Slashdot Mirror

Lots, of course. A few examples:
Microsoft: https://github.com/Azure/ioted...
Baidu: https://github.com/baidu/rust-...
Google: https://github.com/google/xi-e...

This is one try at comparing many languages at different benchmarks. Crystal is still in development, but it's based on the LLVM compiler, which of course also compiles C. I think they're still going for functionality, rather than optimization.

All the main distros use it because it is good, a huge improvement.

If it is causing you problems, my advice is to look for some kind of "linux for dummies" type of book. Or better, stop pretending you're a sysadmin and breaking your web terminal; try sticking to the stuff in the GUI menu.

you are kidding right?
systemd is bringing MS and Apple grade development to Linux.

do you remember this https://github.com/systemd/sys... ?
this one https://github.com/systemd/sys... ?
and there's another ridiculous one with the usernames allowed or forbidden by logind.

The problem with systemd is not systemd, but its dev team.
The worst part of pettering's(I know he hates it when his name is mi-spelled) development is the fact that he chooses sometimes to have systemd taking decisions because systemd take into consideration that targets users but other times systemd doesn't have to take decisions because systemd is supposed to be configured by maintainers and not by users.

I know that some other smaller init might not have the sources or the influence and funding that systemd has by redhat, but when you complain to those devs that their s/w is causing rm to brick motherboards, they prevent it and they add to their documentation that if you want to write to some special block that affects your motherboard's firmware, you should, as a dev, remount it with w+. Peotterring otoh, says that's not a bug and you shouldn't rm -rf / .
A guy walk into a doctors office.
-Doctor, when I do this my arm hurts.
-Then don't do it. [not a bug][closed]

Nobody wakes up one day and decides to shit on peotterring via github tickets. The guy is just a code monkey, yeah those exist in C dev too, and is unable to steer or manage projects.

I'd suggest you read a "logic for dummies" type of book.

All the main distros use it because it is good, a huge improvement.

If it is causing you problems, my advice is to look for some kind of "linux for dummies" type of book. Or better, stop pretending you're a sysadmin and breaking your web terminal; try sticking to the stuff in the GUI menu.

you are kidding right?
systemd is bringing MS and Apple grade development to Linux.

do you remember this https://github.com/systemd/sys... ?
this one https://github.com/systemd/sys... ?
and there's another ridiculous one with the usernames allowed or forbidden by logind.

The problem with systemd is not systemd, but its dev team.
The worst part of pettering's(I know he hates it when his name is mi-spelled) development is the fact that he chooses sometimes to have systemd taking decisions because systemd take into consideration that targets users but other times systemd doesn't have to take decisions because systemd is supposed to be configured by maintainers and not by users.

I know that some other smaller init might not have the sources or the influence and funding that systemd has by redhat, but when you complain to those devs that their s/w is causing rm to brick motherboards, they prevent it and they add to their documentation that if you want to write to some special block that affects your motherboard's firmware, you should, as a dev, remount it with w+. Peotterring otoh, says that's not a bug and you shouldn't rm -rf / .
A guy walk into a doctors office.
-Doctor, when I do this my arm hurts.
-Then don't do it. [not a bug][closed]

Nobody wakes up one day and decides to shit on peotterring via github tickets. The guy is just a code monkey, yeah those exist in C dev too, and is unable to steer or manage projects.

I'd suggest you read a "logic for dummies" type of book.

" DEDA is a new tool for Linux that researchers have created to read and decode the forensic information, and to anonymize information to protect against tracking.

The Electronic Frontier Foundation discovered in 2008 that nearly all major color laser printer manufacturers added tracking dots to any printed document. The yellow tracking dots were invisible to the eye and apparently added to printouts on request of the U.S. government."

Earlier discussion of this and more sophisticated printer tracking codes [src]

Here is my bit of wisdom. Get everything running locally in a cloud container framework like Heroku or whichever on you prefer. When and if you get to the point where you need disaster recovery or more scalability you can shift everything to the cloud until you recovery or at peak periods load balance to the cloud.

