But I’d bet it’s a mix of 2 and 3.
Code being visible is not very useful if you can’t distribute it, extend it, expand it and improve it.
Many Keepass clients have support for not actually deleting entries, and instead moving them to a “Trash” subgroup inside the kdb that is ignored when searching entries. Also they usually keep track of the history of changes to each entry, to make it non-destructive.
Coupled with Syncthing typically automatically creating backups whenever it encounters conflicting changes, I feel this should be enough, at least for me personally.
Yep. I just confirmed it… restarting Firefox seems to make the ID in https://demo.supercookie.me/ change. Thought as long as you keep Firefox session open the id will be the same.
I’m not sure if the links you reference are the whole story though, because they are talking about partitioning the cache per top-level domain, which I would expect wouldn’t have been enough, since the demo is specific to its top-level domain and it’s not necessarily about cross-domain id.
Those are open questions that I don’t think we can answer yet.
If you are asking if Valve did make changes there, I’m expecting the answer is likely no. They haven’t shown anything regarding KDE/desktop mode on the Steam Frame. And we have yet to see how exactly this is integrated with gamescope. But if the device does become popular and interest grows for Linux VR development, then I expect we’ll see people trying to make new VR environments for Linux (or adapt existing ones for VR).
However, given that Valve plans to offer ways to play non-VR games with the Frame, I expect one could add a nested wayland session as if it were a non-Steam non-VR game, so in the VR environment from SteamOS one could have a floating screen showing a traditional KDE session relatively easy, I would expect. And in that sense one could have a desktop VR environment standalone, in the Frame.
Yes, I think you’re talking about something else, related to your particular needs. But the post OP opened (which you were replying to) was about discussing what “implications for Linux” would the new Steam hardware have.
I feel the only part in your comment that was somewhat relevant to the question raised by OP was:
Anyway IMHO the big questions for VR on Linux more broadly is what changes upstream on KDE in terms of immersive UX? Is KDE Plasma becoming a VR graphical shell? Does it have 3D widgets? Does it impact freedesktop in any way?
The only reason Linux became a thing is because Torvalds managed to get engagement and popularity amongst a niche community of hackers that happened to share the same needs/goals.
Because what gives it importance is the needs we share. “The need of 1” is measured in relation to “the need of many”. Community is a huge piece in the “open source” puzzle. A community of 1 is not a community… it’s a personal space. If you don’t share your software with a community then declaring it “open” is pointless.
Also… when I said “relevant” I specifically meant for the questions raised by OP. I’m not talking about “relevancy” in some weird transcendental way… I don’t believe such a thing exists… everything has a viewpoint from which something can be said to be “relevant”… however, as you yourself said: “your preferences are not relevant to my needs”.
Everyone can say the same thing… your needs are not relevant either then.
Popularity is ultimately what moves the needle, this post was asking in which direction will the needle move… so in this context your personal needs are only relevant in relation to how popular they are.
Relevant section:
At first, around 1996, it was common practice to make the Windows key act as Meta. However, because of the existing alternative keys for Meta in Emacs, the reintroduction of a hardware Meta key binding did not prove exceptionally useful. This made Super the next most frequently emulated key of choice, and thus it became the standard assignment for the Windows key under X11.
Most Linux software and documentation calls these keys “Super” keys. However, they are still referred to as KEY_LEFTMETA and KEY_RIGHTMETA in the kernel,[5] and some documentation such as that of KDE Plasma refers to it as just the Meta key.[6][7] “Windows” and ⌘[8] are also used in documentation.
It’s unclear what you are trying to say. The question was what would switching license do. There’s 2 scenarios: 1) either Google is really not doing changes in ffmpeg source internally right now …or 2) they are in fact making changes to it internally (perhaps for encoding with their own codecs, etc.) which they are not releasing back to the public (since the code is LGPL, and not AGPL)
With situation 1, they can simply continue using ffmpeg, even if it were to switch to AGPL. They would have no need/obligation to release anything, whether they decide to fund development or not. The way I see it, only if it’s situation 2, will Google be affected by a license change. However, if the use they make of ffmpeg is just to have their own encoder program for use with specific codecs, they might as well decide to stop using ffmpeg for this purpose instead and have their own program to work with their encoders. Most of the encoding work is already being done in the encoding libraries separately released (like libaom, which Google licensed under BSD-2).
