddies. If I build an API that follows good design, RFCs, pretty specs, all of that, my normal users have a very good time. Since script kiddies brute force off examples from those areas, so do they. If I return 200s for everything without a response body unless authenticated and doing something legit, I can defeat a huge majority of script kiddies (really leaving denial of service). When I worked in video games and healthcare, this was a very good idea to do because an educated API consumer and a sufficiently advanced attacker both have no trouble while the very small amount of gate keeping locks out a ton of annoying traffic. Outside of these high traffic domains, normal design is usually fine unless you catch someone’s attention.

It’s very misleading to say “paying for software is stupid” and not consider the total cost of ownership. TCO includes things like infrastructure and maintenance. As an exec, I am constantly faced with two choices: free software that might do what I want or paid software that sort of does what I want. At face value, you would immediately tell me to get the free stuff. That’s where you miss TCO.

(Read the last paragraph if you think the business lens is bullshit)

Every FOSS solution I run requires me to deploy and maintain it. I only have so many hours in the day so at some threshold I have to hire more and more people to deploy and maintain. Integrating? That’s on me too because I’m using free software so now I need a resource to glue things together. My “free” option actually costs a portion of my engineering resources. I’m also on the hook for failures. Running my own ERP? I need to have support staff on-call to handle outages.

Every paid solution I run costs can require some of those things. Let’s ignore paid licenses and just focus on things I can completely outsource. This means I’m no longer on the hook for deployment and maintenance, so if I can show the cost of the paid software is less than my TCO, it’s a better deal. If I have a good relationship with the vendor, I might be able to delegate my integration needs to their product pipeline. I might be able to purchase a support contract that’s cheaper than running my own.

At some point every company will outgrow certain software. It’s a constant reevaluation of the costs of paid vs TCO of free and when I need to spend resources making it do something it doesn’t. A managed telemetry stack like Sumo or New Relic allows me to scale quickly but cheaply until I have the revenue to build an in-house team to instrument fucking everything.

The exact same logic applies to my time. I could run free everything. That comes with a higher TCO (usually). I say this as someone who has rebuilt dot files repos on the dot every three years and been running Linux since you could get it in a book at B Dalton at the indoor shopping mall so my tolerance for personal TCO is very high. However, I don’t change my own oil. It’s free! I could do it myself! I don’t want to. I buy certain things, like software, in my personal life because the TCO of FOSS is higher than I want to pay. I have outgrown Windows and Mac so I have some level required cost in Linux. I pay for some things like storage and routing solutions even though I could build and deploy and maintain all of that myself. Sometimes I just want my shit to work and not have to do it myself.

The reason to use mono over dotnet is political. This is stirring up some really old shit; I expect a continuation of that shit now. Mono is currently MIT as is dotnet core. Who knows what direction each project will go now? MS has a history of fucking with licenses and Wine uses copyleft setups.

Microsoft has had dotnet-core for awhile. If you are running production dotnet loads (eg a C# app), you’ve probably been using those Linux containers for awhile. This doesn’t surprise me; they usually aren’t interested in maintaining an open version of software they have more restrictive licenses for. Enterprises will continue to use dotnet-core and Microsoft will probably do something to shoot mono in the foot in a few years.