The cloud is not magic. It just means that other systems administrators are running your servers and they do screw up quite often.

If you are really serious about running in the cloud and having high reliability, let me introduce chaos monkey
https://github.com/Netflix/cha...

This is what Netflix uses to make sure that they can keep running with Amazon availability zones, instances, or whatever they call them disappear. I believe that the day that Amazon accidentally took all of it's storage offline and killed half their cloud, that Netflix survived as was able to keep going.

Read this for amusement: https://aws.amazon.com/message...

Ooops, we deleted AWS....

> Ransomware typically wipes any network drives using the SMB protocol, as Samba does, if the infected machine has access to the share :nods:
--Yep, but once you A) isolate the infected machines and B) ssh into the server and do a ZFS rollback (to a pre-infection snapshot time) on the ZFS-backed Samba dataset, all is back to normal again :D Rollback even "deletes" the infected files for you. ZFS snapshots are immutable unless you have basically root on the server.

https://forums.freebsd.org/thr...

https://github.com/zfsonlinux/...

https://github.com/simu/passwo...

store a key, memorize a password and that is mostly it, a different password for all sites that you don't even need to store

1. WebAssembly is a compressed and simplified version of JavaScript. Anything you can do in WebAssembly, you can do in JavaScript. Seeing as Meltdown / Spectre take a lot of effort to exploit, if this attack is being deployed against you, it's reasonable to assume the attacker is perfectly willing to translate their code into JavaScript, which is already supported in your browser.
2. The devs are well aware of the issue and have said they're not going to reenable the feature that makes them vulnerable to timing attacks without making sure that the mitigations to Spectre / Meltdown are not going to be nullified by WebAssembly.

The WebAssembly guys are aware of this issue
https://github.com/WebAssembly...
and dont plan to actually support the new features until they have a solution.

They've been working hard to make the new, more secure and (importantly) concurrent system up to scratch.

Let me know when this hard work results in enough functionality in the system to allow a WebExtension counterpart to the defunct Keybinder extension, even if only for disabling accidental presses Ctrl+Q or Ctrl+Shift+Q for quit when I was aiming for Ctrl+Tab or Ctrl+Shift+Tab. (No, Restore Previous Session didn't restore text entered into a Slashdot comment composition form last I checked.) That's reportedly waiting on a fix for long-standing bug 1325692.

why don't they simply write their own apps?

Isn't part of the point of FOSS and open platforms that we can do precisely that without having to reinvent the wheel from scratch?

Besides, I'm theoretically adroit enough to know that checking a solution is probably in a lower complexity class than crafting a solution.

Oh, so you think there isn't an F/OSS Community for iOS?

https://github.com/dkhamsing/o...

That's but one repository. Google "iOS open source" and prepare to be surprised.

And before you whine that "oh, so I have to buy a Mac just to Develop for iOS? That's hardly 'Open'!!!" I say, "Many, many Development toolchains and platforms have hosting hardware requirements." This is even more prevalent when targeting an Embedded platform (like iOS), where Dev. Toolchains are OFTEN only offered for one host platform.

Ask any embedded Developer, like me, who happens to prefer their Development Toolchain to execute on their non-Windows platform of choice, be it macOS or Linux, just how frustrating it is to attempt to find ANY IDE tools that will support [x] device. Suffice it to say, I really wouldn't have ANY Windows experience if I hadn't had to run whatever Toolchain that was only available for Windows, just to develop software for whatever particular microcontroller I was targeting.

Oh, and that limitation still largely exists. Fact of life. Sorry.

So, the fact that you have to have a Mac to Develop Open (or Closed) Source software for iOS makes Apple no worse than probably 75% of embedded device OEMs.

But, to un-digress, I hope you will agree at the very least that iOS != Closed Source.

How can I tell if the bug that was crashing Ryzen processors at idle has been fixed?

