5C5C5C

5C5C5C , 14 hours ago

As for not having underwear, well...

5C5C5C , 23 hours ago

I like to imagine the profile pic changed immediately after the transition was complete, and at the time of the "completely cis" post it was something manly, like.. I don't know, hotwheels?

5C5C5C , 3 days ago

Yeah that's my big takeaway here: If the people who are rolling out this technology cannot make these assurances then the technology has no right to exist.

5C5C5C , 4 days ago

"Instantly" on a geological scale 🙃

5C5C5C , 5 days ago

Astroturfing implies that a corporation or government agency with large amounts of funding are paying individuals or bots to spread misinformation for their employer's financial or strategic benefit.

You might not know this, but there isn't a "Big Vegan" industry with deep pockets to financially support astroturfing. Agrobusinesses that grow vegetation make more money off the meat industry than they would if they centered their produce around vegetarian or vegan diets. Businesses that do cater to vegans barely manage to scrape by and have no margins to support social media manipulation; they barely even have budget for conventional marketing.

What you're actually witnessing is legitimate grassroots efforts to inform people about the harm that the meat industry causes. You see "astroturfing" doesn't mean "a lot of people are saying things I don't like". It actually means "grassroots campaign but fake", hence the name "astroturf", which is a fake kind of grass.

5C5C5C , 5 days ago

Your idea of nuance would have us all sitting on our hands while unsustainable industries make the world we live in uninhabitable and put an end to humanity as we know it.

5C5C5C , 5 days ago

What an absolutely bizarre whataboutism, so vapid and self-evidently disingenuous that I can't believe I'm about to waste my time picking it apart, but here we go:

First of all, rescuing children from traumatically abusive environments is not the same as what the meat industry does to calves. Separation from parents is inherently traumatic itself, but that needs to be weighed against the degree of harm that the abusive parent might do, on a case-by-case basis.

Secondly, there are certainly cases of the government separating children from their parents that should be protested. Like when Texas defines transgender-affirming households to be committing child abuse and uses that as a reason to forcibly separate the child. Or when immigration control separates migrant children from their parents.

This might come as a shock to you, but it's possible to care about and advocate for more than one issue at a time. I don't know if your emotional capacity might be limited to just caring about one thing, but most people don't suffer from that limitation.

5C5C5C , 5 days ago

Just because you personally disagree with the goal of a grassroots movement does not mean it is a fake grassroots movement.

A grassroots movement is very simply a collection of people, usually belonging to a community with a shared interest, who work together to publicly advocate for a particular cause. This is contrast to a powerful or moneyed interest that lobbies for a cause that usually only benefits a small group. When a powerful or moneyed interest is paying large groups of people (or alternatively bot farms) to manufacture the appearance that a grassroots movement is supporting their cause, THAT is astroturfing. The agreeability of the cause has nothing to do with how the strategy gets labeled.

You have such a tenuous grasp on the meanings of such basic words that you might want to consider hesitating before referring to other people as idiotic.

5C5C5C , 5 days ago

You aren't weighing in on it while blatantly implying that the group in question is "idiotic", okay buddy 🥴

You're also asserting that my definition was wrong without saying anything about how it was wrong or what would be correct.

What are you even contributing to the conversation? Why did you waste the electricity to transmit any of the utterly worthless bytes that you did? And why am I wasting my time responding?

The last question has an easy answer: I have nothing better to do while I poop. But the rest of the questions are truly a mystery.

5C5C5C , 5 days ago

Shhhh we can't let them know that George Soros is secretly a radical leftist vegan.

5C5C5C , 5 days ago

One person posting a lot is not astroturfing. Astroturfing is about faking the appearance that many different people support the same cause. If it's the same account doing all the posting then they're not trying to give the appearance of being many different people.

At worst you could call it spamming. But personally I hope they keep up the spamming because seeing all troglodyte meat industry shills make asses out of themselves is giving me a new lease on life.

