Notices by Demi Marie Obenour (alwayscurious@infosec.exchange)

@dalias Is there a method (indistinguishability obfuscation?) to generate the key without knowing the factors?

@dalias Is there anyone who is not a C stdlib or compiler implementer who would understand this? What fraction of those who are stdlib/compiler implementers would understand it?

(For anyone confused, the most common meaning of FTM is “transgender man”, with First Time Mom as a very distant second.)

@sertonix @dalias @Foxboron @alpinelinux @archlinux Bingo. LLVM and Linux both have LLM-assisted contributions and neither are practical to fork.

@dalias Not sure where you live, but Hurricane Electric provides a free tunnel broker.

@tnorinder @dalias Then how are the developers going to get paid?

Serious question. CPython is critical infrastructure. Leaving its development to volunteers is obviously not a good idea.

Ideally, critical open source software would be paid for by various governments through non-profit organizations. Sadly, that is currently nowhere near enough.

@dalias what is the alternative?

@dalias @lunareclipse Who is going to change all of the programs that run in that CI? Things like NPM, Cargo, git, curl, and the like.

I like the idea, but implementing it is a massive amount of work, and most of it falls not on the CI provider but on its users.

@dalias @lunareclipse One of the reasons CI does that is that it is so inconvienent to cache things nowadays. CI boxes are stateless by design, and using a network cache requires either an MITM certificate or changing the URLs one uses. Better tooling for this would really help.

@dalias Wouldn’t that mean WWIII? I’m pretty sure that intentionally killing the head of state of a foreign nation is an act of war, and my understanding of the EU’s mutual defense treaties is that this would mean an US vs EU war. France and the US both have nuclear weapons so this would be armageddon.

@dalias Doesn’t that cause Linux to have to page out stuff like executable code instead?

@dalias How does one run that?

@dalias What’s the bullshit?

@whitequark Using a compiler compiled to WebAssembly? WebAssembly runtimes do have vulnerabilities some of the time. Microsoft wrote a research paper about running WebAssembly modules in VMs.

@whitequark @jhwgh1968 which browsers support passkeys on Linux?

@whitequark What makes Ansible harder for you than Nix?

I really like @musl, but compiling code that uses complex Linux kernel features is such a pain. Copying stuff from Linux headers might not be feasible, either for licensing reasons or because the Linux headers are architecture-specific.

@dalias Resistance fighters in WWII might qualify, inasmuch as they are not technically part of any nation-state.

Should people nowadays be judged for the crimes of their ancestors, even if they are not continuing to perpetrate them? Genuine question.

@dalias Do you have any factions in mind that do not fail the third criteria? I was thinking that the Union in the U.S. Civil War post-Emancipation Proclemation ought to be an exception to the second criteria, as abolishing slavery is unquestionably good. However, it fails the third anyway.

@whitequark I 100% support your decision. You have a medical reason to not migrate! Every decent person should respect that.

I haven’t migrated either, and my reason (convenience) isn’t anywhere near as good.

@whitequark @r Or just expose memory-safe wrappers for the ioctls and port Mesa to WebAssembly.