In 4,15, Ryzen users had to put in a boot option

"rcu_nocbs=0-15

(this case for 8 cores =0-11 for a six core...)

I had this problem too and the rcu_nocbs=0-15 didn't fix entirely the problem. You need zenstates to turn off the C6 power saving state.
Here's the systemd unit file:

[Unit]
Description=Turn off power saving C6 state

[Service]
Type=oneshot
StandardOutput=syslog
ExecStart=/usr/bin/python /usr/local/src/ZenStates-Linux-master/zenstates.py --c6-disable

[Install]
WantedBy=basic.target

Just like every homeowner is expected to buy connectivity and addressing from their isp?

And when smartphones were new, a lot of people were reluctant to buy a cellular data plan because they were already buying connectivity from their home ISP. Some householders just don't want yet another perpetual utility bill, which means yet another company dipping into the family's checking account and potentially exposing said account to accidental or fraudulent withdrawals that cause overdrafts.

if you're content to use the same domain as thousands of others then there are many free options

You mean free dynamic DNS? One drawback of this has been that Let's Encrypt issues only 20 certificates per registrable domain per week. The dynamic DNS provider has to apply to Mozilla for inclusion on the Public Suffix List, which is administered on a Microsoft-run website. Some are unwilling, and last I checked, others' applications were in a months-long backlog.

and nothing to stop the isp from allocating a subdomain to their customers.

Of course there is: The major last mile ISPs have a business policy not to let home users run servers in the first place. I concede that ISPs have power to amend this policy, but you'd have to show ISPs a good case for amending this policy, as upgrades to more expensive business-class service make them money.

Plus there is always .local and llmnr/mdns if you don't need global reachability of your hostnames.

Neither Let's Encrypt nor any other trusted-by-default HTTPS certificate authority does .local. It violates the CAB Forum's Baseline Requirements.

At some point, you have to start asking why you need certain quality of experience in limited environments, and what infrastructure it takes to get there.

The biggest ongoing cost for streaming movies today is CDN storage, in the sense of having enough bitrates and resolutions to be able to accommodate all target devices and connection speeds. As much as people would like to deliver an HD picture to a remote village in the Philippines over a mobile connection on a feature phone, it isn't feasible at the moment for two reasons: they don't need or care about that level of experience, and it isn't technically feasible. The goal of CDN storage is to ensure the edge delivers the content, and the industry has toyed with real-time edge transcoding/transrating to address some of these issues, but fundamentally we are dropping asymptotically to a point on visual quality for a given bitrate and amount of computing power that a codec can deliver at the playback device.

In that sense, I'm shocked that Anne's post didn't mention Netflix's own VMAF, which is a composite measure of different flavors of PSNR, SSIM and some deep learning. But even here, the fundamental is that we are still using block-based codecs for operations simply because of the fundamental nature of most video, i.e. objects moving around on a background. I'm also shocked that Anne didn't discuss alternative coding methods like wavelet-based (e.g. JPEG 2000), but - again - these approaches have their own limitations and don't address interframe encoding in the same way that a block-based codec can. If there was a novel approach to coding psychovisually-equivalent video that would address computing power, bitrate and quality reasonably, I believe it would have been brought forward already.

I think 5G deserves a big mention here that was lacking in Anne's post, because faster connections may solve many of the types of issues that affect perceived visual quality at low bitrates. Get more bandwidth, and you have a better experience. Hopefully 5G will proliferate quickly, but this will be tricky in the developing world where its inherently decentralized nature and the political environments will make its ubiquitous deployment a serious challenge.

In the end, we're all fighting entropy, particularly when it comes to encoding video. Our ability to perceive video is affected by an imperfect system - the human eye and brain. That's why we've made such gains in digital video since the MPEG-1 days. But the fantasies of ubiquitous HD video to everyone in the world on 100kbps connections are just that. When you're struggling to get by and don't have good health care or clean drinking water, the value of streaming high-quality video isn't there from a business perspective, much less a technical perspective. Everyone will get an experience relative to the capabilities of technology and the value it brings to them accordingly. All else is idealistic pipe dreams until otherwise proven.

