Slashdot Mirror

I've bookmarked GhostText as a potential replacement for It's All Text, though I'm still holding onto FF56 for NoScript, the Debian testing package (it landed in unstable just today), and a few security fixes (like this DOMParser cookie bug). It actually looks better in some regards. Learn more on its GitHub page.

If only some on had thought about this: https://wiki.debian.org/Reprod... , yes it's not 100% there yet but it's closing.

This is what I find.

http://benchmarksgame.alioth.d...

last I checked [slashdot.org], your application wasn't free software either for fear of malicious forks.

My software is 100% free no cost

Your application is available without charge; I'm not disputing this. I'm disputing that it's "free" in one sense commonly used on Slashdot over the past 20 years. As you wrote in #55453837:

NO FORKS OF MY APP DONE BY OTHERS AS MALICIOUS DOPPLEGANGERS EXIST!

This attitude toward forks contradicts how the GNU project and the Debian project define "free software". See "What is free software?" and "Debian Free Software Guidelines".

RaspberryPI's & Linux boxes COST MONEY

So does a Windows license for running your application. Or do you consider Wine a fully supported platform?

Oh sweet Summer Child. You actually believe Open Source is immune to politics and is a perfectly level playing field. How endearingly naive.

Well, the field obviously isn't level. Outreachy, Debconf travel funds, etc -- people indeed do get discriminated against based on their gender.

Female contributors just aren't there. I for one do quite a bit of mentoring -- out of 137 packages, there's just one upload by a woman. It was a fine upload, perfect on the first try while most people need multiple attempts. But it's the only one.

I try hard to not discriminate or even say things in a condescending tone, and I got the impression I'm doing ok -- as once the chaff is filtered out (I don't even see those who don't try to submit a package), there's no gender difference. In this case, on above corpus, women package quality is even drastically higher, but with just a single data point, this is not statistically significant.

Thus, women who do submit kernel patches or Debian packages are no worse, at all, from their male peers. The problem is, they make such a tiny portion of the submitters.

Things change once they get paid for coming. I don't believe skills of paid employees are drastically different from unpaid volunteers, thus the skew is obvious.

This is nothing new. This has been very doable for a long time. I love how they pitch it... they are going to let it. This is just them trying to remove the incentive for rooting the devices. Appeal to the nerds who won't take no for an answer by tossing them enough of what they want to de-incentivize them. Samsung used to be the champion for letting you unlock and root your own device. Sad.

remove MS_Windows & install Debian GNU/Linux https://www.debian.org/

Maybe after months of trying to create exactly reproducible builds (hint: it took Debian three frickin years), fighting with the fact that compilers randomize their optimizations (for good and unrelated reasons) and all that noise. That's what's required to get the same version of gcc to produce identical binaries of your regular compiler.

Then you'll figure out that you didn't really appreciate the full scope of the problem because the compiler is just one small place in the system. In fact, the original ACM paper points out that it demonstrates the concept with respect to a C compiler but the same exactly problem resides in the loader and in the microcode of the CPU itself. Each step into the depths reveals a new place where your program is just data* swimming by some other program that can patch it along the way.

* In fact, that's what the entire edifice of computing is built on -- that what is code on one layer of the system is actually just input or output to another. It's so familiar we don't even realize it. When we type 'apt-get whatever' or "execv" or "dlopen" our program is just another blob that someone else's program chews through.

If it has GNOME on it, no thanks. I have yet to see any sane person to voluntarily choose GNOME for anything; this includes distributions.

For the latter, you have Ubuntu. Most others merely used sort-of usable Gnome 2 then had it mutate into a monstrosity into then.