But even in the rare case of Google having made changes that (after license change) they would suddenly decide to be willing to share with the community despite having not done so before… the whole problem with this bug-reporting mess is that most of the issues reported by the automated tools aren’t something really that impactful/important, they are things that even Google would not really be that interested to fix… (why would Google need to fix a codec that only affects a videogame cinematic from 1995?). These reports are just the result of automated & indiscriminated AI analysis, slop.
AGPL is more “copyleft”, but not really more “permissive”, in the sense that AGPL adds the extra requirement of forcing server admins to provide the sourcecode to the users of any service that internally makes use of AGPL code.
It plugs a loophole of the other GPL licenses that allows companies to not share any custom modifications as long as they don’t directly share the binaries (they can offer a service using internally modified binaries, but as long as they don’t distribute the binaries themselves they don’t have to share the source code from those modifications running on their private servers, even if they are GPL).
However, I don’t think a license change would really solve this particular bug-reporting trouble. Most likely Google has not patched these vulnerabilities internally either, or at least the biggest chunk of them (since most of them are apparently edge cases that would most likely not apply to Google’s services anyway).
Sounds like a prioritization issue. They could configure the git bots to automatically flags all these as “AI-reported” and filter them out from their TODO, considering them low priority by default, unless/until someone starts commenting on the ticket and bringing it up to their attention / legitimizing it.
EDIT: ok, I just read about the 90-days policy… I feel then the problem is not the reporting, but the further actions Google plans based on an automated tool that seems to be inadequate to judge the severity of each issue.
Sure, but if it wasn’t triaged why consider it “medium impact”? I feel when tight on resources, it’s best to default to “low priority” for all issues whose effect (ie. to the end-user, or to the software depending on it) isn’t clearly scoped and explained by the reporter. If the reporters (or those affected) have not done the job to make it easy to quickly see why it’s important to have this fixed then it’s probably not so important for them to have it fixed. Some projects even have bots that automatically close issues whenever there has not been activity for a certain time (though I’d prefer labeling it / categorizing as “low engagement” or something so it can be filtered out when swamped, instead of simply closing it).
About “public confidence”, I feel that this would rather be “misplaced confidence” if it’s based on a number that is “massaged” to hide issues. Also this is an open source project we are talking about, there isn’t an investment fund behind it or a need for people to have absolute loyalty or blind trust. The code is objectively there, the trust should never be blind. If there wasn’t a long list of reports I’d be more suspicious of a project as popular, frequently updated & ubiquitous as ffmpeg. Specially if they are (allegedly) not triaged. Anyone who decides to choose ffmpeg based on the number of issues open without actually investigating from their end how relevant that number actually is… well… they can go look for a different software.
I agree… I mean they are not forced to fix the issues, if the issue is obscure and not many people are affected, then there’s no reason why they can’t just mark it as “patches welcome” and leave it there. I feel this is a problem in the policy the project might have for prioritization, not really a problem in QA / issue report.
For context:
The latest episode was sparked after a Google AI agent found an especially obscure bug in FFmpeg. How obscure? This “medium impact issue in ffmpeg,” which the FFmpeg developers did patch, is “an issue with decoding LucasArts Smush codec, specifically the first 10-20 frames of Rebel Assault 2, a game from 1995.”
To me, the problem shouldn’t be the report, but categorizing it as “medium impact” if they think fixing it isn’t “a valuable use of an assembly programmer’s time”.
Also:
the former maintainer of libxml2 […] recently resigned from maintaining libxml2 because he had to “spend several hours each week dealing with security issues reported by third parties. Most of these issues aren’t critical, but it’s still a lot of work.
Would it be truely better if the issues wouldn’t be reported? what’s the difference between the issue not being reported and the issue not being fixed because it’s not seen as a priority?
Enforcing the restriction through a browser web standard, instead of a popup susceptible to anti-patterns, is a good idea. Sure, you could configure your browser to say “yes to all”, but you control the browser. You could also configure it to say “no to all” if that’s what you want. It’d be the equivalent of a popup, just automated by you. It’s the way I always thought the cookie permissions should have been done. The same way as when a website asks about permissions for notifications, or camera/mic access.
But I don’t think this is what the article is talking about. They are not talking about using a web standard or anything like that, they are talking about how the very definition of “personal data” is being changed, and that does not look good.
Is that really what this is about? I feel the GDPR is a different thing, independent of the cookies popup being a browser standard or not. The article talks about altering the definition of “personal data”. I don’t see why you can’t keep the same definition while requesting websites to follow a browser standard… so I feel these are different things.
