Dran

Just because you can’t use it doesn’t mean a hacker can’t. If someone discovered a vulnerability in the 3g handshake or encryption protocol, it could be an avenue for an RCE.

I run ubuntu’s server base headless install with a self-curated minimal set of gui packages on top of that (X11, awesome, pulse, thunar) but there’s no reason you couldn’t install kde with wayland. Building the system yourself gets you really far in the anti-bloatware dept, and the breadth of wiki/google/gpt based around Debian/Ubuntu means you can figure just about any issues out. I do this on a ~$200 eBay random old Dell + a 3050 6gb (slot power only).

For lighter gaming I’ll use the Ubuntu PC directly, but for anything heavier I have a win11 PC in the basement that has no other task than to pipe steam over sunshine/moonlight

It is the best of both worlds.

Devil’s Advocate:

How do we know that our brains don’t work the same way?

Why would it matter that we learn differently than a program learns?

Suppose someone has a photographic memory, should it be illegal for them to consume copyrighted works?

It’s fuckin’ art though

Oracle, SAP, Redhat, all of their customer portals require it for SSO. I’m not saying it should be that way, but it is.

In a world of good-faith, rational actors, it is reasonable to consult experts in the industry you’re about to regulate. In theory, a good-faith adversarial discussion will root out inconsistencies and logical fallacies within the regulation.

Obviously that’s usually not the case in modern politics, but I think the system was designed when it was thought that the average person would be operating in good faith, and in that context it makes sense.

I think you go about it the other way: break data analytics and advertising off from everything else. If every unit has to be self-sufficient without reliance on data collection and first-party advertising I think you fix most of the major issues.

I’m actually working on a vector DB RAG system for my own documentation. Even in its rudimentary stages, it’s been very helpful for finding functions in my own code that I don’t remember exactly what project I implemented it in, but have a vague idea what it did.

E.g

Have I ever written a bash function that orders non-symver GitHub branches?

Yes! In your ‘webwork automation’ project, starting on line 234, you wrote a function that sorts Git branches based on WebWork’s versioning conventions.

The color of ones skin does not preclude someone from being bigoted or hateful. It just determines which news network picks up the story.

Overall, we rate LGBTQ Nation Left Biased based on story selection and wording that almost always favors the left. We also rate them Mostly Factual in reporting, rather than High, due to not labeling opinion pieces, which may mislead the reader.

I was with you until I clicked the link but that doesn’t seem like an entirely unreasonable take. One can be both “on the right side of history” and “intentionally or incompetently misleading”.

yes, the incompetence was a management decision to allow an external vendor to bypass internal canary deployment processes.

Competent IT staffing includes IT management

To be clear, an operating system in an enterprise environment should have mechanisms to access and modify core system functions. Guard-railing anything that could cause an outage like this would make Microsoft a monopoly provider in any service category that requires this kind of access to work (antivirus, auditing, etc). That is arguably worse than incompetent IT departments hiring incompetent vendors to install malware across their fleets resulting in mass-downtime.

The key takeaway here isn’t that Microsoft should change windows to prevent this, it’s that Delta could have spent any number smaller than $500,000,000 on competent IT staffing and prevented this at a lower cost than letting it happen.

If there are any water pipes through the second half of the house you cannot let those exterior walls reach freezing temperatures. Whatever solution you go with needs to account for the entire space in some capacity.

Are you maybe thinking of https://distr1.org/ made by the i3 guy?

That’s… not remotely true? Linux can absolutely install kernel drivers. If you mean running windows games under wine then sure, but then we’re no longer talking apples:apples. You could do the same thing on windows by running a game in a VM.

This is correct, as in windows a driver is the most straightforward method to runlevel0 access. It absolutely could at any time do exactly what crowdstrike did. But also so could Nvidia/amd with GPU drivers, your motherboard manufacturer with chipset and RGB drivers, etc. it’s not quite the smoking gun people make it out to be, as there are a lot of legitimate reasons to have this kind of system access.

The egregious part was that crowdstrike users agreed to allow a vendor to bypass canary channels and deploy straight to their endpoints.

Yes and no. In the best case, endpoints have enough cached data to get us through that process. In the worst case, that’s still a considerably smaller footprint to fix by hand before the rest of the infrastructure can fix itself.

With enough _autism in your overlay configs, sure, but in my environment tat leakage is still encrypted. It’s far simpler to just accept leakage and encrypt the OS partition with a key that’s never stored anywhere. If it gets lost, you rebuild the system from pxe. (Which is fine, because it only takes about 20 minutes and no data we care about exists there) If it’s working correctly, the OS partition is still encrypted and protects any inadvertent data leakage from offline attacks.

We do this in a lot of areas with fslogix where there is heavy persistent data, it just never felt necessary to do that for endpoints where the persistent data partition is not much more than user settings and caches of convenience. Anything that is important is never stored solely on the endpoints, but it is nice to be able to reboot those servers without affecting downstream endpoints. If we had everything locally dependant on fslogix, I’d have to schedule building-wide outages for patching.