>You could add "I don't care about fixing security vulnerabilities" somewhere in the beginning of the readme
I care about fixing security vulnerabilities in my OS projects, but I care more about my sanity, my family, getting enough money to survive, and a few other things. Unless you pay me I don't care about your problems with my free (as in a beer) software.
And that's a good thing btw - I tried to ask for donations once, got the equivalent of a few cups of coffee per month, and... burned out almost immediately. I started to feel responsible for that project, staying up late to fix reported minor bugs, and it turns out watching Github issues 365 days a year for a few dollars monthly is not a great business strategy.
This is not a one-person project ran by someone in their spare time, posted online for fun.
They are going out of their way to advertise so that people use their security-critical software in security-critical applications, and then they neglect the security.
While they aren't under any legal obligation, it's (in my worldview at least) pretty damn unethical.
All they would have to do to not be unethical is make it clear that this software should not be used in any security-critical application because it is not properly/frequently maintained. Put that in a header on the website.
>Your account meets this criteria, and you will need to enroll in 2FA within 45 days, by November 8th, 2024 at 00:00 (UTC). After this date, your access to GitHub.com will be limited until you enroll in 2FA. Enrolling is easy, and we support several options, starting with TOTP apps and text messages (SMS) and then adding on passkeys and the GitHub Mobile app.
I think the exact deadline depends on the organisation. I know that I only enabled 2FA for my throwaway work account (we don't use github at work, and I didn't want to comment using my personal one) last week.
Even more, the previous way was to use GPG signatures, which were recently deprecated and removed. So you don't really have a choice.
>Where the only official workflow is "Use GitHub Actions".
Well you can do it manually with other solutions... as long as they are one of the four trusted publishers (see "Producing attestations manually does not bypass (...) restrictions on (...) Trusted Publishers":
That's a quick jump from "in my opinion" to "you have no clue about".
I mean, the author is probably not a programming language design specialist, but I feel that's overly harsh - they hopefully learned a bit when working on this toy project.
>They'd be wasting their time and making their lives needlessly harder, though.
Using Kubernetes where it's not needed is just that - wasting your time and making your life harder.
Before you say that I just need to research more: I know Docker swarm mode, I run my personal server on Kubernetes using Traefik and Let's Encrypt, I professionally work with Kubernetes (both as an admin and working on Kubernetes security, which is tough to get right), most services in my dayjob run on Kubernetes, and I was the person who introduced CI/CD pipelines there some years ago.
I still claim that there are production usecases that are better served by docker-compose.
> Using Kubernetes where it's not needed is just that - wasting your time and making your life harder.
I think this is a very ignorant and misguided take.
Kubernetes is a container orchestration system, just like Docker swarm mode or even Docker compose. If you need to deploy sets of containerized apps into your own VMs, you can pick up any Kubernetes implementation. You don't even need Helm or anything. Plain old kustomize scripts will do. Some aren't even longer than a docker-compose.yml.
More to the point, Kubernetes is an interface. One that you can use in local deployment and in major cloud providers.
You should really check your notes because your comments contrast with the realities of actually running a service.
> Before you say that I just need to research more: (...)
All your appeals to authority are falsified by your claims.
I, on the other hand, actually use Kubernetes both professionally and in personal projects, as well as Docker swarm mode, and can tell you I'm no uncertain terms that none of your points have any traction in reality.
> I still claim that there are production usecases that are better served by docker-compose.
I'm sorry, but your comments simply sound deeply uninformed and misguided.
I mean, it makes absolutely no sense to comment on using docker compose in production when Docker swarm mode is far more capable and Docker swarm mode stacks already share most of the schema with docker compose. You literally have virtually nothing to do to adapt a docker-compose script to launch a stack.
How is 400MB trivial? I run more than 2 programs at once, and this adds up. Imagine if every trivial process in your OS used 400MB on startup. And what pisses me off, is when I have to close resource heavy electron applications (signal, vs code) running in the background to free up RAM.
Hi! I'm not from the US so I probably miss the cultural context. Are the words you listed considered offensive? With exception of maybe "xe", this seems more like a list of controversial topics, not words, which is a completely different thing. If I understood you correctly, I don't think it's relevant in context of the article posted.
They're worse than swear words in the United states, triggering people on the right and the left. Just look at the down votes. 50 years ago they would be considered harmless.
What distinguishes these from profanity is that the use of the words or phrases themselves are not taboo; promoting the ideas they represent may upset people, but neutral uses of the phrases do not.
As other commenters note, words like "shit" and "fuck" used to be much more taboo than they are now, while certain slurs have recently gained taboo status to the point that many people in the comments are referencing them without actually typing them in their comments.
The examples are stupid or the concept? I think it's a great argument, people 200 years from now will be scratching their heads wondering what's going on
Fully agree. As a non-native English speaker, I always thought English doesn't have "real" curse words, and the only actual (taboo) curse words I know are so-called "n-word" and similar.
It's hard for me to explain the difference, but (as an educated and relatively eloquent person) I would really hesitate (as in, physically struggle with my throat) to curse in my language aloud in a public place. Saying them among my friends or family would be seen as between mildly offensive and absolutely unacceptable. When hearing someone curse in public, I instinctively assume they're uneducated or intoxicated.
Meanwhile, i can freely swear in English among the same people (and online, and in most situations abroad). My mother, who I have never heard curse in my language, says "shit" like it was "oh darn". I see English swear words everywhere online. They really don't feel like a taboo to me.
That's definitely true, but I think you're also likely also just not understanding that in some cultures, there really are taboo words that are not considered okay to say under really any context.
Again, think of how radioactive "the N-word" is in all but the most radical of english speaking circles nowadays. Other languages have things like this with different histories and reasons.
It's an extremely common pitfall for second language learners to swear too casually. You've been yelled at for swearing (or screwing up honorifics) in your own language, but that still hasn't happened to you enough in your second language. It will.
I've tutear'd people in what would be casual settings for Americans and really felt the chill instantly.
We all live in our own bubbles. I never saw a tech person using MacOS, it's always Windows or Linux - I assume that's not your experience either (and I only know a few people using MacOS privately). That probably mostly depends on the country one resides in.
Well, the view laid out here also corresponds to actual statistical reality: About 29% of developers reported using Macs (of any kind) as of a few years ago, it's not even close to "most", as some HN visitors would have you believe. The bubble is very real.
Statistically speaking there was no "most developers use this", but the closest OS offering was Windows at 45%.
Given Apple's poor performance on the OS side the past few years I'm not sure the hardware has managed to keep users on their side anyway; they even lost DHH very publicly not that long ago... So the numbers might be even worse now.
Edit:
In the latest StackOverflow survey 31.8% of developers report using MacOS (for personal and professional use), 57.9%/47.6% for Windows (personal/professional use). So both MacOS and Windows are eating into Linux's share at the moment, with Windows offering them to instead run Linux inside of Windows.
I care about fixing security vulnerabilities in my OS projects, but I care more about my sanity, my family, getting enough money to survive, and a few other things. Unless you pay me I don't care about your problems with my free (as in a beer) software.
And that's a good thing btw - I tried to ask for donations once, got the equivalent of a few cups of coffee per month, and... burned out almost immediately. I started to feel responsible for that project, staying up late to fix reported minor bugs, and it turns out watching Github issues 365 days a year for a few dollars monthly is not a great business strategy.