In Debian, Joey Hess switched us to XFCE but then got overruled by a "rational choice" with a score sheet which looks just like a case of government procurement: requirements tailored towards a specific choice with scoring that's in some cases reversed compared to what anyone without an agenda would pick: for example, "systemd integration" gives +1 -- ie, a desktop environment that is universal and works with any init gets negative score while something systemd-only gets +1 just for that. No score for "media size" despite the promoted answer being massively bloated. A whole -1 for "tasksel quality" which anyone who has seen that DE can make perfect within minutes. And the biggest gem? As of Jessie, GNOME worked on only two architectures (amd64 and i386) at all -- out of 11 primary 12 secondary archs. Even on x86, it suffers from dog-slow software emulation if you try to run it in a VM or anything that has one of supported GPUs. So did GNOME get a RC bug that keeps it from Jessie at all? Meh...

And this doesn't even mention the oh so insignificant question about basic usability and ergonomy. GNOME beats even Win8.0-era Metro in obstructing simplest tasks.

Until two or three versions from now, when [the "Enable DRM" checkbox] is removed from Preferences and can only be toggled via about:config, or five or six versions of Firefox later when even that is removed...

At that point, Firefox users can switch to a fork that omits support for proprietary CDMs, such as Waterfox. If Mozilla makes support for proprietary CDMs mandatory, I'd bet money Debian will either revive the Iceweasel brand or package IceCat.

Then explain why DEB, RPM, Maven, CPAN, etc infrastructures work just fine?

I honestly don't know how those work fine. How did the first Debian Maintainer on each continent travel to get his key signed by a Debian Developer, as the process requires?

Then explain why DEB, RPM, Maven, CPAN, etc infrastructures work just fine?

I honestly don't know how those work fine. How did the first Debian Maintainer on each continent travel to get his key signed by a Debian Developer, as the process requires?

PyPi isn't the official repository of the Python project, is a useful adjunct site. It does hold lots of packages that aren't in the official repository. But it's no more the official Python repository then http://ftp.us.debian.org/debia... which also holds a lot of Python packages that are easy to install (on a Debian system).

Disable javascript except for sites you really, really, really, trust

What should the developer of a web application do to earn prospective users' trust? Or should the developers of a web application give up, develop a native app for each of six operating systems, and guide visitors to the developer's website to said native apps?

There are Linux InstallFests [whose participants] will spend a month of Sundays helping you install it yourself for $0.

I don't see that working so well on a laptop whose backlight brightness, suspend, audio, and WLAN are broken in some way in Linux (source). What should the owner of such a laptop do?

The "unstated" goal is to make MS-Office a hassle to use, so people will just use libreoffice instead.

I don't see how that's practical in the industry that my day job is in. Both Amazon and Walmart provide Excel spreadsheets with macros to help a seller pre-validate a product definition before uploading it to the store's API endpoint for authoritative validation. The stores really want sellers to run the macros, as they count the feeds that a seller uploads against a quota whether or not they pass authoritative validation, but feeds that fail pre-validation in Excel don't count against the seller's quota because they don't get uploaded in the first place. Or has LibreOffice Calc gained reliable compatibility with Excel macros recently?

https://www.debian.org/releases/

has a good list of versions and opaque names. For many years though, this page didn't have that list. I was very frustrated for years trying to figure-out which "cute" name corresponded to which version.

You can see which codenames are stable, testing or unstable. The third paragraph starts "The current "stable" distribution of Debian is version 9, codenamed stretch", and you can scroll down further for the index of releases. So now you know the number too, but most Debian users will say they run "stable" or which release they are on if they are not stable (like jessie or stretch).

Is your complaint that most of the Debian community use codenames instead of numbers? Or that it is too hard to find the information that I have linked you. The secret is very few people care about anything except tracking stable and unstable.

Ubuntu's numbering scheme is nice because the version number is also the year and month. But you have to be a disciplined team to have your release date baked into every part of your distro well in advanced.

Recompiling snaps everytime an update comes out just to change the CA bundle, renders snaps utterly pointless. I may as well just run a bunch of VMs

If you have determined that snaps fail Debian's desert island test by making internal deployment of private applications unnecessarily difficult, then use --dangerous, or don't use snaps in your organization and write a blog post about why you chose to use something other than snaps in your organization.

Because we all want to whitelist a search engine in a setting where content filtering is federally mandated, and any "objectionable" content is our liability.

