I had a similar task to

“Set up a web service, load balancer and infrastructure to scale it to handle a large amount of requests. Harden the security of it to the best of your ability. Document how it works, how to scale it, why you built it the way you did, what measures you took to harden it and why, and any future improvements you would suggest. All code and documentation should be production quality. This should take about four hours.”

Maybe you can write this code in four hours, but all this documentation and motivation as well? Fuck off.

They also asked for a made up report from a security audit (this was for a security engineer position) containing a dozen realistic vulnerabilities with descriptions, impact assessments, and remediation suggestions. Once again of production quality. This is at least six pages of highly technical, well researched, and carefully worded text. Four hours is tight for this task alone.

May I suggest you spend more effort understanding the situation, and less coming up with wild speculations?

I’m sorry but that is absolutely not “the whole point of open source”.

The point of open source is the ability to read, modify, keep and share the source code of the software you use.

It’s a good thing that no one is beholden to anyone then. Which is the entire point of free software.

2024 is the year of Red Star Linux on the desktop

You might be surprised to learn that Sweden also has sanctions against Russia, together with the rest of the EU, Norway, Switzerland, Japan, Australia, South Korea and a bunch of other countries. Because this is not about the US being an ass, it’s about Russia being an ass.

The massive negative outcry over this fairly uninteresting change certainly seems oddly overblown, almost as if there are parties trying to turn it into a big political issue to paint Russia as a victim. But idk, nerds freak out over stuff all the time completely on their own.

Giving them the benefit of the doubt, I think the Linux Foundation has a hard time being clear on the matter because it just isn’t clear. These are new laws and a global open source cooperation run by a non-profit is likely a corner case that the lawmakers did not think about at all when making them.

Yes, the sanctions against Russia, as mentioned by Linus. The change also said the maintainers “can come back in the future if sufficient documentation is provided”.

My guess is that the Linux Foundation must ensure that none of the people they work with are in any way associated with any organisation, person or activity on the sanctions list. And that they preemptively removed all maintainers that might risk violating the sanctions while they work with them to establish whether they might be covered by the sanctions or not.

Regardless of what you or they think of the sanctions, they are the law, and I don’t think anyone wants the Linux Foundation to have to spend their money on lawyers and fines because they had a maintainer who also worked on a research project funded by a sanctioned entity. (If that is how it works, IANAL)

Yeah the tech labor market has really proven that the idea of employment contracts being negotiated between equal parties isn’t true even in the best of circumstances.

Even when companies are desperate for talent, and willing to spend ridiculous amounts of money on salaries and perks, they are not willing to negotiate on anything outside of that. They still have terrifying contracts with non-compete and damages clauses they could use to wreck your life, no workplace democracy, unpaid overtime and whatever other shit is legal.

But hey! You get free snacks and enough money to buy the dinners you don’t time to cook and save up to survive your inevitable burn out!

Unless unions work differently where you live, they are a democracy that will pursue whatever issues its members vote on. If members don’t think pay is a problem, why would they try to change it?

It’s only 7.4% if you’re discounting the large service sector and looking only at goods (which may be what people mean by “exports”, idk). That’s why our numbers differ, it’s 4.2% of all exports, and 7.4% of exported goods.

Oil and gas products account for 4.2% of Sweden’s exports. The gas exports alone almost rival those of dairy and eggs! Truly a petrostate if I ever saw one

Are you perhaps thinking of a different country?

ls -r actually lists entries in reverse order! It needs -R as well.

cp and rm accept either.

Looking at some man pages the only commands I found where -R didn’t work were scp and gzip where it doesn’t do anything, and rsync where it’s “use relative path names”.

(Caveat: BSD utils might be different, who knows what those devils get up to!)

Not chmod related, but I’ve made some other interesting mistakes lately.

Was trying to speed up the boot process on my ancient laptop by changing the startup services. Somehow ended up with nologin never being unset, which means that regular users aren’t allowed to log in; and since I hadn’t set a root password, no one could log in!

Installed a different version of Python for a project, accidentally removed the wrong version of Python at the end of the day. When I started the computer the next day, all sorts of interesting things were broken!

Aha! I didn’t get that you meant the issue was accidentally using -r instead of -R since both you and OP wrote the upper case one.

I’m a lot more used to -R so I instead get caught off by commands where that means something other than recursive :)

I mostly use symbolic mode and honestly don’t get why everyone else seems to use octal all the time.

That’s what -R does in chmod as well? I feel like something here is going completely over my head. Or are you-all using another version of chmod?

My experience is that sales are unlikely to cover a component you want anyway. If they are right around the corner, then sure why not, but otherwise just enjoy your new computer sooner rather than definitely waiting to maybe get a deal.

Do check price history though to see if something you’re interested in is currently overpriced or regularly on sale.

But that post is Mozilla clearly speaking out against SREN because they do not want to be compelled to block certain sites.

Are you then talking about Google Safe Browsing? Which is enabled by default in Firefox, but which does not “monitor your activities”. It compares the site you are about to visit to a downloaded list of known bad ones and warns you if it’s on the list. Hardly an Orwellian nightmare. Just turn it off or ignore the warning if you do not want it. I keep it on because I’ve never seen a false positive on that list and I understand that even I’m vulnerable to attack.

We should be free to customize programs, free to block what we don’t need

And you are. If you don’t want to use safe browsing, turn it off, is right there in the menu. They have given you a default that’s best for most people and the option to customize.

Further, since it’s free software there’s really no limit to your power to customize or get rid of what you don’t need. (I understand that this is not possible for most people, but that’s why you have the menu options, this is just a final line of defense.)

Security for the user is obviously what we are talking about. Regular people do not have the knowledge or patience to make informed decisions regarding their technical security; any model that relies on that is going to fail because people will click whatever they need to make stuff work. Even people who do understand the technology do stuff like disabling SSL verification, rather than going through the effort of adding the new CA to their cert list.

Firefox is not doing the same as Chrome. Firefox is adding a feature to disable unverified add-ons on particular domains to stop attacks from malicious add-ons. Chrome is adding a feature that tracks the sites you visit and shares them with other sites to improve ad tracking.

How are these features comparable at all?

That’s interesting. The first site on the list is the self-service login page for Banco do Brasil. Doing a little bit of digging suggests that attacking the users local environment to steal money via self-service is a widespread problem in Brazil. That would explain the need to block all add-ons that are not known safe for a page like this so they can’t swap that login QR-code. Here’s an (old) article detailing some of these types of attacks https://securelist.com/attacks-against-boletos/66591/

I wish Mozilla would be more transparent about this, but I speculate that they might be provided these domains under NDA from the Brazilian CERT or police.

TBH I think malicious add-ons are the new frontier of cybercrime. Most classic attacks methods are well mitigated these days, but browser add-ons are unaffected by pretty much all protections and all the sensitive business happens in the browser anyway.

remotely monitored their browsing real-time

it’s kind of inevitable that sometimes they have to support that giant

What more specifically are you talking about here? The functionality we are talking about can not be used for remote monitoring. Are you saying Mozilla added this feature under duress from Google?