This quote on risk seems to completely misunderstand the concept of risk. First we have a vulnerability ( IMHO that is equals a hazard), then we assign both impact and probability and only then we get risk. By definition there are IMHO always vulnerabilities with low impact or low probability and thus low risk. While CVEs have some score, the actual risk and later accepting those risks before or after mitigations is up to the use case to define. No risk => no vulnerability is flawed reasoning by design. No vulnerability => no risk, I think is the only thing we can agree on.
The original idea of open source or rather free software is to bmactually "own" the code in a way that you can modify it to your needs. Guess this is not the case here, then. But I guess also most of android falls in that category that by now. I guess we should be using better,more attributes when describing open source
"Free software" has always been a misleading term, unfortunately. Maybe calling it "Freedom software" instead would be clearer.
But when you conflate free software with open source, you get confused people cheerleading their own abuse. Android is probably the worst offender here. Google Chrome, VSCode are others that come to mind.
open hardware to me means that you have access to all of the specifications for building the hardware. Things like when the laptop company Framework posts github repos full of CAD models. Or, initiatives like RISC V.
And, alongside that, there's also open firmware.
Unlocked hardware is maybe what I would call hardware that enables swapping out the software. Although, historically, we didn't even need a term for that, because that was the default aside from outliers like Apple.
The idea of free software, yes, is to own the code in a way that you can modify it to your needs. The idea of "open source" as a mantra is to confuse and muddle the ideas of free software in order to subvert the ideologists in that camp into supporting and furthering the goals of billionaire corporations. "Open source" as a calling card is intended to kill free software.
I am really somehow happy about this feud as it really demasks Microsoft. The signal Microsoft sends to their costumers (also corporate and government) is IMHO as disasterous as it is to security researchers.
it is good if people actually develop good workflows. Actually in applied research/public gov tech we are seeing tons of different gitlab instances.
One project we are contributingto the Fraunhofer team developing it has had an internal gitlab with CI/CD and mirrors at three different sites: gitlab.com, opencode.de and code.europa.eu . Now they are slowly trying to move to gitlab.com for the main repo as they cannot open their own repo enough for security/legal reasons. However, the CI/CD stuff still only runs on their gitlab.
Now we have our own gitlab instance we, were we are doing some small frontend work as part of a funded project on national level and have a mirror on GitHub for visibility reasons. Now we have another EU funded project that has its CI/CD on another gitlab instance at a partner. All come with their own onboarding and federated IDM quirks.
It is a total mess. While git is certainly distributed, the workflow is a mess. You end up cherrypicking CI/CD configs and divergent features all over the place.
I wonder: Is there a l'meta-forge' that just would handle rebasing?
I actually understand people using bare git workflow with mailing lists. However, even for me the learning curve and necessary attention span/social contracts is too much a challenge.
I could not even find a mention what platform it supports. There is a Linux example on the bottom. Have never seem a libc implementation that does not even mention for which platforms it is meant.
> sp.h is written in C99, and it compiles against any compiler and libc imaginable. It works on Linux, on Windows, on macOS. It works under a WASM host. It works in the browser. It works with MSVC, and MinGW, it works with or without libc, or with weird ones like Cosmopolitan. It works with the big compilers and it works with TCC.
The title says 'standard library'. Are you saying that, in the context of C, that it is an error to take that to mean an implementation of libc?
Yes, I know the author's writeup then goes on to say that it is not a libc with a pile of questionable justfication. This is a custom runtime, in a single header no less, which is admittedly impressive, especially considering it provides runtime and thread safety primitives. This does not rise to the level of claiming the idea of a 'standard libarary' though, IMO. In that, I think the author misses the point.
I don't know how the author would feel. But, honestly, for a libc replacement, I'd personally be okay with that ...
If you can't be bothered to look at a Makefile (or ask an AI to look at the Makefile), you are almost certain to be more trouble than any possible benefit you will bring.
Especially in the realm of open source, I'm becoming increasingly comfortable with "If you can't be bothered to jump through even the most minimal of hoops, please get lost."
People are very silly and very entitled. I'd bend over backward to help anyone contribute to or use the library in any way. In response, all I ask is for some common courtesy and friendliness. Spending more than exactly zero seconds on people who won't give you that is a waste of time.
In other words, you hit the nail on the head. Anyone who acts this way can get fucked! We'll be having a good time and making friends without them
OpenBSD does support some older hardware already not supported by, say, most Linux distributions. As an example MacPPC has’t had support from most Linux distributors since IBM Power went little-endian, but OpenBSD runs fine on it.
NetBSD is, however, the gold standard for an OS that runs on just about anything. Their (maybe unofficial) slogan has been “Of course it runs NetBSD!”. Their logo has a flag in it because they “plant their flag” on so many platforms.
reply