If you have determined that your country's laws prohibit use of a Chromebook, have you opened a support case with each Chromebook manufacturer to make them aware of this prohibition? If so, what was their reply?

They could just as easily save money by removing the keyboard, touchscreen, and mouse, and doing everything themselves to ensure no-one will mess up.

I can tell this is hyperbole because a product with no functionality will produce zero revenue. Let me rephrase: Taking away the user's ability to do dangerous things without explicitly acknowledging that they are dangerous strikes what a company has determined to be the appropriate balance among functionality, security, and support costs.

Hell, employers could just as easily save money by hiring someone who is competent enough to follow directions.

Good luck finding such an employee locally.

Hell, the previous owner should wipe it to protect themselves and their personal information before selling it

You sure love a certain town in Michigan, don't you?

Anyway, the design protects the buyer who buys a used device from a seller who has wiped it to protect himself and then installed dubious software onto the freshly wiped device to spy on the buyer who is using a device that appears to have still been freshly wiped.

A failure that should be addressed directly through education

Who foots the bill for said "education"?

and legal liability (if needed), not indirectly by removing chances for screw up.

And who foots the bill for monopoly or oligopoly rents once "legal liability (if needed)" causes the market to contract as businesses go out of business on grounds that the cost of doing business has become prohibitive?

https://www.debian.org/distrib...

/usr/bin/python is not going to ever point to python3 in Debian, at least according to the maintainer. Unfortunately, there are distros which have done this step.

Python 2 and Python 3 are similar but different languages, akin to Perl 5 and Perl 6. As they're not supposed to be compatible, changing the meaning of the hashbang is a recipe for disaster.

I'll be damned. Is it commented out by default?

It looks like NAME_REGEX is an optional check and commented out by default on my 16.04 install. CentOS doesn't even have one installed.

I pulled it's from the source: https://alioth.debian.org/anon... and it's commented out.

cb2d8d3 (Jörg Hoh 2007-06-27 21:12:38 +0000 84) # check user and group names also against this regular expression.
b2b6460e (Jörg Hoh 2009-09-07 21:20:22 +0000 85) #NAME_REGEX="^[a-z][-a-z0-9_]*\$"

And appears to have been added as a thing of convenience, not a hard rule:

commit b2b6460eab2b2bc514ffe45f5b8abca32b47fafc
Author: Jörg Hoh

        fix 520586: allow underscores again in usernames

diff --git a/adduser.conf b/adduser.conf
--- a/adduser.conf
+++ b/adduser.conf
@@ -84,2 +84,2 @@
  # check user and group names also against this regular expression.
-#NAME_REGEX="^[a-z][-a-z0-9]*\$"
+#NAME_REGEX="^[a-z][-a-z0-9_]*\$"

commit ccb2d8d37f6a09e0958a0e8b5bc8bc36372078a4
Author: Jörg Hoh

        Adjusted documentation to NAME_REGEX
          * added default value to /etc/adduser.conf
          * NAME_REGEX also applies to group names

diff --git a/adduser.conf b/adduser.conf
--- a/adduser.conf
+++ b/adduser.conf
@@ -82,0 +84,2 @@
+# check user and group names also against this regular expression.
+#NAME_REGEX="^[a-z][-a-z0-9]*\$"

Rating: pants on fire.

https://omnia.turris.cz/

Specs: 1.6 GHz dual-core ARM, 2 GB DDR3, 8 GB flash, 5 Gbit LAN, 1 Gbit WAN, 2 USB 3.0, 2 Mini PCI Express, 1 mSATA / mini PCI Express, 3x3 MIMO 802.11ac, 2x2 MIMO 802.11b/g/n

I use it together with two hard drives attached via SATA.

It ships with a custom version of OpenWRT but you can also install other stuff on it like Debian:

https://wiki.debian.org/Instal...

Or openSUSE:

https://en.opensuse.org/HCL:Tu...

