lukas

lukas, 6 months ago (edited 6 months ago)

I get the frustration here, but it’s also kind of… idk? A “No, you just don’t understand!” response. Everyone who works in a white-collar job knows what it’s like. Everyone has different theories about why that project failed, but nobody knows the objective truth. Nobody can present a “documented and verified” list of reasons for why the project failed, not even the lead designer here. They can guess, but never reach the truth. He could repeat what he always did without changing anything in the next project, and succeed due to different circumstances, plain good luck.

lukas, 6 months ago

We’re talking about Word documents, right? People hate when a line wraps in the information block, or their fold and hole marks move, each time anyone with LibreOffice touches their letters. Or their crop, bleed, registration, fold marks, color bars, and safety margins when they print anything professionally. Sorry people, but Word documents require precision sometimes. They look the same, even across several major Word versions. If LibreOffice can’t guarantee that, then you can’t use LibreOffice in an MS Office environment where precision is necessary, and this starts with letters.

lukas, 6 months ago

I see you’ve never used a Lisp REPL before.

lukas, 6 months ago

There is no anti-cheat, instead a global ban tracking system was put in place and server admins are now able to share the identities of players who have been caught cheating, banning them on every server, regardless of who is running them, by the hosts simply opting into the global ban system.

A global ban system without a more nuanced approach is a terrible idea. Operators of that global ban system will whitelist themselves, blacklist people they hate, and maybe even backdoor the mod that enables them to ban people in the first place. Server admins have no choice but to either opt into the entire system or have none at all, and both of these options suck. We’ve seen how this plays out already.

Score players by your own criteria, weight everything with different blacklists, greylists and whitelists, etc. and ban players if they exceed a threshold automatically. It won’t be perfect, but email catches most spam emails that way just fine.

lukas, 6 months ago (edited 6 months ago)

I didn’t describe what could happen, but what did happen in real life. Multiple times.

MCBans is open-source btw, yet nobody checked and changed the source code, as should be expected really. Operators whitelisted alts and friends. Blacklisted server owners who didn’t appreciate that the operators of their global ban list griefed their servers with backdoors.

Another typical example is 3rd-party Discord ban lists. They whitelist their own staff. They backdoor their bots to fuck around with servers. It’s just the reality of global ban lists.

If Erlite doesn’t abuse that trust, then someone with admin access will, or Erlite’s successor. That’s a fact, not an opinion. Email spam filters prevent single trust lists with scores, multiple lists, etc.

lukas, 6 months ago (edited 6 months ago)

I’m not sure what you mean. Artists use Photoshop for drawing, yet Adobe advertises Photoshop mostly for image editing. Even though Adobe advertises Photoshop for image editing, which should include fully editing your own photographs imo, the only proper Denoise AI is built into Lightroom lol. Photopea also supports pressure sensitivity, so it should work just fine for drawing. Tools aren’t that big of a deal. People who design beautiful presentation decks use PowerPoint after all… with the default system fonts.

lukas, 6 months ago

It’s not like we’ve got any say in this. We can’t detect LLMs. Either live with LLMs or die trying.

lukas, 6 months ago

Source: reddit.com/…/is_using_a_tool_with_an_occult_name_…

lukas, 6 months ago

I like your thinking, comrade

lukas, 6 months ago

Lists of things not to do:

• (NEW!) Go through airport security with an encrypted laptop, sensitive information and free conference stickers showing your affiliations as an activist. Let airport security confiscate your laptop. Airport security drugs and wrenches you. You give them your laptop password. The police arrests you based on suspicions of terrorism.

lukas, 6 months ago

This page no longer exists.

lukas, 6 months ago

Force people to move to Wayland. Everyone that complains about Wayland breaking their setup knows how to install Xorg anyways. But most Wayland problems are software vendors not giving a shit. Make them give a shit by breaking their shit by default on most setups. 10 years was enough time to make your software work on Wayland. If your software doesn’t work on Wayland by now, then your risk management is shit.

lukas, 6 months ago (edited 6 months ago)

If that’s the case, then stick to Xorg for now. But that doesn’t change the fact that it’s in your best interest for distros to ship with Wayland out of the box.

Do you want software you use to be compatible with Wayland now or later? If your answer is later, then you have to wait for vendors to catch up, even though Wayland got auto type (already exists) and screen magnification by then. This is why I never understood this push against Wayland. People, your only alternative to Wayland is dead and unmaintained. If you push against Wayland as the default option, you only make your transition in the future more painful than it needs to be.

