Thank you. I don’t know that I ever knew that statistic about Greenland’s population. The nuke statistic tossed around - that I always heard - was something like “there are enough nukes to blow up the world a million times,” with is a silly, sloppy metric that doesn’t day anything about the actual warhead count. Are those Tsar Bombas, or Fat Man? How many megatons are required to “blow up the world” once? But that graph is interesting; it’s even more interesting that there population of Greenland and the number of (viable) warheads on the planet have been so relatively close.

I mean, if that’s how you get your rocks off, you do you. Personally, I’ve never found vitriol to be in any way healthy.

The biggest challenge for future intelligent species, and the reason why I know we’re the first technological ones, is that we’ve mined all of the easily accessible metals and all of the easily accessible fossil fuels. Any intelligence arriving after us is going to have to make a civilization without iron, precious metals, oil, or coal. Unless you get into some sci-fi bio-engineering scenario where they’re growing high tech, they’re doomed to being stuck in the stone age. It’s going to be hard for them to escape the planet, defend it from asteroids, deal with super-volcanoes, build advanced calculating devices… all of the stuff we would already find challenging even with all the resources we have.

Millions of years are not enough to replenish the fossil fuels, and the sun is going to start expanding before enough life lives and dies to produce any useful amount of biomass. Before then, more metals will become accessible, in places, but good luck working it at industrial levels without fossil fuels.

I’m not saying it’s impossible, but we’ve given a severe handicap to advancing beyond a rudimentary agrarian society for any successor species; even if it’s our own descendants re-arrising from a post-apocalyptic environmental catastrophe.

“You’re not obligated to respond”, combined with “nobody else cares about your quarrel but you and that idiot” are the two maxims that make my social media experience better. Sometimes I feel like arguing, but if I think someone’s arguing in bad faith, I just block 'em.

Life’s too short to spend time interacting with morons.

But why would you have thought that? There have always (for recorded history values of “always”) been people in Greenland; there have only relatively recently been nuclear warheads. So - regardless of truth - why would you have assumed that there must have at some point been more warheads in the world than people in Greenland? That doesn’t seem like an obvious assumption, to me. What made that occur to you?

Calibre is one of the great pieces of FOSS software, and demonstrates everything good about FOSS: it has regular updates; it’s been around for simply ages; it works really, really well; it gets updates and new features and yet has never in my memory had a breaking, non-backwards-compatible release… it’s stable; and it resists - in its way - the attempt by publishers to steal our rights and ownerships of our media.

I contribute donate to Calibre. I hope that Goyal has a successor lined up to take the helm who can continue such an outstanding contribution when he finally retires from the project.

Edit: clarification

Just to clarify for OP:

The format is always SVG, as it’s an open standard. Inkscape is the leading FOSS SVG vector editor. Boxy is a web-based SVG editor which is freemium.

SVG is the W3C standard for vector graphics that can be rendered by practically every browser. Gzip compressed SVG files (svgz) are much smaller but enjoy less support.

Illustrator can import, edit, and export SVG files.

A little later, maybe, but much the same… on the upside:

• we were optimistic.
• we were going to conquer space, and it was going to be real live humans, not semi-autonomous robots
• society (in the US and W. Europe) was (very) slowly getting more progressive.
• Hitler had been killed, and fascism defeated forever. Never again would we have another dictator; never again would we watch a country commit genocide against a people.
• life was slower. TV was the bad influence rotting kids brains. We didn’t have an entire industry focused on commoditizing us.
• computers were fucking incredible. The future we imagined coming from computers was very, very different than what we ended up with. For one thing, we didn’t imagine a single-minded focus of all software and computing power on commercializing every aspect of our life.
• no Facebook, no Twitter, no TikTok
• Income disparity was far less extreme, and class mobility was a realistic dream. You could imagine buying a nice house and raising a family on a single income. If you worked hard and had a little luck you could pass on some reasonable wealth to your kids.
• shit really was - in the aggregate - getting better all around. Technology was advancing and bringing amazing products; science was being discovered that you could basically wrap your head around. Lives (in the Western world) were improving (relatively, compared to previous decades) for most people, and all this happened at a pace that didn’t up-end your world every day, 365 days a year.
• you could get all the news you needed for a fairly rounded world view in a single newspaper, much of which you could read over breakfast. There was no information overload.

On the downsides,

• dad beat us with a belt as punishment
• we were having wars that were disrupting society. The draft was a real worry.
• we were constantly afraid that nuclear war could happen at any time
• commies were hiding under our beds
• minorities of all kinds were fighting for their rights, and fighting to get them enforced. It sucked to be gay, or black, or a woman (but it was getting better, slowly)
• most people didn’t have access to a computer, much less a PC until well into the 80’s, so you had to infiltrate University computer labs.

It was a slower world, with fewer consumer goods, fewer conveniences, and worse medical care. Everybody smoked, all the time. But slower was good, and - best of all - we didn’t realize yet that we were killing the planet; the world wasn’t ending.

Like, comparing it to China or India?

Comparing absolute numbers in a statistic like this is particularly egregious. At least make it per-capita. May as well compare the number of murders per year in the continental US to the number of murders per year in the entire polar regions. Shock, horror, American so violent!

That’s a 10 hour toilet visit, right there. No mute.

Hey, my skateboard, now hanging on my wall, totally enhances my middle-aged-man home office, and establishes my credentials as a still-hip young-at-heart, totally not emotionally-dead middle-management-drone!

I’ve actually ridden it within the past year, but (a) I am absolutely certain I look ridiculous on it, and (b) I’m sincerely concerned that I’ll hurt myself: old people break more easily, and heal more slowly.