You could just do a quick install of Debian 9 onto a USB drive plugged into your laptop to see if most of your outstanding issues have already been resolved upstream. Who knows...you might even find that Debian serves your needs just fine "as is." Failing that, you might try increasing your CUPS log level to verbose or debug, if you haven't done so already. Should you find anything of interest, detailed bug reports sent to upstream package maintainers are always appreciated. -PCP

Captcha: profound

Wow! A whole 2,403 bugs! If only they were as rock solid as Debian, with it's 80,000+ bugs.... Oh wait...

You could have prevented this.

https://debian.org/

Umm.. Fuck Debian, and its sucking Poetterings dick wrt systemd..

https://devuan.org/ .... Debian WITHOUT Poetterings shitbaby....

I'm not sure exactly to what "tools for debugging" you refer. But your operating system ought to be able to give read-only access to the log files to a particular ordinary user account. In GNU/Linux distributions based on Debian, users in the group adm have read privileges throughout /var/log but little else. Think of it as standing for "ADministrative Monitoring".

According to https://www.raptorcs.com/TALOS... Raptor Engineering is working on Talos II. They claim it "Libre-friendly, powerful, and competitively priced the new, POWER9-based Talos II takes flight in early August 2017!" so not long to wait before we can evaluate the specs and price. Debian GNU/Linux has a POWER9 port which I'd expect would run on such hardware.

It's just not as pleasant as you might like

You say:

Indeed; its author [...] later congratulated trolls who pushed it on debian-devel [2]

And give the link:

[2]: https://lists.debian.org/debian-devel/2012/11/msg00350.html

But that link is not to a message from Lennart Poettering, it's a message from John Paul Adrian Glaubitz.

Why did you make this false claim?

Please produce real numbers for real programs demonstrating a significant cost from bounds-checking.

http://benchmarksgame.alioth.d...

Debian put together a discussion document when they were deciding on what init system to default to. It may answer some of your queries.

  https://wiki.debian.org/Debate...

  Myself, I don't mind systemd, though I'd also be fine running sysvinit. I run a few dozen Debian systems for work, and honestly, systemd does the job I need it to do. One feature I really like is that it will log all service boot messages. Sysvinit, being what it is, boot messages scroll out of the console screen buffer, and they're lost for good. I don't want to have to reboot a system just to capture an error message by selectively pausing the bootup sequence.

GPLv2 sec. 4 states:

4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

That section says that the customer has a licence for that copy of the Linux kernel, not any other. Section 4 does not apply only to users who received copies from distributors who were completely in compliance with the GPL, because sec. 6 would make the emphasized language entirely superfluous under that interpretation:

That would seem to imply that a patch can be considered not to be derivative work. Is it so?

Some versions of the Grsecurity article seem to imply that Bruce is the only one who argues that's a violation. IANAL, and I think if that's not a violation then the GPL is badly written (perhaps thet's why there is v3.) RMS's statement is unusually laconic.

Let's say they release some source code. Who could prove that the executable that customers use, was compiled from that source code, without modification?

Reproducible builds is a pretty big thing for open source too, for example Debian. As long as you have information about the build environment (compiler name and version, build flags, source path), the vast majority of packages will now give the exact same binary. If not there are typically small differences due to various system parameters that can be diff'ed and deciphered. How easy it would be for Kaspersky's code only they know, but with the US government's resources it should be no problem to verify the result.

The problem is that it does this by default, without even asking for permission.

If people want to voluntarily participate in a cpu/kernel/uptime survey, that's great.

Forcing them to unless they happen to be aware of it and have the time to find out how to disable it is not great. it is the exact opposite of great. it is evil shit.

This is why, for example, popcon (the package "popularity contest", http://popcon.debian.org/) is an optional package in Debian, not even installed unless you deliberately choose to install it. Debian realises that their desire to have this data is far less important than the user's right to choose for themselves whether they participate.

Give it a rest...

You 100% can.

No, you can't:

Skylake:

1. If your processor model (listed in /proc/cpuinfo) is 78 or 94, and the stepping is 3, install the non-free "intel-microcode" package ...

