The Linux Thread - The Autist's OS of Choice

[AmpleApricots]

If the software does what you want usually there's very little value to be on the bleeding edge. Often quite the contrary.

Honestly just look at stuff like pip for python or cargo for rust or whatever. Even the simplest programs are written with 1156196844849849 dependencies because "software" "developers" can't into programming. These repositories are probably full of backdoors, logic bombs, you name it. I mean seriously, who'd be surprised. Not me. And even if not - the mainainter of bespoke package #215151841 half your trannysoft depends on is probably some rando github which could easily be infiltrated in various ways.

 

[SilentDuck]

Is anyone concerned about the fact that Microsoft going full ham on Linux invokes their old strategy of Embrace, Extend, Extinguish? Their end goal is to get everyone running Linux containers on a tiny stub of an OS that's running on top of Microsoft Hyper-V.

No they are back of the bus and Google isn't about to let them extinguish linux or use their seat to steer it into anything. Bigger game afoot more likely with IOT, mobile, consoles etc and future devices that ideally all run some kind of linux. Big push is Azure and it seems like they do not give a shit anymore if anyone wants to use Windows or not. They could not be the villains they used to be anymore even if they wanted to and would be completely corner cucked if not for their AI investments.

 

[Rusty Metal Skull Gun]

Everyone's forgotten the teachings of St. Terry about the virtues of simplicity.

 

[jONALD]

Everyone's forgotten the teachings of St. Terry about the virtues of simplicity.

You mean the skitzo and based trad religious version of the Unix philosophy?

 

[Betonhaus]

No they are back of the bus and Google isn't about to let them extinguish linux or use their seat to steer it into anything. Bigger game afoot more likely with IOT, mobile, consoles etc and future devices that ideally all run some kind of linux. Big push is Azure and it seems like they do not give a shit anymore if anyone wants to use Windows or not. They could not be the villains they used to be anymore even if they wanted to and would be completely corner cucked if not for their AI investments.

I'm looking at it, and one of the draws of Azure Linux/CBL-Mariner is that it has a very minimal footprint and compiled from source. If problems like the XZ door contionue to crop up, Azure may prove to be the most secure way of running Linux containers. And it only runs on Hyper-V (there's a free Hyper-V server you can install on your own computers)

 

[DavidS877]

There are other container host OSes out there other than MS. And really if you just want containers then it's silly to run it on top of a VM kernel.
RancherOS for instance is containers all the way down, minimal kernel and optimized for just running containers.

Alpine, thought of as an in-container OS, also can be run on bare metal to run containers

CoreOS: typical RedHat bloat, but an option

Flatcar: CoreOS fork from before, seems to be well regarded

Proxmox apparently can host both containers and VMs

And 500 others I've already forgotten.

 

[Rusty Metal Skull Gun]

You mean the skitzo and based trad religious version of the Unix philosophy?

An idiot admires complexity, a genius admires simplicity, a physicist tries to make it simple. For an idiot anything the more complicated it is the more he will admire it, if you make something so clusterfucked he can't understand it he's gonna think you're a god cause you made it so complicated nobody can understand it. That's how they write journals in Academics, they try to make it so complicated people think you're a genius.

 

[0gh]

Even the simplest programs are written with 1156196844849849 dependencies because "software" "developers" can't into programming

Saw a video from someone looking over a codebase and finding an import for a function that tells you if a number is even.

It's one thing to use a request or a json/yaml parser, but it feels like a lot of devs are programming on auto complete through their IDEs. They make classes for everything anyway, why not re-use them in different projects?

 

[Sperg Coalition]

Even the simplest programs are written with 1156196844849849 dependencies because "software" "developers" can't into programming.

A real threat considering what happened with the XZ repository: if something like this happened with a project with few dependencies imagine what could happen with a project that has thousands of thousands of dependencies. You would have to audit each one of them and humans cannot and won't do it.
I wonder if AI can be used to simplify code audit even though if projects didn't have so many dependencies even a few people could actually audit the source code.

 

[AmpleApricots]

They make classes for everything anyway, why not re-use them in different projects?