Also, I think it’s still a software vendor problem. If your software can’t work with the only desktop protocol with a future, then you must contribute to the protocol to create a way to make it work. If you don’t do that, then shit happens, your software breaks, and you had 10 years to contribute to the protocol to fix it. Your risk management was once again exceptional at avoiding doing the necessary work to eliminate a long known risk.

lukas, 6 months ago

Read again

lukas, 6 months ago

Nobody’s pushing “against Wayland”. I don’t give a shit about Wayland or Xorg. What I care about is having a full-featured, easy to use desktop stack readily available.

Install Xorg yourself. Don’t make it easily accessible to new Linux users. Software vendors will take note and postpone doing any work for as long as possible.

And you obviously care a lot about Wayland and Xorg.

The “dead” Xorg works perfectly with everything. That’s the bar.

No, it doesn’t. And if it does, then it’s still insecure by design. When I hear statements like these, I get the urge to publish PoC Linux malware code on GitHub that uses X11 specific features to show just how not fine it is.

The Wayland choice of pushing complexity onto individual software projects by making them all reinvent a hundred wheels, and onto users by making them hunt down a hundred pieces of software to build a wobbly desktop stack sucks.

Substitute Wayland for X11 here. Both Wayland and X11 are protocols. X11 is such a lackluster protocol that all implementations died, except that Xorg still has users.

lukas, 6 months ago

New users will drop any distro whose default desktop doesn’t work perfectly and with all the features they want. Linux already has a high enough bar competing with Windows, creating additional artificial hurdles is dumb in the extreme.

Both Wayland and X11 are an artificial hurdle to someone, so at least pick the sane choice with a future.

Security vs convenience has always been a give and take. There’s a cutoff point that users will not cross if the software becomes too inconvenient to use, even if it means greater security. The Wayland stack is currently on the bad side of that line and needs to step over if it wants to see mass adoption.

No, Wayland is doing fine.

Nobody cares, all they see is the stack, with Wayland leading the point on the bad decisions.

Oh no, Wayland isn’t X11. It’s almost as if Wayland isn’t supposed to be 1:1 bug compatible with Xorg.

You are projecting. If this were any other piece of software, say, a text editor that works and does everything you need, and someone came and told you “you must use this new one, it’s the way forward, but oh it doesn’t have all the features you need from a text editor” you would say “thanks but I’ll wait until it’s ready”. But you see no problem in pushing Wayland on people who can’t use it?

I don’t know about what text editors you use, but my text editor doesn’t allow malware to log all keystrokes, tamper with windows of other apps, steal clipboard contents without consent, inject keystrokes into other windows, escalate privileges, and install rootkits that persist OS re-installs using the escalated privileges.

People work on Wayland. Nobody works on Xorg. Alternatives don’t exist.

Please understand that nobody will ever successfuly push through incomplete software. Not on Linux. There’s nothing you or anybody can do to convince people that incomplete software is complete and usable when it’s not.

Do you need a refresher about systemd, pulseaudio, etc.? I’m not in the systemd haters camp, but pulseaudio broke regularly for me. Yet every distro included pulseaudio.

lukas, 6 months ago (edited 6 months ago)

Oh yeah?

That must explain why Xorg always crashes and burns when I don’t use the correct combination of desktop environment, compositor and driver version.

Let’s not ignore that Xorg doesn’t and never has been working for everyone. At least default to the sane option with a future.

lukas, 6 months ago (edited 6 months ago)

If you still want to give Wayland a try, take a look at wiki.archlinux.org/title/wayland#Electron. Electron still defaults to X11, even though Electron supports Wayland. It’s a bit annoying to set the command line parameters for apps that bundle Electron, but maybe it works for you.

lukas, 6 months ago

Thank you.

I hate that most Linux brightness controls assume that humans perceive brightness linearly for some reason. I don’t want a flash bang in dark surroundings when I forget to use the slider. I don’t want to press my brightness up key a thousand times or resort to the slider in bright surroundings.

So yes, please merge this.

lukas, 6 months ago

What about git add?

lukas, 6 months ago (edited 6 months ago)

I worked on software that’s roughly as bug-free as a living bug. Intended behavior crashed the software. The master branch was broken, no way to compile the software without local changes. Devs hunted down suppressed exceptions to find out why everything crashes and burns on a daily basis. Unit tests are in the backlog, we’ll get around to it eventually.

Code reviews are ask whoever is available to approve your changes without looking at the code. Most seniors abused suppressed exceptions to use the Java Streams API, no proper technical justification. So my first official task was to unsuppress all exceptions. This caught many seniors off-guard, but made crashes infinitely easier to diagnose.

I would’ve done that even if it wasn’t my task. Shotgun debugging is hell. I don’t want to learn which component is most likely to fail silently due to retarded suppressed exceptions. Do your job properly ffs. Don’t shoot others in the foot. Don’t shoot yourself in the foot. You have absolutely no reason to shoot people’s feet. Stop it.

lukas, 7 months ago

I don’t know why this got downvoted. Google gives Mozilla a hefty paycheck to remain the default search engine on Firefox.

lukas, 7 months ago

Java Applets!

lukas, 7 months ago (edited 7 months ago)

If they don’t work, then clearly its broken.

