Notices by Rich Felker (dalias@hachyderm.io)

@OwOday @arstechnica I'm not sure about the technical details. Originally I thought it was just benadryl that's dangerous, but I recall seeing credible concerns about others too.

@unlofl @misterscience @chu Mandatory helmets for everything is difficult. You are seriously going to reduce adoption (preserve car usage), especially in warmer climates, if folks fear getting ticketed for taking fairly reasonable risks (short trip, safe route, low speed, etc) if they don't have their helmets on.

If you can't make small open vehicles safe besides cars without requiring helmets, ban cars. Or at least make parallel no-cars infrastructure where helmet requirements are relaxed.

@tris @hipsterelectron I mostly try not to engaged with him. The whole thing there is a bunch of non sequiturs equating failure to support his pet programming model with a Linux-specific feature with the standard being "insecure". And it's the standard bs his employer has been pushing for decades.

@tris @hipsterelectron His theory: Linux sucks so we should strongarm his benevolent dictator inventions in to replace everything he thinks sucks.

My theory: Linux sucks so we should maximally avoid using nonstandard Linux-specific functionality to keep the door open as wide as possible for alternatives built on consensus standards processes.

@hipsterelectron It's stated as a necessary condition not a sufficient one. 🤷

@hipsterelectron @navi Autoconf targets pre-POSIX shells too which I deem pointless especially now. Even old proprietary unices that kept their broken stuff as default had PATH options to get the POSIX ones.

@navi @ska They shouldn't be. They're a very different language strength and one that doesn't admit efficient matching without precompiling like regex.

@davidrevoy @lispi314 @dirtycommo @RootMoose @mmu_man This looks so incredibly cursed. Why are folks expected to apply sketchy patches to kernel to use input devices??

@navi ${x#0} should peel one zero. Repeating this N times even for decently large N is cheaper than a fork+exec. There's probably a better way too.

If you know it's 3 digits for example, $((1$x-1000)) works.

@navi 😭 I love them. But you can also do this direct in shell without external commands if performance matters.

RE: https://hachyderm.io/@dalias/116216526597815978

@green

Thanks to this great thread by @Iris and @pythonbynight, worth a read in its entirety: https://scholar.social/@Iris/116433727927734855 to at least https://hachyderm.io/@pythonbynight/116490065492280980

@eniko @ghost_shit Folks don't grasp that actually useful computers have vanishingly small probably of errors after quintillions of operations. The error rates they ridiculously think are "low" are astronomical.

@lzg The whole selling point is that it lets those humans pretend they weren't behind it.

@bkuhn I think this is also an artifact of getting older, you collect a raft of dire predictions that don’t occur because complex systems are often remarkably resilient when they have actors embedded in them with massive resources.

@eniko Clearly they never played D&D.

I sometimes griped about my former supervisor Hillary Ronen, but cheers to her for joining a nonprofit that protects immigrants after leaving office, rather than go to a cushy lobbying gig.

The contrast is especially stark with her would-be "moderate" successor who, after losing his election, immediately joined ICE-collaborating Flock Safety as a lobbyist.

https://missionlocal.org/2026/04/san-francisco-hillary-ronen-mission-district-la-raza-centro-legal/

@equinox @mirabilos Disabling AF_ALG does not prevent the kernel crypto primitives from being used in kernelspace; it just omits the userspace API for them. I'm not sure how the IPsec software stack is setup, but I've long been in the IPsec-haters club, so I can't say that's something I'd be worried about.

Ultimately, if you want to use AF_ALG, I'm not stopping you, but I really wish folks would stop being like "oh, my software is Linux-only and Linux has AF_ALG, so it's fine to use it". Some of us disable kernel functionality that's gratuitous attack surface and that portable software can't use (because it's Linux-specific) and it's very frustrating when programmers are like "you need to expose yourself to more attack surface to use our stuff because we couldn't be bothered to just do things the right way calling library code in userspace".

@hipsterelectron @aren @miss_rodent It should already be possible. The web server could just add a custom HTTP header containing a signature for its half of the DH exchange.