For his current thinking: https://www.youtube.com/watch?...

After outlining the history of the creation of the Agile Manifesto, Dave Thomas outlines some basic problems with the Agile industry (including selling fear and also pushing complex IT systems to organize work that they can charge lots of money for). He says "the values have been totally lost behind the implementation". He says we need to distinguish between the implementation (Agile/Scrum/Lean/Kanban/etc) and the specification (Agility). He says "No rules are universal (except for this one)" and that "all rules are contextual". He espouses holding close to the value of "Agility" involving figuring out where you are, taking a small step towards your goal, re-evaluating and adjusting your understanding based on what you learned, and then iterating. He suggests choosing between alternatives delivering similar short-term value based on which keeps more options open to make future change easier -- outlining Dave's Rule of Design: "A good design is easier to change than a bad design." He calls for courage at the individual, team, and company levels to know you are going to make mistakes in order to find out what needs to be done -- and to work hard to make sure those mistakes small and correctable.

A shorter summary text version:
"Agile Is Dead (Long Live Agility)"
https://web.archive.org/web/20...
"The word "agile" has been subverted to the point where it is effectively meaningless, and what passes for an agile community seems to be largely an arena for consultants and vendors to hawk services and products. So I think it is time to retire the word "Agile."

I've collected more related ideas on this High Performance Organizations Reading List:
https://github.com/pdfernhout/...

What kind of changes to the TOS do you anticipate? How much will be different from the current version? https://help.github.com/articles/github-terms-of-service

If Samsung won't come to the party, make sure your next phone supports Project Treble (should be any phone that shipped with Oreo, plus the original Pixels). That finally decouples the OS from the SoC drivers, and means any Treble phone can (theoretically) be upgraded with Google's own OS releases.

Treble has always sounded great but I've always been concerned that there's no authoritative Google source to confirm whether a device is "Treble certified" or "Treble compatible".

Your post reminded me that Treble existed (my partner & I are in the market for new phones & I can't bring myself to buy a non-Google phone because of the operating system issue, and I can't bring myself to pay a fortune for a Pixel after being very happy with the cheap Nexus series for the last several years) so I had a quick search.

I can see no obvious Google-owned/managed resources, though there's this Android police article with an old list that they say is no longer updated, but it points to this github page - which seems to be the most comprehensive list.

So while I really like the idea of getting a Treble phone, there's still not enough info or clarity around the whole thing for me to feel comfortable trying to buy one yet. (e.g., will a Treble phone be Treble for ever? Or can vendors mess with it with subsequent updates of their own somehow? Will vendors & Google work closely enough on Treble standardisation to ensure that future updates won't cripple specific features on my phone?)

The source is supposedly in a different repo: https://github.com/Microsoft/o...

See: https://github.com/Microsoft/P...

OTOH, by not reading the repo README, you are supporting a long /. tradition, bravo!

The source is supposedly in a different repo: https://github.com/Microsoft/o...

See: https://github.com/Microsoft/P...

OTOH, by not reading the repo README, you are supporting a long /. tradition, bravo!

Why not just use gitea, at https://github.com/go-gitea/gi...

Oh.....

https://github.com/Microsoft/P... I'll save you the click... its MIT

Yeah. People don't get that Microsoft have changed and they keep looking for 'malice' when there really isn't. I'm sure the Microsoft developer that built this thing had literally never heard of Gnome when they designed/built it. After all, it was initially designed to cope with the largest git repository on the planet for a team of EMPLOYEES working on a corporate owned project. They were probably thinking of one thing alone: how to make the lives of their fellow developers easier.

THAT'S IT.

(Interestingly, the other big companies out there -- Google and Facebook -- use a similar 'single repository' approach; just neither use Git source control for their main repository. Google uses Piper which is an internal-to-Google-only-tool. Facebook (at at 2014 anyway) uses Mercurial.

