deleted by creator

Neither because they probably aren’t stupid:

<PackageReference Include="Duende.IdentityModel.OidcClient" Version="6.0.1" />

Because it wasn’t obvious to me from the article, and I was trying to figure out whose sovereign tech fund it is:

The Sovereign Tech Agency is financed by the German Federal Ministry for Digital Transformation and Government Modernisation and is a subsidiary of SPRIND, the Federal Agency for Disruptive Innovation.

It should be possible to use a distributed web of trust for this.

https://en.wikipedia.org/wiki/Web_of_trust

For me the scariest thing someone could do on my pc is exfiltrate all the data from my home directory which is readable by my user account.

Maybe I’m misunderstanding you, but that’s harm to me without root access.

Well that was fucking dark. Good read though

Still team Emacs. We’re a team because we use elisp, not because of something trivial like how our text editors work.

This is a good article because it immediately made me feel stupid for not knowing about O_PATH.

I really need to figure out a better sandboxing method for shells. It’s crazy to be things where my keys, browser data, shell history are all accessible.

I do try to use firejail where possible, but it’s quite cumbersome. Every so often I look for tools to help with this, but everything is oriented around making a specific program (e.g. Firefox, steam) work.

Yeah, I’d say for information, certainly, but there are other ways you could be valuable. A dev on a popular open source project might be very valuable for executing supply chain attacks.

First of all, fuck them.

Secondly, thank you for working on this app. I know Roku is a bit of a liability, and I’ll eventually have to move to something open source, but it’s been my main media player for a couple of years and I’ve been very happy with it. o7

You can audit the code but something like:

The rate of commits and new features seems rather high for a single person working by themselves

Is a huge problem in itself IMO. It implies there’s no real human oversight of the project.

That’s the scary thing. It can easily create more code than it can understand, and do it faster than human understanding can keep up with.

Yes, and you can do the same thing to your child’s non-root account. The point of the California law is to allow admins (parents) to do that.

Furthermore, a peer review process is planned, through which the consortium members will mutually check and certify their operating systems and smartphone or tablet models. “This is intended to create transparency and replace trust with traceability.”

Still doesn’t sound very open.

I should be able to tell my bank to only trust devices running an OS signed by the grapheneos key, and more importantly I should be able to tell them to trust an OS signed by my key.

Edit: I don’t mean to shit on this too hard. It might be the best next step.

That’s true, but as a maintainer you could encourage those helpful maintainers to triage issues from regular users.

I think the real benefit would come from taking a user’s reputation into account across projects.

At the end of the day you can’t have low effort pull requests, and expect maintainers to look at everything. It’s the same spam problem as in any other domain.

Surely we can come up with networks of trust for this sort of thing, so that you don’t have to deal with PRs from people with no references.

Every app does not need to check your birth date. An app will be able to query if the user is within one of a few broad ranges of age (e.g. under 18), but an app only has to do that if it needs to comply with some other legislation.

The California law essentially allows a parent to create a child account on a device and gives a way for apps to query it.

I’m not sure what PH is asking for, but it doesn’t sound like the same thing.

Why is everyone okay with boilerplate? Did we forget what programming languages are supposed to do?

You still have to maintain that code.