I’m not the same person, I just saw someone responding to kindness with discouragement, and humanity really doesn’t need that right now.

WTF is wrong with you. A stranger pours out their heart for you and you just stomp on it? Have the decency to just shut up and ignore it instead of going out of your way to be an asshole.

So you’re agreeing. “one does not simply stop, because one needs to be really sure that they want to stop for some reason or another”. The desire to stop doesn’t come from nothing, yet it’s the vital ingredient for stopping successfully. Unless you have it, stopping is really hard.

The contents of your message aren’t a “no”, they’re a “yes, and”

For me it’s less often, but otherwise same.

Yeah, if all those complainers want something more modular, they’re free to push for protocols that allow to leverage existing components while also allowing for them to come from multiple vendors.

Objectively, Apple is focusing on leveraging high DPI over subpixel tricks.

It makes sense that people who value sharpness on low DPI screens prefer subpixel rendering over grayscale.

https://kde.org/community/whatiskde/kdefreeqtfoundation/

Qt is a thing. Idk why all these environments are messing around with a GTK that’s being sabotaged/neglected by GNOME while Qt just keeps working.

Wow, what a completely unhinged reply to what was simply stating the obvious.

The person you replied to didn’t see the scenario you imagined in your head. They replied to the words you wrote.

Who?

A developer who hasn’t caught a virus since his teenage years.

Why would we?

Rust is faster than C. Iterators and mutable noalias can be optimized better. There’s still FORTRAN code in use because it’s noalias and therefore faster

You got it right, the person you replied to made a joke.

In a good way. Using a non-verified bytes type for strings was such a giant source of bugs. Text is complicated and pretending it isn’t won’t get you far.

I don’t think those are better or worse. My point isn’t about some ancient far too limiting standard, but about how easy it is to wreck everything by not knowing some obscure syntactical rule. My issue is about implicit conversion between strings and arrays, about silently swallowing errors and so on. And the only shell languages that I know aren’t idiotic are nushell and Powershell.

That KDE theme that nuked some user’s home directory? Used a bash script. That time the bumblebee graphics card switching utility deleted /var? Bash script. Any time some build system broke because of a space in a path: bash/ZSH/… script.

Why would anyone make an init system based on shell scripts these days?

POSIX shells are horrible unmaintainable bug factories.

shellcheck is not enough to make them safe programming languages. They are acceptable only in an interactive context.

Having anything encourage people to write POSIXy shell scripts is a design flaw.

Services are bash scripts?

Oh no. That’s horrifying. I’ll never go back to the bad old days where my system constantly has dozens of untestable buggy bash scripts running.

I currently have zero bash scripts running on my system until I open steam, and there’s no world where I’d go back.

You’re right, there’s more parts to it, especially social engineering. Maybe there’s other ways to hide a payload, but there aren’t many avenues. You have to hide the payload in a binary artefact, which are pretty suspicious when you don’t do it in a (well scrutinized) cryptography lib, or a compression lib.

Then that payload has to be executed for some reason, which means you need a really good reason to embed it (e.g. something like widevine), or have to modify the build script.

I think it needs to be

• rolling release (because it was caught so quickly that it hasn’t made its way into any cadence based distro yet)
• using the upstream Makefile task to build a RPM or DEB (because the compromised build script directly checks for that and therefore doesn’t trigger for a destdir build like Gentoo’s or Arch’s)
• using the upstream provided tarball as opposed to the one GitHub provides, or a git clone (because only that contains the compromised Makefile, running autotools yourself is safe)

Points 1 and 2 mean that only rolling release RPM and DEB distros like Debian Sid and Fedora are candidates. I didn’t check if they use the Makefile and the compromised tarballs.