Or are you implying that the EU doesn’t get proposals to gut privacy/data protections? (regardless of whether they’re accepted)
The “formal” part comes from “formal system”, which is essentially the use of rules of inference based on an initial set of presuppositions, with an exact/mathematical approach to “truth”.
The idea of “informal logic” is something some people have wanted to put forward, but it’s a much younger and not as well defined term, and whether it should really be considered “logic” is something that has criticisms: https://en.wikipedia.org/wiki/Informal_logic#Criticisms
Perhaps in the end all logic is formal logic, the problem is that we know from Gödel’s incompleteness theorems that not everything is computable and translatable into a formal system… to solve this you’d have to model the statements into a Gödel/Lobian machine (at which point you are essentially building an AI).
You’re not being fair, that wasn’t the conversation thread at all… I didn’t reply to OP’s initial message directly.
It was more like this:
OP: Hi guys, I’m looking for yellow tomatoes, do you know where can I get them?
Commenter: I go to this store, they have tomatoes that are yellow enough for me… for more sophistication you need to go to a much further away local shop.
OP Response: My question isn’t sophisticated! …all I want is my tomatoes to be of the same color as all the other yellow vegetables I exclusively eat, all yellow, tomatoes and ketchup being red is a step in the opposite direction.
Me: there’s a reason why the red ones are sold, [valid cultural reason]. But you can still change them, here’s a manual / recipe to turn them yellow when cooking.
As you see, when I was talking about reasons it was mainly directed to the apparent indignation of comment “3”, when the person was painting their request as something that should be seen as the more reasonable / less sophisticated approach… so I gave the reason to show how the opposite is also more reasonable / less sophisticated from another point of view.
But even then, I did link to the manual for readline to configure the input handling. It’s not like I just dismissed the initial question like your simplification implied.
PowerShell still runs inside a terminal emulator (e.g. Fish), so it changes nothing in the input/output behaviour.
You can definitely change the input/output behavior by changing the program that runs on the terminal… in fact, when I posted that link earlier, what I said is that you can configure this in readline, which is a library that bash and many other programs that run in the terminal (not all, not fish, for example) use for interpreting the input, so all terminal programs using the readline library for handling interactive input have the same shortcuts. It’s not the terminal the one with those shortcuts coded into it.
“GUI-friendly terminals”? What does that mean, in the context of the conversation? Why are you talking about GUI?
Because a terminal emulator is a GUI app… OP wasn’t talking about about real terminals, nor about a virtual console session in Linux (which runs without any GUI), but about a terminal emulator you open in a window within a graphical compositor.
My point was that most of the popular (amongst terminal nerds) GUI app terminals stay away from the traditional GUI toolkits when possible because they want to keep the app slim and lightweight. And it’s those toolkits the ones that orchestrate the standardization of the typical Windows-like shortcuts (similar as the readline library, but for GUI apps). This is also why in many terminals you don’t even have a menu when you right click, since those menus are usually done with GUI toolkits. But there are also heavy-weight terminals like the ones bundled in some more user-friendly DEs that do include GUI toolkits as dependencies, so they might actually have an easier go at playing nice with other conventions in their respective DEs. However, you’d still need to pair it with a shell that also plays nice (or configure it to play nice, if possible).
Is it weird to explain the reason why something is as it is? If you were already aware of it then it shouldn’t be as baffling.
There are also modern terminals and shells that do things the way you expect in a more convenient way, but maybe you also know this, OP mentioned powershell, that can be used in Linux too. It’s just that this hasn’t been a focus for traditional and slim/lightweight terminals coupled with traditional shells which is typically the popular combination amongst heavy terminal users, many of the slim terminal apps stay away from GUI toolkits that are what normally give consistency in settings to the GUI apps. And because they are slim and try to eliminate what isn’t absolutely needed, typically they don’t do configuration profiles, specially given that it’s relatively easy in Linux to backup and reuse your configuration across installs. It’s more of a job at the OS/sysadmin level.
There’s also not a real standardized setup in Linux as a whole. There are environments that default using the Super (Windows) key for all window management, or use TUI terminal apps for most things so they get terminal navigation keys for all their apps. Some people even configure Gtk/Qt to use vim/emacs style for navigation in text boxes because for them it’s the other way around, all their apps use terminal shortcuts because… well… they are terminal apps.
I’m not sure if that’d be what it’d look like… distributions are hardly ever that heterogeneous.
I’d bet all the GrapheneOS users would get together in their own corner and nerd out about their customizations.
For the record: 1 in 25 is 4% …the image gives (intentionally?) the illusion of the proportion being higher.