NIST SP 800-63b already did that several years ago. People just need to follow it.

Depends on the context. We’re talking about an image editor, so showing a demo of the features in video form is helpful.

God, that’s so accurate.

Although, you could replace “brand” with “adult”, and it would work for memes that kids have propagated.

Then I woke up, at first impressed that I did that. Then I just couldn’t help but wonder if I was just dreaming that I lucid dreamed and that the choices I made were actually just a part of the dream.

Your choices in a dream are colored by the reduced mental output you have when you’re dreaming. In a dream, you might make a lot of dumb decisions than make perfect sense in the dream, but are immediately illogical when you think about them awake.

With lucid dreaming, you have an increased self-awareness, but you’re still in a low-activity brainwave state.

your reign of terror shoulda ended with Indigo Prophecy.

Well, at least it ended with JASON!

If you’re not first, you’re last.

-Ricky Bobby

Dev being an asshole and not accept Linus’ code review = Rust is bad?

But, as the debian dude has learned… Rust programs will 99.999 % work if they can be compiled.

That’s a dumb statement. Every tool needs unit tests. All of them!

If grep complied, but always returned nothing for every file and filter, then it’s still not “working”. But, hey, it compiled!

The OP is about packaging issues with userspace utilities due to version pinning in Rust

No, it’s about Bcachefs specifically. It’s literally in the title. Discussions around Rust version pinning are a useful side conversation, but that’s not what the OP is about.

So if your Rust app is built against up to date libraries in Cargo, it’s going to be difficult to package those apps in Debian when they ship stable, out of date libraries since Debian’s policies don’t like the idea of using outside dependencies from Cargo.

As they should. You don’t just auto-update every package to bleeding edge in a stable OS, and security goes out the window when you’re trusting a third-party’s third-party to monitor for dependency chain attacks (which they aren’t). This is how we get Crowdstrike global outages and Node.JS bitcoin miner injections.

If some Rust tool is a critical part of the toolchain, they better be testing this shit against a wide array of dependency versions, and plan for a much older baseline. If not, then they don’t get to play ball with the big Linux distros.

Debian is 100% in the right here, and I hope they continue hammering their standards into people.

Right. If you have malware on your computer, you might as well assume that every part of the computer, and everything it can connect to, is compromised.

Yeah, it sounds like the first exploit required your vault to be unlocked

That barely fits the requirements to even be called a vulnerability.

“Sir, this safe lock is horribly insecure because all it takes for somebody to get access to the safe is to have the owner invite an intruder over to his house, unlock the safe, and the intruder can barge right in!”

I’m all for broadcasting vulnerabilities for services that deserve it. But, taking two of the thousand unrated CVEs that appear each year, slapping on a clickbait headline, and trying to scare people into not trusting password managers is a load of shit. The only reason this trash got upvoted is because this community has a massive hard-on for locally-controlled password stores, without acknowledging the negatives.

Switzerland be like:

…I feel like openssh has a much larger attack surface than a simple binary.

Right. This is just trading one set of security pitfalls with a second, much worse set of security pitfalls.

No, it doesn’t.

From Wikipedia:

Enshittification, also known as platform decay,[1] is a way to describe the pattern of decreasing quality of online platforms that act as two-sided markets.

From the guy who coined the term itself:

Here is how platforms die: first, they are good to their users; then they abuse their users to make things better for their business customers; finally, they abuse those business customers to claw back all the value for themselves. Then, they die. I call this enshittification.

Yeah, it has a very specific meaning, and people are now using it to mean “things becoming shitty”. Just because “shit” is the base word doesn’t mean that’s what the whole word means.

What I love about Chinese electric car manufacturers is that they’ve fully embraced the cyberpunk aesthetic from the chassis design to the car sounds.

So, the Vaporwave color pallete?

When you get articles like this, the first thing you should ask is “Who the fuck is Firstpost?”

Yeah, the format is that she repeats the second panel on the fourth panel, with more question marks and concern. This version is almost like explaining the joke here.