In an open letter to the prime minister, Labour MPs said “successive governments” had done “too little to protect young people from… unregulated, addictive social media platforms”.

They are focusing on the wrong thing. The problem is not young people access it, it the unregulated and addictive parts. Those affect everyone not just the young. Regulate the addictive behaviours of these platforms and protect everyone. Don’t just force ages ineffective age verification that harms the privacy of everyone.

I treat warning as todos. Fix them all before I release something. I would only ever disable one if I know for a fact the warning is a false positive.

I would question why you are seeing so many warnings you are not sure about? If you keep on top of them you really shouldn’t have that many. Marking them all as allowed with a Todo comment feels just like you are burying you head in the sand.

I would leave them all there to keep nudging you to investigate and remove them. Hiding them behind a Todo will just mean you will ignore them. And warnings are important, they very likely point to a problem, even if that is just the code could be simpler. It is rare they are true false positives.

One source said officials had discussed including a virtual private network function to make a user’s traffic appear to originate in the U.S. and added that user activity on the site will not be tracked.

Somehow I don’t believe that last part 🤔

I don’t fully believe this is purely an AI agent. Not after the moltbot incident raised how many humans where responsible for the posts on it. It just seems to be an attempt to make LLMs seems more autonomous then they actually are. It may have been written by an LLM, but I bet it was directed by a human trying to stir up drama.

This sounds all well and good. But I find in practice it never works very well. Too easy to gain a conflict which then messes with the stash (things remain in the stash and need to be dropped if you remember to). I always found it a pain to manage.

These days I just commit everything to master. When I start work on one feature to realise I need something else or to refactor something else first the I do that work, patch commit the changes, create a branch and checkout a new worktree, cherry pick the changes and push that branch to create a pull request. Then continue with the previous work while I wait to get the previous work merged.

Have a script which basically lets me do all that with a single command. And I never need to manage the stash. The only time I use the stash is with a rebase or pull etc with the --auto-stash flag. Which pops things off when it’s done anyway. The stash only really works for very temporary stuff like that.

It’s both. If busses are cheap and reliable more people will use them. If more people use them they are cheaper to run. Which creates a positive feedback loop to a point.

You can make busses cheaper for people by other means though - like council/government substitutes or running at a loss for a bit. You need to do something to get more people, you cannot just force people to take the bus before doing anything else.

You have picked some weird hills to die on there.

for x in list:

This is fine. Many languages now do it. The extra brackets around a for or if dont really add any clarity or make things easier or harder to read. This is the type of thing you just get used to and prefer what you are used to. You get over it quickly.

Why would you provide a way to type parameters but don’t enforce it at runtime?

This is a bit stupid, but really is legacy reasons for it. Since it didnt use to have static type declarations and wants to remain somewhat backwards compatible it needs to ignore them at runtime. But as a JS and PHP developer you should be used to this. Both do the same thing as python here with types (well, TS for JS and the many other attempts at getting types into JS). So it is weird that you are singling out python for this behavior.

Why so many different ways to declare an array-like structure? Tuples, Sets, Dicts, Lists?

DIcts are not array like here. Tuples sets and lists are all common is many languages as well. PHP is a real weird case here given everything, even arrays are effectively a dict - that is a strange language design feature. But Java is way worst for different types of array types in the language.

I’m mainly using it because of interoperability, easy to setup, i

What? I hate setting up python projects. Each one wants to use a different dependency or version manager. Yeah you might have python on most systems but they are all different versions and python is famously terrible at backwards compatibility. It seems every few versions they throw something in the breaks some existing scripts so you really need a version manager for things. Which is more complex setup and management of things. There are far too many different tools to help you with this and fetching dependencies which means if you work on lots of different projects by different people you have a hodge podge of diffing tools you need. It is a complete mess.

Personally I hate python as a language, but you have picked some minor points that IMO dont really matter or that the other languages you use also suffer from. There are far better things to pick from that are far more annoying in the language.

You cannot do that analysis with one sample. Why pick one day? That is an arbatary amount? Pick the 1 hour or minute that the CVE was released and you will find rust might be responsible for 100% of CVEs, Take a Week or year and that number drops dramatically. Pick the next day and that drops to 0%. You can select any % you want if you change what time period you are looking at.

The fact that there has been one cve in 5 years of rust in the kernel is a bigger tell. There will be more rust CVEs, and each one is going to be big news as they happen so rarely.

Less chance of an update breaking things. Lots of small and frequent updates, instead of rare and large update packs/stacks.

I would say a rolling distro update has a higher chance of it breaking something. Each one might bring in a new major version of something that has breaking changes in it. But that breakage is typically easier to fix and less of a problem.

Point release distros tend to bundle up all their breakages between major versions so breaks loads of things at once. And that IMO can be more of a hassle then dealing with them one at a time as they come out.

I tended to find I needed to reinstall point release distros instead of upgrading them as it was less hassle. Which is still more disruptive then fixing small issues over time as the crop up.

