Also to advocate for a specific tab size while also advocating for hard tabs is nonsense. The one flimsy claim to usefulness tabs have is that different people can use different tab sizes and all at the low, low cost of everyone having five times more work to use tabs for indentations and spaces for alignment and thus having to use visual whitespace of some kind.

As someone who had to help coworkers with Windows, Mac and Linux problems one of the main problems of macOS is the fact that you have to use the clumsy GUI for so many things and that the Unix-like underpinnings are badly maintained and outdated so many systems have several versions of the same tool installed in various locations (OS-, Homebrew-, MacPorts- or whatever other package manager of the day versions).

And I am saying that that information you are referring to is unknown for any given CVE unless it is unlocked by some investment of effort that usually far exceeds the effort to actually fix it and we already don’t have enough resources to fix all the bugs, much less assess the impact of every bug.

Assessing the impact on the other hand is an activity that is only really useful for two things

• a risk / impact assessment of an update to decide if you want to update or not
• determining if you were theoretically vulnerable in the past

You could add prioritizing fixes to that list but then, as mentioned, impact assessments are usually more work than actual fixes and spending more effort prioritizing than actually fixing makes no sense.

I am familiar with CVSS and its upsides and downsides. I am talking about the amount of resources required to determine that kind of information for every single bug, resources that far exceed the resources required to fix the bug.

New bugs are introduced in backports as well, think of that Debian issue where generated keys had flaws for years because of some backport. The idea that any version, whether the same you have been using, the latest one or a backported one, will not gain new exploits or new known bugs is not something that holds up in practice.

The idea that it is somehow possible to determine that for each and every bug is a crazy fantasy by the people who don’t like to update to the latest version.

If you don’t have a DB or the ability to store data in general none of the open source analytics software will work either.

No, I am trying to argue that moderators are relevant long before any of that (discrimination based on race, religion, gender,…) even starts to matter.

Well, having read his blog for a while Drew DeVault could certainly also be described as “having a bit of a ‘personality’”. Seems communities tend to form around people who have strong opinions on many things and sometimes those opinions clash. That in itself isn’t really an issue though, mostly it becomes more of a problem the larger the scope of opinions discussed becomes as there is more potential for conflict that can not be resolved because it touches on core world view aspects of one or both people involved.

Without moderators most spaces would be completely unusable due to spammers, trolls and others whose behavior and motivations have very little to do with their sexuality, politics, their skin tone or their religion.

That is just nonsense. Without moderators the internet would be unusable for everyone.

I would argue that advertising is not just a privacy concern or a nuisance, it often also influences people to make decisions that are highly damaging to their health, the environment, democracy in their country,…

I guess you are using trust in a different way here. Trust in competency can vary with both volunteer and paid workers, everyone makes mistakes though. Trust that someone doesn’t do something deliberately malicious is a different matter though.

If you think people are going to be trustworthy just because they are getting paid you are naive.

Banks are okay with it, but VLC feel more strongly than banks.

I mean banks are known for horrible security practices all around so that makes perfect sense.

Presumably this is meant to avoid using Google Streetmaps? The concept of using something Facebook/Meta-owned instead of Google makes no sense to me in this context since Google is okay in terms of quality and shares all the major downsides with Facebook/Meta.

That whole thing with 2TB being the largest plan and then you have to combine plans that might end on different days depending on your order time seems quite convoluted.

It is really quite simple.

Flatpaks (and Snaps, and Appimages and Docker containers for that matter) are essentially designed for app developers who grew tired of distro maintainers demands to fix certain things about their build systems and their applications that broke when their apps were used on distros other than the exact distro and version the developer was using. They are designed to take a “kill the messenger” approach to the problem and now people are wondering why the work that the distro maintainers did before doesn’t get done any more.

The purposes of reverse proxies vary.

One of the main reasons is that you want to host multiple services on the same IPv4 and port since you usually only get one IPv4 (works for IPv6 too but there getting more than one from your hoster is a lot easier). This is known as name-based virtual hosting.

Another thing that is often (but not always) handled by a reverse proxy is SSL/TLS termination. That way the actual application doesn’t have to worry about the certificates or crypto-related security updates. Sometimes TLS is used again on the bit between the reverse proxy and the backend server but if they are both on the same physical machine that bit is often skipped.

There are also other services such as rate limiting, caching or fully featured Web Application Firewalls (WAF) and of course CDNs that come in reverse proxy form but you shouldn’t need to worry about those too much for a small personal website that isn’t used by thousands of users.

HAProxy is a reverse proxy.

They are also a huge cause of extra work for the rest of the Linux ecosystem with their ancient software versions in RHEL. And the worst of it, everything you learn by doing work on those ancient versions is useless knowledge.