5C5C5C , 5 days ago

TIL caring about issues that cause unimaginable degrees of unnecessary suffering and also threaten to end human civilization as we know it is trolling.

5C5C5C , 5 days ago

I can't be bothered to read any of that unhinged raving in detail but this line jumped out to me and the irony is just delectable:

You have a serious ego issue where any time someone challenges you, you have a full on fucking meltdown.

Clearly I'm the one having the meltdown here 😂

5C5C5C , 5 days ago

Your eyes broken bro

5C5C5C , 9 days ago

This is the argument that I used when I was an adolescent who thought himself very wise and smart but in reality just wanted an excuse to not have to change the lifestyle that I was comfortable with.

Saying "life only comes from death" is a cowardly reductionism. It creates a false equivalence between plant and animal life that lets you ignore the fact that sustaining human life does not require the wanton suffering of animals. And it certainly doesn't require animals to be suffering at such massive scales and in such cruel ways.

You're probably someone who will cite studies which indicate that plants emit distress signals when they take physical damage, and you'll argue that therefore plants suffer the same as animals. But that's an intellectually dishonest argument. Suffering as we understand it is more than just a chemical reaction to stimulus; it emerges from an awareness of being alive and an instinctual desire to remain alive and unharmed. Plants do not have that kind of awareness.

There are predators in nature that only know how to hunt to survive. Their digestive systems are specialized to consume the bodies of other smaller animals. And their ecosystems depend on those predators to balance out the reproductive cycles of their prey, otherwise the prey animals would become overpopulated and wipe out life forms lower on the food chain.

The fact of the matter is that humans have not been a collaborative member of any ecosystem for tens of thousands of years. We cause massive harm to every ecosystem that we're a part of, and the mass slaughter of farm animals is the worst thing we've done to this planet yet, even more harmful overall than CO2 emissions. We're eroding the soil and using up the fresh water in ways we can't sustain, and then to top it all off we're inflicting the largest scale unnecessary suffering in the history of this planet. And all of it is being done so that humans can enjoy a pleasure that is both unnecessary and easily replaced with a small amount of agricultural and supply chain reform.

Humans are omnivores and the simple reality is that as an omnivore with options at your disposal you have a choice about whether the process of sustaining your life involves wanton suffering at a massive scale or not. If you think the suffering of animals is worth the pleasure you derive from eating their flesh then just be honest and say so. Don't be a coward like I used to be by pretending that animals and plants are the same.

5C5C5C , 8 days ago

A little disingenuous, yes, but the reality is that if we redirected the meat industry's subsidies towards a supply chain that centers around plant based diets, we'd have a more sustainable industry as well as a more affordable food supply for everyone.

Sustaining the status quo of meat consumption is a constant battle against the laws of physics.

5C5C5C , 12 days ago

I imagine the number goes up considerably when you account for showering, washing clothes and dishes, and water used while cooking. It would go up even more if you account for the water used to produce the food consumed by the individual.

5C5C5C , 20 days ago

Weird how this notion of "personal responsibility" applies to every person except for those people who choose to intentionally misrepresenting the product by branding it in ways that are misleading. The people running this company aren't responsible for their role in misleading the public, just because the fine print happens to indicate that the product isn't actually what it's marketed as?

Now you'll probably say something to the effect of "I never said that! You're putting words in my mouth!" except what other motivation can you have to jump to the defense of the liar and blame people for being misled, except that you want to put all the responsibility on individuals for being misled and not on the company that is systematically and intentionally misleading them? Maybe you just manage to derive a smug sense of superiority thinking of yourself as someone who is invulnerable to this kind of tactic so blaming the victims lets you feel good about yourself.

5C5C5C , 20 days ago

I'm sure you're on the shop floor for every one of those conversations.

But anyway, enjoy being confidently incorrect: https://www.consumerreports.org/cars/car-safety/tesla-driver-monitoring-fails-to-keep-driver-focus-on-road-a3964813328/

5C5C5C , 26 days ago

I'm disappointed to learn that she was born British so she can never run for president in America.