Remember it's coping with a 100GB pack file, 3.5M file, 4000 user repository. The Linux kernel is (at 1.5GB), by Microsoft standards, doesn't even count as a medium scale repository!

So, yeah. Lets assume that developers are developers and actually want to solve TECHNICAL problems, not this sort of argument. Even if they're in Microsoft, Facebook, Google, or even, shock horror, Oracle.

And the Slashdot crowd needs to have a good, fucking, hard look at themselves. Microsoft have used this GVFS name for this project for over a year now. It has been announced on Slashdot more than once. It took some dweeb THIS long to notice?

And that shows you how irrelevant Slashdot is - because if Slashdot was relevant, they would have triggered this reaction THE FIRST TIME.

Microsoft said "Linux is a cancer" because the license it used (GNU GPL).

I believed that when Microsoft contributed to git (or build something related to it, it would use git's license. But no. GVFS is MIT licensed, not GNU GPL + A really bad EULA: https://github.com/Microsoft/G...

Some interesting points from the EULA:

DATA COLLECTION. The software may collect information about you and your use of the software and send that to Microsoft. Microsoft may use this information to provide services and improve Microsoft’s products and services. Your opt-out rights, if any, are described in the product documentation. Some features in the software may enable collection of data from users of your applications that access or use the software. If you use these features to enable data collection in your applications, you must comply with applicable law, including getting any required user consent, and maintain a prominent privacy policy that accurately informs users about how you use, collect, and share their data. You can learn more about Microsoft’s data collection and use in the product documentation and the Microsoft Privacy Statement at https://go.microsoft.com/fwlin.... You agree to comply with all applicable provisions of the Microsoft Privacy Statement.

UPDATES. The software may periodically check for updates, and download and install them for you. You may obtain updates only from Microsoft or authorized sources. Microsoft may need to update your system to provide you with updates. You agree to receive these automatic updates without any additional notice. Updates may not include or support all existing software features, services, or peripheral devices.

Also they avoid the word "GNU" if ever possible. They fear GNU. And make people fear it. (I doubt if Microsoft had something to do with "Code 2 Complete" book which said that some coding style is really bad (which was the GNU style, but didn't name it so). At least, the book was published by Microsoft press)

Of course, you don't want to get locked in to AWS if you can help it, but containers can help with that.

This is why I think Kubernetes is such an interesting project.

It's the Docker PaaS with the most 'mindshare' and works on every infrastructure, you can integrate it with a lot of different networking systems and has integration with all the major cloud providers and more. Like working on getting federation between clusters working properly.

People are now even doing: declaritive configuration in git-repo -> branch -> deploy -> update git-repo with information of running systems (git repos as source of truth).

For example:
https://www.weave.works/blog/g...

It just needs people to start sharing what they are doing in this space to have a full open source stack you can deploy anywhere and have it heal itself when 1 or 2 machines are lost, just automatically start some new ones and load it up with new containers and data.

And not just for stateless containers anymore, finally people are starting to integrate it so data is replicated:

https://github.com/operator-fr...

We are pretty close to having that full stack.

Same here.

But I'm a nobody, and my OSS project are of little importance. What matters the most now is migrating this away from the Microsoft trap...

be a problem if you are using privacy plugins that already block single pixel tracking bugs. The attack ALSO REQUIRES, you guessed it, Javascript. So, it's not a pure CSS attack. See https://github.com/evonide/mis.... These blokes didn't test against a rig with any privacy plugins.

Here's the real question: they're running a timing attack on how long it takes to render a pixel outside the parent element they're providing the style for. They specifically attack an iframe from Facebonk that shouldn't be able to receive styling from their CSS script unless they load at the same priority as Facebonk itself. So, this is a driveby attack that requires the FBonk to maintain your logged in state based on cookies. Otherwise, their little iframe to facebook isn't going to display any information.

So, they can't really hack FB, but it's an interesting attack. Surely a bug.