When it was first released, I was interested in the decentralized nature of it as a currency. I liked - well, I still like - the idea of a currency that isn’t controlled by a government. At the time (2009-ish?), I also thought it was anonymous, which also appealed to me; cash is mostly anonymous, but it can’t be used online, and even then the fact that society was increasingly moving toward cashless - and very traceable, and usary-heavy - credit cards was clear. Stripping privacy is critical to control.

Bitcoin isn’t anonymous, but other cryptocurrencies are, and bitcoin laid the groundwork. To your question, I, and many other people, paid some money to get some bitcoin - I think I spent $120? Mainly so I had enough to explore the space and play with it, because even then mining seemed painfully slow. Once money was spent on it, by whomever and for whatever reason, it acquired value: the value that, if you had some, you could sell it to someone else, or trade it for goods. In that way, it has the same value as an IOU on which I’ve scribbled “Good for $10 from Ruairidh Featherstonehaugh” and signed my name. Flawed metaphor, but you get there idea - the paper itself has no intrinsic value.

Despite that mining is so horrible for the environment, the concept that motivated Bitcoin still IMHO has value. An entirely digital, cashless system, not controlled by any one organization but rather by the community of participants. If Bitcoin didn’t have the environmental cost - if it has been proof-of-stake rather than proof-of-work, or if the computational work was actually something useful to society like gridcoin.us, it wouldn’t be so controversial. Sure, people are still going to be bitter about not buying into it early, but as long as people are willing to trade goods and services for it, it’ll have real value based on market rates.

He shoots, he scores!

deleted by creator

deleted by creator

“Colloquialism, motherfucker! Do you speak it‽”

Edit: corrected autocorrect incorrection

🧑‍🍳🤌

There’s hope, though. Although stalled by the current civil liberties regression phase we’re going through in the States, and the rise of fascism globally, in some States and some countries assisted suicide is legal. There’s a wonderful product called the Sarco Pod, developed by an Australian, that performs euthanasia by nitrogen, which is one of the best methods of suicide. It’s not currently widely available, but hopefully services offering it will start popping up. We have to get through this rough patch, first.

I don’t want to use the term “fear mongering”, I think you may be a bit too concerned here.

I’m concerned because I maintain numerous OSS projects and I now have to be justifiably concerned about supply chain attacks. Even Go projects tend to pull in tons of dependencies, and there’s a pattern I’m increasingly countering where some library will claim to be a “lightweight” or “small” library for X, but then I pulls in a dozen other projects each pulling in their dependencies. It isn’t lightweight if even one dependency is heavy, and I wish people would stop making this claim. But the security impact is that now there are dozens of projects I have to audit every time one of those dependencies does a version bump and I take it.

This is an issue. It is an impediment to the people contributing to the Bazaar; it disincentivizes both developing and using OSS, and it’s harmful especially now when Linux is gaining more widespread popularity. I believe we need a concerted reaction.

Go needs better security-focused static code analysis tools; there are any number of code quality checkers, but there are precious few security checkers and the ones that exist focus on developer practices, such as string sanitization. I want a reporting tool that will identify which of my dependencies make network connections, and where, and what kind of information is being sent, so that I can focus my audits. Ideally, the Go team would run a service that provides a health check for a package - a third party analysis users (developers and end users) can trust… but at this point I’d pay a monthly fee to be able to submit packages and get a badge.

I think someone with InfoSec expertise could do a reasonable job with at least the statically compiled, modern languages, but I agree with your comment about it taking a community. If each PL community provided a static code security analysis tool, someone would eventually write a self-hostable service that could provide a score for most projects; at that point I’d expect this to become the purview of distributions - it’d be a significant value-add, a greater contribution than making yet another Ubuntu derivative that varies only be the default DE.

Perhaps there are other tools such as LLM-driven code analysis; I’d expect that would be more effective with a model specifically trained to look for supply-chain attacks.

I also contribute manifests to a couple of distributions, and I know neither of them do security gate keeping on the packages submitted by the simple fact that the time between submission and acceptance is too short for anyone to have performed an analysis.

This is going to bite us; the damage it’s going to cause to OSS will be far worse if we, as a global community, react to a broadly newsworthy event than it will be if we’re proactive and prevent it.

I don’t think the average Joe or Jill is going to be interacting with all sorts of random obscure FOSS projects like us more technical users are who program or experiment with services ourselves.

Windows had an attack not so long ago

Windows was long called less secure by Linux advocates merely due to the fact that virus makers were ignoring Linux as being too small to care about. That changed as the world’s internet infrastructure transitioned to being dominated by Linux.

The issue I’m concerned about specifically is FOSS, regardless of the platform. In a full half of the projects I maintain, I create release builds for Linux, Windows, OSX (Darwin), and OpenBSD. The attack is on the FOSS model, where software is freely exchanged.

We are welcoming an entirely new wave of Windows refugees, many of whom are less technical. They’re mostly going to be using FOSS when they arrive, and the nature of supply-chain attacks is that they can show up in any program, even main packages included in KDE, for example. Yes, they can also show up in commercial software, but unlike community-driven FOSS, commercial entities have the means to perform security audits and consumers have some legal recourse - an organization to litigate against.

I’m advocating for a concerted, proactive effort by InfoSec specialists in the FOSS community to come up with 1) a manifesto about how we’re going to respond to supply-chain attacks and malicious software, 2) tooling to help developers audit their dependencies in whatever PL they’re using, and 3) some mechanism of publishing results, even if it’s self-hosted. In the last case, diligent users will check multiple hosters against each other, and probably a couple will emerge as “trusted providers;” if the Go teem hosted such a service, it would become the defacto authority. The Rust team could do the same.

None necessary, but thanks.