.. Not that the FTC chair is known to be a pipeline to the presidency, but I'm ready to turn over every stone at this point.

5C5C5C , 1 month ago

Surprise surprise, the congressman is literally a defense contractor. I wonder how many hundreds of thousands of innocent souls are hanging over his head.

5C5C5C , 1 month ago

You oppose veganism from a moral standpoint...? You think it's immoral to subsist without needlessly torturing animals, or is there some other agrobusiness propaganda wedged in your brain that you haven't taken the time to debunk yet?

5C5C5C , 1 month ago

Because you don't like seeing people promote lifestyles that are objectively necessary for human life to be sustained on this planet in the long term?

Or because you don't have the discipline to overcome the upbringing that conditioned you to feel addicted to meat consumption, and you subconsciously realize that veg*nism is the morally and ecologically superior lifestyle and that leaves you with an inferiority complex that makes you lash out at others like an upset child?

5C5C5C , 1 month ago

I find that meat eaters' reactionary indignation to the facts of the harm caused by eating meat is way more aggressive than veg_ns trying to point out to people that we're literally killing ourselves as a species.

It's somehow even stupider when people who are veg_n like yourself act like it's offensive to promote the importance of veg_nism to a world that will otherwise die.

I really don't care how many people like me when it comes at the cost of the continued existence of humanity. I have no remorse about shoving an uncomfortable message into the faces of people who need to hear it.

5C5C5C , 1 month ago (edited 1 month ago)

Weird take on morality.

I'm eager to acknowledge the systemic challenges of being veg_n since those were barriers for me in the past myself. I'm privileged to not have those issues anymore, but I still recognize the premium that I pay to be veg_n (my partner and I refer to it as "the vegetarian tax").

I harbor no animosity towards people who can acknowledge the sustainability crisis of the meat industry but aren't in a position to personally separate from it. The expectation that I have for decent and informed people, in order from the bare minimum to the absolute most is:

1. Don't pointlessly disparage veg_ns or spread misinformed agrobusiness propaganda. This in fact takes negative effort.
2. Occasionally examine whether you have any opportunities to reduce your meat consumption.
3. Talk to people you personally know about the sustainability crisis and see if you can find others in your circle who are interested in reducing their meat consumption. Work together to figure out effective strategies for doing so in your situation.

5C5C5C , 1 month ago

I mean scientists tried being polite and give gentle nudges with the climate crisis for decades and look where it got us. Civilization is driving towards a cliff and we've thrown away the steering wheel.

When I was younger I used to think that being nice to people and engaging them on their own terms is the best way to win people over to your cause, but at the end of the day people don't actually bother to change unless they realize that they need to for their own survival. So I'm done putting all my eggs into the respectability politics basket, and I'm not going beat around the bush on what a fucking cataclysmic crisis we're being faced with.

I certainly won't win anyone's affection, but if I can get at least one person to pause and ask themselves "..Am I in danger..?" then I'll take that as a win. If others think they can win people over with kindness, they're welcome to try.

5C5C5C , 1 month ago

Life insurance premiums are about to skyrocket for Boeing whistleblowers.

5C5C5C , 1 month ago

You're thinking of faculty. This is referring to administrators. If you don't know the difference then you know nothing about how institutes of higher education function.

5C5C5C , 1 month ago

Sounds like there are going to be a lot of machines running a fresh install of Linux next year. Microsoft really does ♥️ Linux.

5C5C5C , 1 month ago

Honestly it's the right call. We're really not worth it.

5C5C5C , 1 month ago

He absolutely has not.

5C5C5C , 2 months ago

If the issue exists in the standard library of every language that provides this capability and Rust's standard library is the first to fix it, how is it a Rust issue?

It would be more accurate to say that it's an issue in almost every language EXCEPT Rust at this point.

The only reason it isn't being called a C or C++ issue is because their standard libraries don't even attempt to offer this capability. But you can bet that all sorts of C/C++ libraries that do offer this, like Qt, will also be having this issue.