And one more thing.... this is a timing attack, right? Why are the browsers giving out time accurate to the millisecond? This sort of thing makes timing attacks possible? What possible purpose could there be in handing it out such accurate time to Javascript? Can't we just go with 0.01 (0.0254 metric) seconds resolution?

Git itself is still GPL'd. They can't distribute modified (or unmodified) versions without also providing the source code. Which means that any changes they make to provide a "special" version can easily be taken up by the folks who make the command-line version.

They do not have to distribute a modified Git, but an implementation of the Git protocol. There are many such implementations already available (e.g. Dulwich which is a pure-Python re-implementation of Git).

https://github.com/teslamotors...
https://github.com/teslamotors...

https://github.com/teslamotors...
https://github.com/teslamotors...

The two most popular IoT wireless protocols (Zigbee & ZWave) are proprietary requiring 20k+ licensing fee's to make your own devices. There are some emulation libraries for WiFi devices (Like the Phillips Hue & WeMo) but are not 100% compatible with smart home hubs (Like Amazons ECHO V2 for example). There are open source wireless protocols that use the same frequencies as Zigbee but none of the smart home hubs support them unfortunately.

Z-Wave is proprietary, but Zigbee has open source software and hardware options.

You can use a Z-wave/Zigbee/WiFi controller hub like the VeraPlus and cut off it's ability to "phone home." While built on OpenWRT Barrier Breaker it's still proprietary, but more hackable and controllable than the others.

There is also work being done Rasberry Pi replacements for the Vera using projects projects like OpenLuup:

https://github.com/akbooer/ope...

Ah yes, well video on the Internet is somewhat intentionally a shit sandwich. WebM/VP8 (or VP9)/Vorbis seems to be the most compatible with most browsers (Except for Safari and older internet explorers, and they can all fuck off.) I set up a ffserver demo project a while back to stream some webm audio and video on localhost with the ffserver utility that comes with ffmpeg, along with how to manipulate the video with some javascript. Ffserver is deprecated in more recent versions of ffmpeg, although I believe if you build it from source from its 3.3 branch, you should still get it. It's kind of a pain in the ass to work with, but it is open source, so if anyone's curious about how to do that, there you go. What the video services buy you is that getting your video up and playing on every browser is easy with any of them.

Since Telegram is open source and you can get both it and Xcode for free then removing it from the App store doesn't really prevent it from being used on legit, un-jail broken, iOS devices.
Yes, yes, I know you won't get APNS, and if you can't sign it with a developer account, it needs reloading every week.
But it's a by-pass none the less.
Anyone with anything to hide will no doubt find a way around Apple's compliance with the country's legal requirements and in this case it's relatively easy.
My question is how far with Russia go to stamp out encrypted messaging? Can they? Can anyone?

The countermeasures against the blocking have been interesting.

Telegram got lots of servers so the Russians blocks milions of ip addresses. Iran also began trying to block telegram.

People in the west started helping by running socks5 proxies. Some of the proxies that people put up allowed all traffic, not just telegram, so they got used for forum spamming, torrents etc and got shut down after a day or two when the companies that the servers were rented from got lots of complaints.
There is a socks5 proxy written in python that is set up to only connect to telegram ip addresses.

Now it is reported that deep packet inspection is being used in some countries to detect socks5 protocol.

Telegram has created a new proxy protocol called MTPROTO to try to get around that. The android and iphone versions of telegram messenger can use MTPROTO but the desktop software can't, it's only in the beta versions that are not available to everyone. Voice calls currently don't work with an MPROTO proxy.

There are now several different bits of MPROTO server software on github in python, golang and javascript.

There are various telegram bots and twitter accounts listing proxy ip addresses.

http://www.techort.com/telegram-mtproto-proxy-everything-we-know-about-him-habr/

Because an attacker can tamper with the raw binary object that can still be deserialized, but now has different contents and now will run differently on the other end, in a manner not expected or possibly controlled.
Yeah, and he can use an SQL statement to change a row in the data base ... or a PERL script to change a line in a text file ... what exactly is the difference?
And it has nothing to do with graphs anyway. It can be a single object, only consisting out of primitive types.