It's both a competency and a time constraint problem I think. A dev who needs an external crutch to know if a number is even or not programmatically is probably not much of a programmer through. It'd never cross my mind to search for that, and somebody who did did so because he didn't know how to do it otherwise. This is developing by googling. It might get you results but these results will not be good because you don't understand what you are doing which implicitly also means you are not using the tools at your disposal to the fullest. I caught some flak in in the past by saying that at least some level of math competency is needed to be a good programmer. Many programming problems are really math problems. The other half is understanding how computers do things which a lot of people also don't. It's probably gatekeeping and some kind of -ism to even mention this in your average silicon valley company nowadays.

dependencies

You have to consider that dependencies also get updates. so while evenlib 0.5 might be poorly coded but fine, evenlib 0.666 might be the special Xi edition. I feel a lot of programs that are stuck in this dependency hell do a considerable amount of work to keep up to date with these dependencies for various reasons. At that point you could as well use closed source, proprietary libraries because you have no real idea what your program is doing anymore anyways. (and claiming otherwise is a bold-faced lie)

I'm still on the fence if AI could solve some of these problems or not, it will surely implement it's own set of problems though. There's probably already a considerable amount of production code out there that was produced by ChatGPT and similar and just copy pasted into the source without the - I wanted to say "programmer" but will rather say "the person responsible" - understanding what it even does. That's worse. If the AI critics are right this will lead to a hell-torrent of terrible code we will all drown in making all our computers more and more unusable while nobody understands anything anymore, if the AI critics are wrong this will lead to sublime code written by machine elves nobody will understand anymore. Both will lead to the same end result, the human being taken more and more out of the equation and those who control the AIs controlling everything. I do not feel good about that.

 

[Heliantheae]

Saw a video from someone looking over a codebase and finding an import for a function that tells you if a number is even.

It's one thing to use a request or a json/yaml parser, but it feels like a lot of devs are programming on auto complete through their IDEs. They make classes for everything anyway, why not re-use them in different projects?

That has to be javascript. There is this one absolute fucking ape who's spewed out countless retarded npm packages such as "is-even" and "is-odd" (one of which imports the others and negates its result). Javascript developers are barely human. It's a garbage language and its demise cannot come soon enough. The entire npm is a disaster that has happened and will happen again.

 

[std::string]

I wonder if AI can be used to simplify code audit even though if projects didn't have so many dependencies even a few people could actually audit the source code.

There's already some level of automation via fuzzing for C/C++ and in fact it flagged the xz backdoor. That's why he was messing around with oss-fuzz too.

No such thing exists for interpreted languages though, so good luck.

 

[Susanna]

That has to be javascript. There is this one absolute fucking ape who's spewed out countless retarded npm packages such as "is-even" and "is-odd" (one of which imports the others and negates its result). Javascript developers are barely human. It's a garbage language and its demise cannot come soon enough. The entire npm is a disaster that has happened and will happen again.

int is-odd (int foo){
  if (foo < 0) foo *= -1;
  while (foo > 1) foo-=2;
  return foo;
}

Or a more elegant recursive variant:

int is-odd (int foo){
  if (foo < 0) foo *= -1;
  if (foo > 1) return is-odd(foo - 2);
  return foo;
}

 

[Rusty Metal Skull Gun]

Lennart says all this xz stuff isn't his fault, and you shouldn't be so stupid as to use libsystemd to communicate with systemd:

https://mastodon.social/@pid_eins/112202687764571433, https://archive.is/E6G7h

 

[⠠⠠⠅⠑⠋⠋⠁⠇⠎ ⠠⠠⠊⠎ ⠠⠠⠁ ⠠⠠⠋⠁⠛]

Lennart says all this xz stuff isn't his fault, and you shouldn't be so stupid as to use libsystemd to communicate with systemd:
View attachment 5872826
https://mastodon.social/@pid_eins/112202687764571433, https://archive.is/E6G7h

Poettring is for once, right. Nothing should link to libsystemd. Nothing should have any dependancies on systemd at all. Systemd advocates should be hunted for sport

 

[DavidS877]

That has to be javascript. There is this one absolute fucking ape who's spewed out countless retarded npm packages such as "is-even" and "is-odd" (one of which imports the others and negates its result). Javascript developers are barely human. It's a garbage language and its demise cannot come soon enough. The entire npm is a disaster that has happened and will happen again.

Wasn't Javascript/Node/NPM one of the previous supply chain hacks?

Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps​

https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/

One of which was... colorful console messages.

I guess it didn't do anything malicious, just stopped thousands of apps from working, which was probably a win.

 

[Heliantheae]

Wasn't Javascript/Node/NPM one of the previous supply chain hacks?

Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps​

https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/

One of which was... colorful console messages.

I guess it didn't do anything malicious, just stopped thousands of apps from working, which was probably a win.

Don't forget this Turkish absolute chad https://qz.com/646467/how-one-programmer-broke-the-internet-by-deleting-a-tiny-piece-of-code

 

[SilentDuck]

A real threat considering what happened with the XZ repository: if something like this happened with a project with few dependencies imagine what could happen with a project that has thousands of thousands of dependencies. You would have to audit each one of them and humans cannot and won't do it.
I wonder if AI can be used to simplify code audit even though if projects didn't have so many dependencies even a few people could actually audit the source code.

For major finished products AI as it is now can't be trusted with code auditing and still gets small important stuff too wrong. In the future sure but it's also going to be easy to trick AI for all levels of malicious actors especially state. If you don't, won't or can't audit billions of lines of code from multiple projects oh well. Copilot will be 'auditing' Github someday soon so "no worries". "No one needs to code anymore anyway".

Purportedly one of the "greatest social engineering attacks ever" and just came down to griefing some dude on Github until he gave up. "Only reason" it got caught was some spastic Microsoft autistic was trying benchmarking SSH speeds and didn't like that it was a few too many microseconds off so went running to sec-lists.

Microsoft owned entities are way too involved in this one for my shitzo senses so I will maintain a % of doubt that this was some glowop miscommunication and a magical cover story for clickbait and YouTube shecks.

 

[AmpleApricots]

isn't his fault

It's never, ever his fault. He has a history of blaming everyone and everything except him. I don't trust people like this and nobody should because they are incredibly likely to do worse work because they refuse to learn (because according to them, they already do everything perfectly) and will also end up covering up their own mistakes if they ever even acknowledge them. This isn't even a dig at systemd, I'm directly talking about Poettering. Wouldn't trust a hello world program written by him.

can't be trusted

Hallucinating is a big problem in general and lethal in combination with "devs" that trust the AI output blindly. (AI hallucinates software packages and devs download them – even if potentially poisoned with malware) I have used AI for scripting in the past and I did find it helpful to do boilerplate code really quickly. It's fine as long as you scrutinize it's output. It becomes a problem if you don't really understand it's output. I'm not sure the hallucinating can really be fixed in the current iteration of AI, it's really the nature of the thing, even the nature of the thing that the hallucinations are so believable.

 

[0gh]

I wonder if AI can be used to simplify code audit

Nah. I insult and yell at ChatGPT daily to help me with programming and sometimes I want to break every monitor in existence so I could never see it again due to the stupidity it shows. If I give it a regular expression I have to explain "use the exact regular expression I gave you. Do not modify it into what you believe is a better form, keep it exactly as is or great harm will come upon you"

It does save time if you need to do something in another language and you don't care about the syntax, maybe you need a quick layout for something, a change from json file to db, generally easy things that you already know how to do but would take you more time to type out the code than to type a detailed explanation to chatGPT on how to do it.

If you don't know how to code chatGPT is mostly useless for that purpose. I don't know if it's a context thing or what, but I tried giving an entire file of 50 lines of code and it still fucked up and came up with completely its own thing.

You know how to code, you know exactly what you want, but it just physically takes you longer to write all that code and decide on minuscule irrelevant things that the AI could do in a few seconds? Then it's an awesome resource, basically a coding assistant. Or maybe you need something explained because stackoverflow kills brain cells faster than alcohol

It used to be much better though, they lobotomized it quite a lot, so maybe we will get there.

That has to be javascript.

Most likely. Javascript developers are a special kind of people. I couldn't believe that "serverless" just meant the server is managed by someone else. I've seen people complain about paying insane amounts to vercel or netlify when they could just pay 40 bucks a month at ovh hetzner or reliablesite.

Especially now with docker where you can just run a compose and be on your way, or use k3s or whatever else that you can deploy after a 20 minute youtube tutorial from some badly shaven dude who shows his face way too much for a tech video.

I don't think libraries are bad, though I don't think you meant that either. There's a huge difference between mqtt or okhttp and is-even. Doing everything from scratch would waste a lot of time for small projects with one or a few devs, and many libraries offer required complexity that would take years to make.

Lennart

Lennart is incredibly smug and annoying. I came to this conclusion after reading this famous gem and I haven't been proven wrong since.

I am amazed he did not become a tranny yet