5C5C5C , 2 months ago

Because this is the status of the bug across the standard libraries of various languages, per this article and others:

• Erlang (documentation update)
• Go (documentation update)
• Haskell (patch available)
• Java (won’t fix)
• Node.js (patch will be available)
• PHP (patch will be available)
• Python (documentation update)
• Ruby (documentation update)

Notably C and C++ are missing from this list because their standard libraries don't even offer this capability. Half of these standard libraries are responding to the issue by just warning you about it in the function documentation. Rust is one of the few that actually prevents the attack from happening.

The original BatBadBut bug report used JavaScript to illustrate the vulnerability.

5C5C5C , 2 months ago

The entire problem with cmd.exe was not known and so obviously not documented when the Rust standard library developers were implementing the API, and the same goes for the standard library developers of every other language. Rust was among the first to fix this problem in their API, with many other languages opting to just document the issues instead of actually protecting users from it.

To take all this information and distill it down to trumpeting "Rust has a CVSS level 10 security vulnerability!!" without context is stupidity at best and maliciously disingenuous at worst.

Nitpicking whether the statement can be construed as true within a certain framing just demonstrates malicious intent when the reality is that users of Go, Python, and Java, whose standard libraries have taken a position of Won't Fix, are in a FAR more dangerous position than Rust users who are actually in the safest position of anyone in any language ecosystem besides perhaps Haskell.

5C5C5C , 2 months ago

Except it's actually an "Every language and library that provides this feature" problem because literally no one was aware that this sanitization problem even existed, and Rust is among the first to actually fix it.

5C5C5C , 2 months ago

Funny how the headline makes it sound like a Rust specific problem, as if the Rust language is unsafe or the core team was incompetent, but then other affected language standard libraries include

• Erlang (documentation update)
• Go (documentation update)
• Haskell (patch available)
• Java (won’t fix)
• Node.js (patch will be available)
• PHP (patch will be available)
• Python (documentation update)
• Ruby (documentation update)

So actually this is a vulnerability that originates in Windows, and Rust and Haskell are the only languages that are actually protecting users from it as of right now, with Node.js and PHP to follow.

5C5C5C , 2 months ago

This is why the position I take is that when there is any room for doubt, lean into whichever belief would lead to the most compassionate outcome.

There will always be uncertainty, always facts that you can't know, but the compassionate choice is pretty much never wrong, at worst it might be inefficient, but that's okay. Anyone who's trying to convince you that something that harms or dehumanizes anyone is necessary probably has an ulterior motive and is profiting somehow off of the harm and dehumanization.

5C5C5C , 2 months ago

All JSON is valid YAML, so after you've converted the file to JSON, just... save it with a YAML file extension and call it a day..?

5C5C5C , 2 months ago

There are two big problems with the point that you're trying to make:

1. There are many open source projects being run by organizations with as much (often stronger) governance over commit access as a private corporation would have over its closed source code base. The most widely used projects tend to fall under this category, like Linux, React, Angular, Go, JavaScript, and innumerable others. Governance models for a project are a very reasonable thing to consider when deciding whether to use a dependency for your application or library. There's a fair argument to be made that the governance model of this xz project should have been flagged sooner, and hopefully this incident will help stir broader awareness for that. But unlike a closed source code base, you can actually know the governance model and commit access model of open source software. When it comes to closed source software you don't know anything about the company's hiring practices, background checks, what access they might provide to outsourced agents from other countries who may be compromised, etc.

2. You're assuming that 100% of the source code used in a closed source project was developed by that company and according to the company's governance model, which you assume is a good one. In reality BSD/MIT licensed (and illegally GPL licensed) open source software is being shoved into closed source code bases all the time. The difference with closed source software is that you have no way of knowing that this is the case. For all you know some intern already shoved a compromised xz into some closed source software that you're using, and since that intern is gone now it will be years before anyone in the company notices that their software has a well known backdoor sitting in it.