Protocols are fine. Clients may speak one or another protocol. But protocols aren’t broken when clients designed to speak one protocol fail to speak a different protocol. It’s like saying English is broken because my friend only knows German, except English is Wayland, German is X11 and my friend is clients. Wayland is always ready to listen to clients that speak Wayland.

lukas, 7 months ago

But Wayland’s technical merits are relevant in a subtle way. Wayland is maintainable. Xorg isn’t. That’s it, the single most important technical merit. Everyone works on Wayland. Nobody works on Xorg. If people decide to use X11 today, their issues are wontfix with the solution to use Wayland instead. They can’t fix the issues themselves because X11 is an unmaintainable mess. Xorg is on life support with the only purpose to serve Xwayland.

lukas, 7 months ago (edited 7 months ago)

It feels like “English is broken because my friend only knows German.” to me. English works just fine. Teach your friend English.

English is Wayland. German is X11. Friend is software.

lukas, 7 months ago

Some people including myself call Wayland X12 because Wayland is a subset of the X12 protocol made by the X11 maintainers, and as such is as close to an X11 successor as you can get.

lukas, 7 months ago

because everything works fine in Xorg.

… for you. I got the honor to try to find the correct match of specific NVIDIA driver version, desktop environment and compositor to get anything even remotely usable back when NVIDIA only supported Xorg. I was greeted with either an entire crash, black screen, graphical glitches, and/or screen flickering if I forgot to pin package versions. Connecting displays from right to left crashed everything, so I was forced to change my display setup to left to right. Of course, waking up displays from sleep never worked either. So don’t pretend that Wayland is a broken mess while abandonware Xorg is our Lord and savior.

Stop pushing people towards Wayland, let it happen naturally when it will be ready and better, and they’ll come. Trying to force adoption will just make people resent it.

Software vendors drag their feet to adopt Wayland as nobody forces them to adopt Wayland. Again, Wayland works fine. X11 features don’t work in Wayland. But Wayland isn’t X11. Xwayland solves a lot of these problems. Software vendors back then didn’t port their Windows software to OS/2 due to OS/2’s Windows compatibility. Video game publishers today don’t port their games to Linux in part due to Steam Proton. Software vendors today don’t port their X11 software to Wayland due to Xwayland. So the ideal solution is to force a critical mass to adopt Wayland, drop Xwayland, and let software vendors suffer from the consequences of ignoring 16 years of Linux desktop protocol innovation.

lukas, 7 months ago

If people give up on maintainable solutions like Wayland, then there’s no way in hell anyone picks up Xorg ever again. My Xorg issues remain wontfix. Wayland issues are now wontfix. Nobody works on Wayland and Xorg. Linux desktop is officially dead. I either switch back to Windows or buy a MacBook. I won’t invest time into an ecosystem that’s destined to die a slow, but guaranteed death.

I’m sure a lot of people try to hold onto their beloved abandonware to keep their Linux desktop alive, but why should AMD, Intel and NVIDIA care about Linux desktop now that the Linux community doesn’t have enough fucks to give to maintain Linux desktop? May as well save driver development costs and drop Wayland and Xorg support from future graphics cards.

lukas, 7 months ago

I can already hear my business administration professor scream that everyone in the free market tries to screw each other from that statement lol. Why yes of course, money. Planned obsolescence is the only logical choice, people! I bet nobody will source old, but durable products and repair them instead, no no. That’ll never happen!

lukas, 7 months ago

“What do you mean, tEcHnIcAl DeBt, CoDe MaInTaInAbIlItY? It works just fine. Get the feature done by Friday. Perfection is the enemy of progress!”

— A manager somewhere on planet Earth

lukas, 7 months ago

Damn, if only Austria put that effort into digitization instead of domain seizures that benefit foreign publishers…

lukas, 7 months ago

I Know What You Download From A Select Few Public Trackers We Monitor

lukas, 7 months ago

What you forgot to mention is that someone bought the original piracyisacrime.com domain as printed on your DVD. They made it redirect to The IT Crowd piracy scene :d

lukas, 7 months ago

Pull people off GitHub? I get the impression from others that contributing to Mozilla projects, particularly Firefox, is a painful experience. But afaik one former Mozilla project uses GitHub for everything: Rust, the programming language.

lukas, 7 months ago

Software supply chain attacks exist, you know?

lukas, 7 months ago

Gut-driven design. People could conduct usability tests, but neither their “data-driven” management, marketing, design, nor the development department care about that since it’s only “worthless” “additional” workload. Nevermind that usability testing reveals valuable insights about the people the business is supposed to generate value for. Or that usability testing identifies flawed designs before developers write any protoype code, designers draw sketches, etc. Or that usability testing nullifies unnecessary meetings about hypothetical scenarios littered with incorrect assumptions about reality. Usability testing is undervalued.

lukas, 7 months ago (edited 7 months ago)

I feel like that anger should be directed at the people who made the software, not the people who use it.