It has an LTS kernel. Not a separate version. This does not make everything LTS. This is very different from LTS distros.

It is not just about your pc hardware. I much prefer running the latest software on it as I regularly use features from tools added in the last version of something. I would hate to have to wait 6 months to a year to be able to use new features that make my life easier. That might not be every bit of software I use but enough core things that I would notice.

Email support was the bain of my existence. I forgot how many misconfigured system I came across decades ago that would fill up their filesystem with logs from crons in the root mail dir. Such a stupid default setting. We have vastly better methods for monitoring systems these days then firing off an email when a cron runs.

You can also easily see when the job last ran, if it was successful and when it will next run. As well as just trigger the service if you want it to run now.

I was not trying to brush away the differences for GPL 2 vs 3. My point was just that I don’t think a more permissive license on Coreutils would have caused every company to want to steal the code, get everyone using it and force out the GPLed version. But a more restrictive license (say one that infects other binaries on the system) would have meant fewer companies using it and thus fewer distros and everyone else using it.

But for other projects the balance is different and a more permissive license would cause issues. There are some projects that even the GPLv2 or even v3 is too permissive for.

sudo is not GPL3. It is not even GPL2. It is an old license that is just as permissive as the MIT license. It has never had any big problems with that being the case. I don’t think that coreutils being GPL has really done anything to force companies to contribute back to it. It is mostly fixed in its function and does not really have much room for companies taking and modifying it to a point where others will favor the closed version over the open on. And what it provides is fairly trivial functions overall that if someone did want to take part of it then it is not terribly hard to rewrite it from scratch.

GNU Coreutils is not the only implementation of those POSIX features - just the most popular one. FreeBSD has its own, there is busybox, the rust ports and loads of other rewrites of the same functionality to various degrees. None of that really matters though as they dont really add much if any value to what coreutils provides as there is just not that much more value to add to these utilities now.

And it is not like the GPL license of coreutils affects other binaries on the system. So if you dont need to modify it and it does not infect other things there is little point in trying to take it over or use an alternative.

MacOS does not use a later version because they cannot. But also they don’t care enough to even try to maintain their own.

GPL is important on other larger/more complex bits of software. But on coreutils/sudo IMO it does not matter nearly as much as people think it does.

Core Android and ChromOS don’t need to be FOSS because they use the GPL. You can use the Linux kernel without having to make everything that runs on it GPL as well. Things that run on the kernel are not derivative works of the kernel. These projects are FOSS because google at the time thought it would give them an advantage to make the FOSS.

If you add too many restrictions to a license it does not force companies to give their stuff away for free, it just means they wont use your project which can drastically stunt the growth of your project. If Linux had a more restrictive license to start with all that would of happened is no one would have heard of it today as companies would have created something else that they can use.

There is no one size fits all safest option. Details matter and each project needs to read the licenses and decide on which suits their needs best.

MIT is probably the safest option for a company creating a library wrapping their service where there is no real value in others taking that code. Or for simpler libraries that are fairly easy to reproduce so the need to steal the code is low. Or you just don’t care what others do with the code.

GPL is probably safest for some hobbies that does not care about companies and just wants everyone that is using their project to not bake it into a product they distribute. But also means companies likely wont want to use your project if it is a library.

LGPL might be a good option for library code if you want other companies to use and contribute back to some complex library you are using that is hard to reproduce in isolation.

Other licenses are needed if you want to prevent other hosted services from using your project without contributing back.

Different licenses exist for different reasons and it all depends on what you want for your project.

I don’t think there is a good license for that. The ones MongoDB used turned the open source community against them. But that is not really my point. I just mean that some projects using MIT won’t suddenly mean every company will start stealing and closing that software. Some things like coreutils and sudo just don’t have the commercial value to make that worth the effort. So there is no real need to worry about these two projects IMO. Other projects are a different story altogether though. Each project needs to make its own decision on what licence best suits it. The GPL is not the one and only license that is worth using.

Coreutils has little commercial value to take can create a proprietary fork of. There is little value that can be added to it to make it worthwhile. The same is for sudo - which has had a permissive licence from the start. In all that time no one has cared enough to fork it for profit.

Not saying that is true of every project. But at the same time even GPL software has issues with large companies profiting off it and not contributing back. Since unless you are distributing binaries the GPL does not force you to do anything really. See mongodb and their move to even more restrictive licences.

The GPL is not the only thing that stops companies from taking open software. Nor does it fully protect against that.

Not does everything need to be GPL. It makes sense for some projects and less sense for others. Especially libraries as that basically forces no company from using them for anything. Which is also not what you want from a library.

You can profit from GPL software. The only restriction is if you distribute it you also need to distribute modifications under the GPL.

GPL also does nothing for software as a service since it is never distributed.

GPL even explicitly allows selling GPL software. This is effectively what redhat do. They just need to distribute the source to those that they sell it to.