5C5C5C , 2 months ago

You're making a logical fallacy called affirming the consequent where you're assuming that just because the backdoor was caught under these particular conditions, these are the only conditions under which it would've been caught.

Suppose the bad actor had not been sloppy; it would still be entirely possible that the backdoor gets identified and fixed during a security audit performed by an enterprise grade Linux distribution.

In this case it was caught especially early because the bad actor did not cover their tracks very well, but now that that has occurred, it cannot necessarily be proven one way or the other whether the backdoor would have been caught by other means.

5C5C5C , 2 months ago

Your credentials don't fix the logical fallacy.

5C5C5C , 2 months ago (edited 2 months ago)

That link doesn't prove whatever you think it's proving.

The open source ecosystem does not rely (exclusively) on project maintainers to ensure security. Security audits are also done by major enterprise-grade distribution providers like Red Hat Enterprise. There are other stakeholders in the community as well who have a vested interest in security, including users in military, government, finance, health care, and academic research, who will periodically audit open source code that they're using.

When those organizations do their audits, they will typically report issues they find through appropriate channels which may include maintainers, distributors, and the MITRE Corporation, depending on the nature of the issue. Then remedial actions will be taken that depend on the details of the situation.

In the worst case scenario if an issue exists in an open source project that has an unresponsive or unhelpful maintainer (which I assume is what you were suggesting by providing that link), then there are several possible courses of action:

• Distribution providers will roll back the package to an earlier compatible version that doesn't have the vulnerability if possible
• Someone will fork the project and patch the fix (if the license allows), and distribution providers will switch to the fork
• In the worst case scenario if neither of the above are possible, distribution providers will purge the vulnerable package from their distributions along with any packages that transitively depend on it (this is almost never necessary except as a short-term measure, and even then is extremely rare)

The point being, the ecosystem is NOT strictly relying on the cooperation of package maintainers to ensure security. It's certainly helpful and makes everything go much smoother for everyone if they do cooperate, but the vulnerability can still be identified and remedied even if they don't cooperate.

As for the original link, I think the correct takeaway from that is: If you have a vested or commercial interest in ensuring that the open source packages you use are secure from day zero, then you should really consider ways to support the open source projects you depend on, either through monetary contributions or through reviews and code contributions.

And if there's something you don't like about that arrangement, then please consider paying for licenses on closed-source software which will provide you with the very reassuring "security by sticking your head in the sand", because absolutely no one outside the corporation has any opportunity to audit the security of the software that you're using.

5C5C5C , 2 months ago

And my rebuttal is three-fold:

1. Security does not depend entirely on the maintainer, and there is recourse even in the worst case scenario of an uncooperative or malicious maintainer.

2. The maintainer you quoted said he would be open to complying with requests if the requesters were willing to provide monetary support. You are intentionally misrepresenting their position.

3. The alternative of closed source software doesn't actually protect you from security issues, it just makes it impossible for any users to know if the software has been compromised. For all you know, a closed source software product could be using one of the hypothetical compromised open source software project that you're so afraid of, and you would never actually know.

If you're willing to pay a license for a private corporation's closed source software so you get the pleasure of never being able to know your security posture, then why would you be unwilling to financially support open source developers so they have the resources they need to have the level of security that you'd like from them?

5C5C5C , 2 months ago

You're either intentionally misrepresenting the post or you failed to understand them correctly. I'll let you take your pick for which is less embarrassing for you.

5C5C5C , 2 months ago

The key sentence in the post you linked which constituted more than 50% of the words being stated by the poster and yet you somehow conveniently missed which completely negates the whole narrative that you're trying to promote:

Speaking as an open source maintainer, if a tech company would like to pay me to do ~anything for my open source project, we can sit down and talk about my rates.

Which means this person is NOT simply a volunteer as you insinuated here:

When someone suggested a level of effort to be put on code checked in to prevent security issues from happening, the maintainer pushed back, stating that they will decide what level of effort they'll put in, because they're doing the work on a volunteer basis.

but in fact is available to be paid a fair rate for the labor they perform. In fact your entire description of the post is mischaracterizing what is being said in the post.