2. For other processor models, disable hyper-threading in BIOS/UEFI configuration.

https://lists.debian.org/debia...

So the issue is not fixable in certain CPUs without disabling HT.

So you acknowledge that this is fixed, that anyone can apply the fix, but your only complaint is that the update isn't 'free as in liberty'?

You won't be happy until they open source the CPU??

Notice how Ubuntu, Microsoft, Apple, etc have taken the update?

Jesus fucking Christ. What has happened to Slashdot?

Give it a rest...

You 100% can.

No, you can't:

Skylake:

1. If your processor model (listed in /proc/cpuinfo) is 78 or 94, and the stepping is 3, install the non-free "intel-microcode" package ...

2. For other processor models, disable hyper-threading in BIOS/UEFI configuration.

https://lists.debian.org/debia...

So the issue is not fixable in certain CPUs without disabling HT.

How To Burn Blu-ray discs in Linux

= Source: https://lists.debian.org/debia...
= Re: Bluray Debian ISOs: Which app(s) burns bluray images?
= Thomas Schmitt, Author - June 18, 2017

"Hi,

Anonymous wrote:
> I need to use a burning application in Linux which supports blank
> Bluray medium.

As GUI you may use xfburn. Version 0.5.2 and later has Blu-ray support.
Use the "Burn Image" feature, not the "New Data Composition" feature
which would pack up the image inside an ISO 9660 filesystem.

Brasero and K3B can do Blu-ray, too. But i don't know the oldest suitable
version numbers or whether those are already in Debian 8.

On the command line there is growisofs, which is somewhat orphaned,
and cdrskin and xorriso, where i am the developer.

    growisofs -dvd-compat -Z /dev/sr0=image.iso

    cdrskin -v dev=/dev/sr0 fs=64m -eject image.iso

    xorriso -as cdrecord -v dev=/dev/sr0 fs=64m -eject image.iso

All three can do this since nearly 10 years.

If you are unsure whether /dev/sr0 is the right address of your burner,
do as superuser

    xorriso -devices

to see a list of all idle CD-capable devices and their /dev/srX addresses.
E.g.
    0 -dev '/dev/sr0' rwrw-- : 'HL-DT-ST' 'DVDRAM GH24NSC0'
    1 -dev '/dev/sr1' rwrw-- : 'ASUS ' 'BW-16D1HT'
The first is an LG DVD burner, the second an ASUS Blu-ray burner.

You need rw-permission to the /dev/srX file in order to burn.
On Debian 8 there should be ACL which grant rw to the desktop user.
    getfacl /dev/sr0
on my system says among other lines
    user:thomas:rw-
If not, then i advise to let the superuser grant rw-rights to a less
powerful user who then shall do the burn run.

One may add options in order to avoid the slow and error prone checkreading
while writing (aka Defect Management). growisofs inavoidably applies Defect
Management if the medium is formatted. BD-R can be used unformatted, BD-RE
cannot.
To avoid automatic formatting of BD-R media:

    growisofs -use-the-force-luke=spare=none -dvd-compat -Z /dev/sr0=image.iso

cdrskin and xorriso do not format BD-R automatically. With BD-RE it is
possible to disable Defect Management although they must format them
before first use:

    cdrskin -v stream_recording=on dev=/dev/sr0 fs=64m -eject image.iso

    xorriso -as cdrecord -v stream_recording=on dev=/dev/sr0 fs=64m -eject image.iso

If you want cdrskin or xorriso to use Defect Management on BD-R, do with
the BD-R medium before the burn run:

    cdrskin -v dev=/dev/sr0 blank=format_defectmgt

    xorriso -outdev /dev/sr0 -format as_needed

Have a nice day :)

Thomas"

Announcement: https://lists.debian.org/debia...

Yeah! https://bits.debian.org/2017/0...

Follow the progress @ Debian micronews: https://micronews.debian.org/

Twitter: https://twitter.com/debian
Reddit: https://www.reddit.com/r/debia...