The foolproof solution here is to… give people the option to restore what they deleted without contacting tech support. It’s obviously needed.

Nobody can expect anyone to read multiple warnings asking them if they’re really really sure whether they want to perform a reversible action they set out to do.

That’s a textbook example of a poor design that breeds more people desensitized to warnings.

lukas, 7 months ago

What if we cannot afford the space of keeping everything backed uo forever?

You enforce a reasonable data retention policy, or charge for it.

What if it has been a year? Where do we put the limits to “okay, this is stupid” and “this is perfectably reasonable”?

If you fail to recover data for everyone, then the data retention is too low. If you succeed to recover data for everyone, then the data retention is too high. Pick a data retention policy that leans towards long enough that you can recover data for most people, or charge extra for it. It’s not that complicated.

What if the action cannot be reversed,

Tech support can reverse the action in this case, so I don’t see how this is relevant.

[…], and after deletion you need to anonimyze particularly sensitive data?

Most software doesn’t process credit card transactions, so I don’t see how this is relevant. Even if they did, they probably have to keep the data around due to regulatory requirements.

I say to all that, READ THE FUCKING MANUAL. If you are not apt enough to read and research about the software, you are not apt enough to use it.

People should at least try to make usable software first, but manuals are fine.

Same with hardware. You cut your finger because you didnt follow instructions clearly laid out for you not to cut your finger when using a saw? Maybe sawing was not for you mate

Yeah, shit happens, assuming they receive proper training and the saw complies with safety standards.

lukas, 7 months ago

what

lukas, 7 months ago

I appreciate universal package formats, but I’m looking for solutions that generate native packages.

lukas, 7 months ago

I see you’ve never been on the Phoronix forum.

lukas, 7 months ago (edited 7 months ago)

I’m curious why they want this instead of mTLS certificates? This smells like secret services counseled Europe using a front company. But that wouldn’t surprise me, since similar events happened multiple times in the past.

lukas, 7 months ago (edited 7 months ago)

Why would the secret services need a front company?

Governments here must use public tenders to buy services, and they pick the offer with the lowest price. Secret services can eat operational costs to place an extraordinarily competitive bid, but governments usually have anti-spying regulations. Hence, secret services bid with front companies.

But why bid in the first place, you may ask? eGovernment services are an attractive target due to the sensitive information at stake, and the potential to influence laws related to the eGovernment services. Secret services implement eGovernment services in a way that allows them to gain intelligence.

But how can they implement services in such a way, you may ask? Ask forgiveness, not permission. Of course, bullshit justifications play an important role here. E2EE? Why do that? Do you not want to scan files that go through the system for viruses? Real justification for why De-Mail stores sensitives emails in plaintext.

Governments now have the following options:

• Discard their paid work and forget about the initiative.
• Discard their paid work and contract someone more expensive than the original bidder.
• Pass laws to allow how the insecure service operates.

Remember De-Mail? Yeah, that exists. Exceptions that allow insecure storage of sensitive emails as long as it’s De-Mail. Exceptions that allow De-Mail providers to send legally binding emails on behalf of everyone. No, I’m serious. If anybody comprises De-Mail providers, they can practically send legally binding emails on behalf of everyone, as long as they don’t leave behind any trails of course.

But sometimes, like here I suspect, secret services hit the jackpot. They’ve got such an insecure implementation that the laws required to allow the service to operate nullifies the security of a large portion of the internet. Now, if enforced, they can intercept traffic like they used to back when everyone ran on http without the s. SIGINT is dead, long live SIGINT!

lukas, 7 months ago

I doubt they care about CT checks per se, they’re just afraid that Digicert fucking up will break their critical government services.

Right… uh. Listen, my government used a local/regional CA. Do you want to know what happened? My government got the privilege to emergency re-issue all of their TLS certificates with a different CA because the local/regional CA forgot to renew its own CA certificate. Everything was down. Government websites, government services, eID SSO authentication, etc. You had one job!

lukas, 7 months ago

KDE feels like an unpolished Windows desktop to me. I find it difficult to do things the KDE way when everything feels like Windows on first glance, but doesn’t 1:1 behave like Windows. It’s a disjarring experience for me, and probably others who migrate from Windows to Linux. I also think that Gnome has better touchpad gesture support than KDE, which makes Gnome the logical choice for companies that sell Linux laptops.

lukas, 7 months ago

dxvk async ftw