I don't know how you could have accidentally missed or misinterpreted one of the two sentences being said by the poster, and the longer of the two sentences at that. It was also the first sentence in the poster's statement. It seems more likely to me that you missed that on purpose rather than by accident. Maybe you're just so eager to find evidence to match your narrative that your brain registered the entire point of the post incorrectly. Allow me to reframe what's being said to simplify the matter:

As a self-employed contractor, if you demand that I perform free labor for you, I will decline that request.

Now just add a much more frustrated tone to the above and you get the post you linked.

5C5C5C , 2 months ago

Your interpretation is simply not supported by the literal words being said by the person. "we can sit down and talk about my rates" implies that this person already has rates that they charge for the labor they do.

You're projecting a meaning into the person's words that simply aren't there because you want it to fit a narrative that has is not commensurate with reality.

You brought up your credentials earlier so now I'll bring up mine: My full time job, which I get paid a very competitive salary for, is to develop exclusively open source software. I have many collaborators in the industry, both at my same organization and from others (some non profits, some academic labs, some government agencies, but mostly private for-profit organizations) who contribute to open source projects either full time or part time.

I don't have one single collaborator who is the mythical unreliable open source volunteer you're talking about. Every single person I've worked with has a commercial or professional (i.e. academic, mission-driven) interest in the developmental health of open source software. When we decide what dependencies we use, we rule out anything that looks like a pet project or something with amateur maintenance because we know if the maintainer slacks off or goes rogue then that's going to be our problem.

The xz case is especially pernicious. This is a person who by all initial appearances was a respected professional doing respectable work. He/they (perhaps there was a team involved) went to great lengths to quietly infiltrate the ecosystem. I guarantee someone could do the same thing at a private company, but admittedly they're less likely to have as broad of an impact as they can by targeting the open source ecosystem.

I really wish you would just stop trying to defend Linux and open source development, and listen to the concept/opinion I'm actually stating

I am listening, and I'm telling you that you're wildly misunderstanding the nature of the open source industry. You, like many many other software developers, are ignorant about the vast bulk of widely used open source software gets developed.

5C5C5C , 2 months ago

Nothing about the portion of the sentence you highlight actually implies that they haven't already been getting paid to do open source work. That's an interpretation that you're projecting onto the sentence because it fits your narrative. The poster never identified themself to be a volunteer. I've already reframed the sentence for you in a previous post, but I'll try one more time: "Whenever any tech company is willing to pay me to do work related to my open source project, I sit down with them and talk about my rates" is a semantically equivalent sentence to what the poster said.

You're also taking one single datapoint which has ambiguous credibility to begin with and extrapolating it to characterize a massive industry that you, like countless others, benefit from while hardly knowing anything about how the sausage gets made.

I'd be surprised if you've ever offered a substantive contribution to an open source project in your life, so I won't be losing any sleep if a freeloader loses confidence in the ecosystem. But realistically you'll be using open source software for the rest of your life because the reality is that closed source software really can't compete in terms of scale, impact, and accessibility. If you actually care about the quality and security of the things you depend on, then do something about it. And prattling ignorance on social media does not count as doing something.

5C5C5C , 2 months ago

You keep arguing that open source projects are strict with their code base reviews

Go ahead and quote the words I said that suggest this. You have a talent for claiming that people have said things they have never actually said.

The only claims I've made in this conversation are:

1. The open source ecosystem does NOT strictly rely on confidence in individual project maintainers because audits and remedial measures are always possible, and done more often than most people are aware of. Of course this could and should be done more often. And maybe it would if we didn't have so many non-contributing freeloaders in the community.
2. Most of the widely used open source projects are not being done by hobbyists or volunteers but rather by professionals who are getting paid for their work, either via a salary or by commission as independent contractors.
3. You don't seem to have a firm grasp on how open source software is actually developed and managed in general.