Hint: the problem is code, not data. Your explanation makes pretty clear that you don't know what the problem with "simple deserialization" is.

because deserialization ignores all that. the build in standard, yes. However you can augment it.

Preventing the problems the people here get heated up about is super simple:
https://wiki.sei.cmu.edu/confl...
(Original: https://www.ibm.com/developerw...)
Interesting discussion: https://github.com/atomix/cata...

The whole claim that there is a "problem" and the inventors of Java made design mistakes: is clearly wrong! They designed the ObjectInputStream and the way how objects are serialized/deserialize in an easy to adapt and change manner. In other words: they showed great foresight!

A company that locks you in to their platform, but generally respects your privacy (at least to our knowledge), or a company that's far less locked down, but pisses all over your privacy.

You can do something about the privacy problem. You can't do much about the lockdown problem.

What "lockdown" problem?

https://ios.gadgethacks.com/ho...

That requires NO Jailbreaking.

And, if you have a Mac, you can simply go to GitHub and visit their large collection of Open Source iOS Apps that you can "Sideload" with XCode:

For example:

https://github.com/vsouza/awes...

You can use the adb toolkit to pull that stuff off your phone. https://github.com/pborowicz/h...

without root, you can pull applications out with the adb toolkit

calculate the image hashes.

There are several libraries available to calculate image hashes that can be built into a desktop tool
For example: https://github.com/JohannesBuc...

I don't normally respond to AC's, especially racist AC's, but you are wrong.

You don't have to use facebook for them to collect data on you, and THAT is the problem. They have their connect and like buttons on a VERY LARGE cross section of the internet, and in many third party products, like Spotify.

They know more about you than your mother does, and there are only a few ways to stop them, like blocking a list of about 1500 different domains, or you could just stop using the internet. I don't know about you, but as a web developer/designer, that last one isn't really an option.

This shit needs to be well regulated.

It seems like the Mastondon.technology group (which is where I'd want to move to) are a bunch of censorship nazis who block anyone that doesn't adhere to a rigid speech code, who wants to deal with that nonsense?

Blocking such scary content providers as "libertarianism.club" and "toot.love". Funny how they only seem to block love, not hate...

https://github.com/teslamotors...
https://github.com/teslamotors...

https://github.com/teslamotors...
https://github.com/teslamotors...

- Everything even remotely container-related (Cgroups & Co) is missing. No LXC/Docker*/systemd-nspawn/etc. for you.
- Filesystems are limited to either mount an NTFS directory as a data dir, or a special NTFS directory with some metadata as a POSIX-compliant root. You can't get any other typical Linux filesystems, even the popular one, so forget about modern facilities like free snapshotting, and most of the weird stuff is either poorly supported (different visibility of mounts) or missing (layers).

And these are the first two out of the top of my head.

(We could add : no DRM gfx stack, you're limited to X forwarding over SSH, so no wayland compositing either)

(Also, in the perspective of what Microsoft wanted to achieve before pivoting to WSL: it still can't run the Android user-space successfully.
So, still no app ecosystem on Windows 10 phone that isn't a joke. But at least they got WSL to run on ARM too).

Basically, all you get is enough API to work with cli tools and daemons.

But hey, at least WSL doesn't work with systemd so at least this will keep the Devuan whiners crowd happy~~~

---

* : apparently, the latest linux docker on the latest WSL insider built could successfully run hello-world. By basically skipping and/or ignoring most of the missing stuff. It's basically a glorified chroot. You're still better off installing the windows version of docker and use WSL to control it with the CLI (and the long term path would probably be having the Windows docker able to start a separate WSL context for each container).

- Everything even remotely container-related (Cgroups & Co) is missing. No LXC/Docker*/systemd-nspawn/etc. for you.
- Filesystems are limited to either mount an NTFS directory as a data dir, or a special NTFS directory with some metadata as a POSIX-compliant root. You can't get any other typical Linux filesystems, even the popular one, so forget about modern facilities like free snapshotting, and most of the weird stuff is either poorly supported (different visibility of mounts) or missing (layers).

