Seirdy's recent activity

  1. Comment on The limited utility of the phrase “GNU/Linux” in ~comp

    Seirdy
    Link Parent
    I've seen people unironically insist that it should be called "GNU/Linux" to distinguish it from the likes of Android multiple times in the past week. I was initially inspired to write this after...

    I've seen people unironically insist that it should be called "GNU/Linux" to distinguish it from the likes of Android multiple times in the past week.

    I was initially inspired to write this after reading this post: https://social.linux.pizza/@redstarfish/109467634692979081

    3 votes
  2. Comment on i3-gaps has been merged into i3 in ~comp

    Seirdy
    Link Parent
    Yes, Sway is basically compatible with i3-gaps wherever possible. Been using it for years without issue.

    Yes, Sway is basically compatible with i3-gaps wherever possible. Been using it for years without issue.

    1 vote
  3. Comment on Goodbye to the C++ Implementation of Zig in ~comp

    Seirdy
    Link Parent
    It's called "The Birth and Death of JavaScript" by Gary Bernhardt of Destroy All Software, at PyCon 2014. Here's a recording. WebAssembly did not exist at the time; the talk was about WASM's...

    It's called "The Birth and Death of JavaScript" by Gary Bernhardt of Destroy All Software, at PyCon 2014.

    Here's a recording.

    WebAssembly did not exist at the time; the talk was about WASM's precursor, Asm.js.

    7 votes
  4. Comment on An experiment to test GitHub Copilot's legality in ~comp

  5. Comment on An experiment to test GitHub Copilot's legality in ~comp

  6. Comment on Does anybody have any experience with switching to pipewire? in ~comp

    Seirdy
    Link
    Fedora switched to Pipewire and uses the pipewire-pulse compatibility layer. No issues on my end, only improvements.

    Fedora switched to Pipewire and uses the pipewire-pulse compatibility layer. No issues on my end, only improvements.

    1 vote
  7. Comment on Abortion Search Noise Generator in ~tech

    Seirdy
    Link Parent
    When you search for abortion-related info, you may feel worried about being tracked. This tool allows others to make these searches randomly, increasing the likelihood of a false positive to...

    When you search for abortion-related info, you may feel worried about being tracked. This tool allows others to make these searches randomly, increasing the likelihood of a false positive to engines tracking these queries.

    If one person wears a ski mask, they look suspicious and might get pulled aside. If 50 other people wear a ski mask...

    2 votes
  8. Comment on Abortion bans are going to hit us worse than we think in ~talk

    Seirdy
    Link Parent
    Thank you for sharing this. I always have a preference for elevating other voices, asking for opinions, offering domain-specific advice, or assistance when I can't speak personally about an issue.

    Thank you for sharing this. I always have a preference for elevating other voices, asking for opinions, offering domain-specific advice, or assistance when I can't speak personally about an issue.

    2 votes
  9. Comment on The right thing for the wrong reasons: FLOSS doesn't imply security in ~comp

    Seirdy
    Link Parent
    Binary patching is harder and also more error prone, especially when certain build flags are used (binary-patching a program built with -fPIE -flto=thin -ffunction-sections -fdata-sections...

    Binary patching is harder and also more error prone, especially when certain build flags are used (binary-patching a program built with -fPIE -flto=thin -ffunction-sections -fdata-sections -fno-semantic-interposition is...not fun) or when the software uses binary obfuscation.

    Freedom is more than just understanding the software in question, though. Some vendors are quite hostile to reverse-engineering efforts, for instance.

    I wrote two previous posts on how FLOSS is a necessary but insufficient requirement to achieve user freedom, linked near the top.

    4 votes
  10. Comment on The right thing for the wrong reasons: FLOSS doesn't imply security in ~comp

    Seirdy
    Link
    A detailed post on how security audits are pretty similar regardless of source model, and how vulnerabilities are typically found. I believe in supporting free software for the right reasons, not...

    A detailed post on how security audits are pretty similar regardless of source model, and how vulnerabilities are typically found.

    I believe in supporting free software for the right reasons, not the wrong ones. I wrote this to address the wrong reasons.

    3 votes
  11. Comment on What are your favorite Linux distributions to use for gaming and as a daily driver, and why? in ~comp

    Seirdy
    Link
    I'd suggest Fedora. Fedora is semi-rolling: most packages roll while many are frozen. It also has frequent releases (every 6mo) so frozen packages don't get too out-of-date. Fedora's also ahead of...

    I'd suggest Fedora. Fedora is semi-rolling: most packages roll while many are frozen. It also has frequent releases (every 6mo) so frozen packages don't get too out-of-date.

    Fedora's also ahead of most distros on the security front. Fedora Silverblue and Kinoite have immutable root filesystems whose changes can be tracked using ostree. Fedora's working on supplementing this with FS-Verity (coming around Fedora 37) and dm-verity (WIP). If you combine that with some form of user-controlled verified boot, you can achieve a reasonable level of confidence in your system's integrity. On top of that, Fedora has SELinux support by default (though the default policies are admittedly lax).

    I don't like GNOME though; I use Fedora with Sway.

    4 votes
  12. Comment on <deleted topic> in ~tech

    Seirdy
    Link Parent
    (sorry i'm late) Thanks for the shout-out! I just updated Qwant's info.

    (sorry i'm late) Thanks for the shout-out! I just updated Qwant's info.

    1 vote
  13. Comment on Linux (In)security in ~comp

    Seirdy
    Link
    I love using Linux on the desktop for many reasons despite its insecure architecture. This article from a Whonix developer and GrapheneOS contributor explains how Linux is behind when it comes to...

    I love using Linux on the desktop for many reasons despite its insecure architecture. This article from a Whonix developer and GrapheneOS contributor explains how Linux is behind when it comes to (mostly desktop-oriented) exploit mitigations.

    Other articles worth checking out on madaidan's site take a critical look at Firefox and OpenBSD. He also has a good Linux hardening guide.

    4 votes
  14. Comment on Coverage is not strongly correlated with test suite effectiveness in ~comp

    Seirdy
    Link
    I felt this article misses the forest for the trees. Coverage isn't just for verifying correctness; it's useful for detecting API changes, eliminating dead code, and building a better...

    I felt this article misses the forest for the trees. Coverage isn't just for verifying correctness; it's useful for detecting API changes, eliminating dead code, and building a better understanding of program behavior.

    From a comment I posted on lobste.rs:

    I also find coverage extremely valuable for finding dead or unreachable code.

    I frequently find that unreachable code should be unreachable, e.g. error-handling for a function that doesn’t error when provided with certain inputs; this unreachable-by-design error handling should be replaced with panics since reaching them implies a critical bug. Doing so combines well with fuzz-testing.

    It’s also useful for discovering properties of inputs. Say I run a function isOdd that never returns true and thus never allows a certain branch to be covered. I therefore know that somehow all inputs are even; I can then investigate why this is and perhaps learn more about the algorithms or validation the program uses.

    In other words, good coverage helps me design better programs; it’s not just a bug-finding tool.

    This only holds true if I have a plethora of test cases (esp if I employ something like property testing) and if tests lean a little towards integration on the (contrived) “unit -> integration” test spectrum. I.e. only test user-facing parts and see what gets covered, and see how much code gets covered for each user-facing component.

    3 votes