Announcement: https://lists.debian.org/debia...

Yeah! https://bits.debian.org/2017/0...

Follow the progress @ Debian micronews: https://micronews.debian.org/

Twitter: https://twitter.com/debian
Reddit: https://www.reddit.com/r/debia...

Announcement: https://lists.debian.org/debia...

Yeah! https://bits.debian.org/2017/0...

Follow the progress @ Debian micronews: https://micronews.debian.org/

Twitter: https://twitter.com/debian
Reddit: https://www.reddit.com/r/debia...

Announcement: https://lists.debian.org/debia...

Yeah! https://bits.debian.org/2017/0...

Follow the progress @ Debian micronews: https://micronews.debian.org/

Twitter: https://twitter.com/debian [twitter.com]
Reddit: https://www.reddit.com/r/debia...

Announcement: https://lists.debian.org/debia...

Yeah! https://bits.debian.org/2017/0...

Follow the progress @ Debian micronews: https://micronews.debian.org/

Twitter: https://twitter.com/debian [twitter.com]
Reddit: https://www.reddit.com/r/debia...

Announcement: https://lists.debian.org/debia...

Yeah! https://bits.debian.org/2017/0...

Follow the progress @ Debian micronews: https://micronews.debian.org/

Twitter: https://twitter.com/debian [twitter.com]
Reddit: https://www.reddit.com/r/debia...

Sigh. Make me work for a living.

It's always best to do one's own research, as it helps to avoid being fed cherry-picked reality. But, if you insist, here's some stuff I cherry-picked from Google.

The first one is very interesting because it dates all the way back to 1998, when JIT Java was fairly new, but the relative timings are quite comparable, given similar constraints:

http://www.javaworld.com/artic...

Much more recently:

https://benchmarksgame.alioth....

Your Mileage can Definitely Vary, however. I found benchmarks indicating that the "Java" (Don't call it Java or Oracle's lawyers will swarm you - it's Dalvik) on Android is significantly slower.

Some of my own impressions of relative performance are dated, I think. The Gnu compilers have added some very aggressive optimizations in recent years.

The Debian benchmark seems to indicate that raw C (gcc) is on average about twice as fast as either Java or C++. My suspicion is that a lot of modern C++ coding is not only using virtual methods, but taking advantage of string and dynamic memory managers that were not part of the original C++. There is a cost for using pre-packaged solutions, but in an era where machine time is cheap but programmers still cost $10K a year even in India, shops generally favor "Git 'R Dun" over hyper-optimal performance.

I've always been partial to the definition (I think by Alan Kay) that Java is "C++ without the mace and knives". I find Java to be less stressful because I don't obsess about what raw machine code will be produced, and the rigorous compile-time checking means that I can devote more time to worrying about the high-level design. However, a JVM is a greedy thing, so there are still times when I prefer C or C++. Then again, there are times when I prefer Python, Perl, or PHP.

In the end, it's less about language and more about intelligent design. I once encounted a perfectly horrible C++ program that used a very sparse array with a widely-distributed working set. Virtually every computation triggered a page fault; I've seen cases where "efficient" sorts and searches were totally unsuitable because the data was in worst-case form. For performance, the choice of language is less important than how it's used. And above all, measure instead of simply "knowing".

The reason why I take such umbrage against the "common knowledge" that Java is slow is because that knowledge is largely based on old-time interpreter implementations, where on average, an interpreted instruction would take about 10 times longer than its native-code equivalent because a lot of the code being executed wasn't the app, it was the interpreter. JIT-compiled code has no interpreter overhead, so it's primarily limited by the optimization capabilities of the JIT compiler and the tuning settings (small code, slow code vs. fat code, fast code, for example). For lightweight apps, the overhead of launching a JVM, to say nothing of the overhead of doing the JIT compiling is obviously not worth it. For something that launches, runs 24x7 and doesn't restart for weeks at a time, those considerations are fairly trivial - assuming there's enough RAM. If you have dynamic load-balanced re-compiling, then the overall performance is likely to be better than for a static-compiled app.