And these are the first two out of the top of my head.

(We could add : no DRM gfx stack, you're limited to X forwarding over SSH, so no wayland compositing either)

(Also, in the perspective of what Microsoft wanted to achieve before pivoting to WSL: it still can't run the Android user-space successfully.
So, still no app ecosystem on Windows 10 phone that isn't a joke. But at least they got WSL to run on ARM too).

Basically, all you get is enough API to work with cli tools and daemons.

But hey, at least WSL doesn't work with systemd so at least this will keep the Devuan whiners crowd happy~~~

---

* : apparently, the latest linux docker on the latest WSL insider built could successfully run hello-world. By basically skipping and/or ignoring most of the missing stuff. It's basically a glorified chroot. You're still better off installing the windows version of docker and use WSL to control it with the CLI (and the long term path would probably be having the Windows docker able to start a separate WSL context for each container).

It would be hard to find a Linux distribution that doesn't use *anything* by GNU.

Even FreeBSD and OpenBSD have traditionally used gcc to do their compiling, though both are now moving to clang or have already done so ... and as I understand it this is mostly due to the GPL. Even outside of clang, OpenBSD uses a few GNU packages in their base system ... though they don't sound happy about it.

Do you have Parkinson's much?

1. There seems to be plenty of space between the center of the top row of keys to the bottom of the Touchbar to avoid "Accidental Touches" by all but the most ham-fisted "Typists".

2. If it bothers you that much, simply park an external keyboard (with a "real" ESC key!) in front of your MBP. Yes, it's a bit of a kludge, but since you can purchase a wireless keyboard for as little as $14 at Walmart, I have little sympathy for you. I did that when my work Samsung Laptop (which has a difficult-to-replace keyboard), suffered some key failures. It was that, or throw out an otherwise perfectly-functioning laptop.

3. You CAN disable the Touchbar in s/w. Have you tried this?

https://github.com/LumingYin/T...

Having said that, I DO believe Apple should update their TouchBar driver or firmware to include some sort of "sensitivity" or "glancing-blow" detection/adjustment, kind of like with the Trackpad. Another fix would be to mount the entire TouchBar on a "spring-loaded" mount; so that a bit of down-force (albeit anywhere on the TB) would be required to "register" a Tap. If Apple can make a "clicky" Trackpad, then they could easily do that.

If you can't tell if it's video or not, you also wouldn't be able to play it

JavaScript code downloads a file, runs an algorithm on its bytes, and updates the pixel content of a <canvas> element. Is that video? How would a browser be able to tell?

JavaScript code downloads a bunch of JPEG or PNG images and displays them in sequence on an <img> element. Is that video? How would a browser be able to tell?

An element has a JPEG background image whose position within its container is advanced by steps using a CSS animation. Is that video? How would a browser be able to tell?

I upgraded my desktop, and I don't see any issues. I haven't tried any of the "new features"; they didn't seem compelling to me.

My laptop, though... The hard drive is encrypted with VeraCrypt, and the usual update process fails, of course.

The canonical solution is to un-encrypt your drive, do the update, then re-encrypt it. Since encrypt the whole drive takes about 12 hours, I'm not doing that.

However, I found this nifty little page:

https://github.com/th-wilde/ve...

I created an install directory from the Microsoft page, copied this into it and ran it. It patches the Windows files with the Veracrypt drivers. Then run setup.exe in an administrator cmd shell, and there you go.

I hope... It's well into the process now, "Working on updates 12% Don't turn off your PC. This will take a while. Your PC will restart several times".

Normal major update, in other words.

If it fails, I'll post the tale of woe here, but it looks like it's going OK. I've seen several postings on GitHub that it works with 1803.

This could be hugely interesting: https://github.com/gcp/leela-z...