But juggling instructions tends to only give you about an extra 10% boost, and on the whole, I prefer enough headroom for that not to matter. What makes or breaks most systems is the app itself. I knew of one where a single switch setting could single-handedly bring an IBM mainframe to its knees if set improperly. No compiler in the world could have helped that.

I don't think many of the people complaining about systemd are "crusty old sys admins", I think we're talking about mostly hobbyists who don't like change. SysV init has never been considered a thing of beauty by those who have to maintain GNU/Linux (or any *ix) systems. That's why systemd is the latest in a long line of replacements, from Apple's LaunchD (also about to be used in FreeBSD) to Ubuntu's Upstart.

Strongly disagree here, at least from RedHat land. SysV-style init scripts have been a solved problem for quite a while. If there are problems, they're usually a result of the daemon/app itself having problems that workarounds are needed for -- workarounds that usually end up in the systemd.service files as well unless upstream finally did something about the underlying issues.

Seriously, when I need to create an init script for something in EL6, just cut and paste https://fedoraproject.org/wiki/EPEL:SysVInitScripts?rd=Packaging:SysVInitScript#Initscript_template, change a few variables and/or add customization needed, and you're done. It's not rocket science and worked perfectly adequately. BSD folks complained about using chkconfig to manage your rcX.d/ structure (compared to rc.conf), but that wasn't that hard to figure out.

Debian (and Ubuntu) init scripts, on the other hand, seem to more or less be an unmitigated dumpster fire of strange techniques and non-standardization. But I've been a RH guy for forever. If systemd had come out of Debian-world, I'd totally understand its genesis and probably sympathize more. That it came out of Fedora/RH strikes me as quite bizarre. The only thing systemd could use to really justify itself with at F14/F15 time was boot speed, something which Debian had seen good improvements at by swapping https://wiki.debian.org/DashAsBinSh. Had Fedora/RH adopted that, we might not have seen systemd exalted to the degree it was.

good libraries for reading and writing XML

Let's take a look at the most used one, and see how many pages of serious security vulnerabilities it has. Many of them allow arbitrary code execution...

There is no reason to have malformed XML in 2017.

FTFY: There is no reason to have XML in 2017.

I can't help you with your buyer's remorse.

inside GNU/Linux

Here you go, my son. Pick one and buy it.

Doing so might result in the same sort of buyer's remorse mentioned earlier because the list you cited includes the ASUS T100TA and X205TA, which scored poorly in DebianOn. Sound, suspend, and Bluetooth fail on both the T100TA and X205TA. How would I go about narrowing the list you cited to only those products that work well with GNU/Linux?

I can't help you with your buyer's remorse.

inside GNU/Linux

Here you go, my son. Pick one and buy it.

Doing so might result in the same sort of buyer's remorse mentioned earlier because the list you cited includes the ASUS T100TA and X205TA, which scored poorly in DebianOn. Sound, suspend, and Bluetooth fail on both the T100TA and X205TA. How would I go about narrowing the list you cited to only those products that work well with GNU/Linux?

Remember the xscreensaver debacle?

How many real Linux developers are on Windows and have trouble with running a VM, or a separate box?

"Separate box" is not practical on a laptop, and last I checked, subnotebooks maxed out at a paltry 4 GB of RAM.

Wouldn't someone developing for Linux want the real Linux kernel?

Not for someone who targets GNU in general, caring little whether it's GNU/Linux, GNU/Windows, or GNU/kFreeBSD for that matter. A developer might work with three environments: a production server, a desktop PC at the office configured to resemble production as closely as possible, and a laptop on which to work on a reasonably close replica while riding the bus or train to and from the office.

Surely Microsoft would introduce some "extra" features that are addictively sweet into it's Linux ABI.

Would it release source code for said features, or at least enough of the spec to allow independent reimplementation within Linux proper? If not, I'd need to see examples of such "extra" features to see exactly how they could be kept proprietary.