Microsoft is very hostile toward its users. They added Ads in the paid version of the operating system. You can't uninstall Edge. Even if you remove Edge, which is difficult, the following Windows update will reinstall it. Instead of searching for the next big idea, how about you fix your dam OS first and stop installing stupid games and showing Ads? Keep it Microsoft with your stupid games, and Google has nothing to worry about you. LOL.
Gosh yes. Even for blind users, now they're doing this awful thing where even the File Explorer context menu (shift + F10) is this weird preview of "options most people will need" where at the bottom there's a "view more" thing which opens the actual context menu, where my 7Zip, Dropbox, open in terminal, and stuff are. Ugh can't wait until either Linux is accessible enough for non-programmers and advanced users, or MacOS VoiceOver can work well enough with the web to work with Google Docs and Salesforce. Windows 11 is not the most accessible version of Windows yet, Microsoft, and wasn't built from the ground up to be accessible. Just look at this Kaiju dung!
I'm so much happier after doing it. Hard to believe Microsoft thought it was a good move for user happiness. Sure, they should avoid intimidating users with no computer savvy, but I doubt those users often open the context menu.
With each new Windows release we inevitably hear from insiders that Microsoft has several influential designers and PMs who all but refuse to use Windows in their work and home lives. Anti-dogfooding-based development.
> Ugh can't wait until either Linux is accessible enough for non-programmers and advanced users
My 8 year old and 12 year old are both fine using Linux, so I wouldn't call them advanced or technical. What do you need it to do that you can't?
[Edit] Somehow I missed the blind part. I haven't tried those accessibility functions, though I would have thought that corporate customers would have required that so they don't get sued.
> accessible enough for non-programmers and advanced users
I mean unless you also discredit Windows and MacOS as being accessible because there exist pro applications that aren't present on those platforms, Im not sure what your point is.
Instead of searching for the next big idea, how about you fix your dam OS first and stop installing stupid games and showing Ads?
They’re monetizing their install base. All of the things they do that annoy the heck out of people on HN are things they’ve A/B tested to increase revenues. If they listened to you then you’d be happier but they’d be leaving money on the table.
You’re probably right that this sort of “scorched earth” monetization at all costs is bad for the company’s long-term future. But the stock market doesn’t care about that. They only care about the next quarter.
I think to win long-term in any market, it helps tremendously to win the hearts and minds of the “elite” users first. You see this in fashion, in cars, in tech, even in investments.
These top / early / elite consumers tell the rest what to buy. For example, the non-techies in my life use (MS) ChatGPT only because I told them about it and also told them it’s the next big thing.
I will also add that I think the majority of investment money is in the hands of long-term thinkers; a lot of this money is managed on behalf of others. It would behoove every CEO to make the power users happy over the long term.
Like the 1h long video goes into detail, I think that systemd is a definite step in the right direction, but definitely has bad aspects about it. To that end, I think work can be (and is being) done to remedy those deficiencies.
Now to compare "good intending but buggy software" to malicious (and guilty of monopolization exploitation) actions to further cement themselves in the lead is completely and utterly a laughable comparison.
Oh christ, this nonsense again. The switch to systemd was a practical engineering decision. Shoving ads into the Start menu has totally different intentions, and totally different effects on user experience.
I tried Devuan. It sucked. It booted slower, it was more difficult to set up, and apt upgrade made things explode more frequently that it does in Debian. If all you did on your computer was browse the internet, you'd never know the difference. If you use your computer for anything more sophisticated than that, Devuan offered a markedly worse experience. I don't care what you think of Poettering.
Comparing a not-for-profit that made one decision you didn't like to a company that has a long history of screwing over the entire personal computing ecosystem for commercial gain is delusional.
Yeah I think if you’re coming from the startup or less so tech in general you may not realize how ubiquitous Microsoft is at work. A massive amount of companies are Microsoft from the ground up. Not to mention there are some entire industries where to run the necessary software you have to use windows at the very least.
Google did the same thing in the early days of Chrome.. using search to heavily promote Chrome..
They went as far as making so everything else they did would not work correctly on other browsers artificially..
They would introduce random delays or flat out refuse to work in other browsers but all you had to do was change the browser user-agent to mimic Chrome and things would magically start working..
Sorry but i am not sorry at all for Google.. They both are no different from each other.. Just two companies trying to maximize the amount of money they make..
Often the anchor to Microsoft Windows is legacy. Both in existing code and existing knowledge. Takes energy to diverge away from both.
Currently maintain applications because the former developer only knew C#. Also the tools used to configure devices are only Windows based. This dramatically harms quality of the product in the long run and support.
My experience with product is design. Use the solution the fits the problem not the solution you currently know and rely on.
You have to pay me to engage with Microsoft / Windows!
Doesn't Edge on Windows work like Chrome does on Android, with it providing an API that other apps can use to render webpages in something other than Trident?
IE was also impossible to remove backj in the days.. they did have an option uninstall but all it did was remove the icons from start menu, but all the files where still there..
At this day and age the browser is so deeply integrated into the OS that is not really possible to remove it without breaking things..
This is why you cant remove Edge from Windows, Chrome from Android and Safari from apple things.
Even in linux, Gnome has Epiphany (now Gnome WEB) and KDE has Konqueror..
The "Statement on AI Risk" by Sam Altman and wealthy individuals fails to address the potential impact of AI on job security. Rather, it focuses on concerns regarding war and human extinction. Despite my attempts to raise awareness about the issue, I have received negative feedback. It's important to consider how the everyday struggles of families may affect their ability to purchase products and services such as phones, streaming, gaming, and others when AI takes away their white-collar jobs. Maybe there will be war because there are no jobs while rich folks are getting rich. I hope I remain wrong.
> The "Statement on AI Risk" by Sam Altman and wealthy individuals fails to address the potential impact of AI on job security.
I think that was very intentional. Put the focus on scary-sounding things that aren't actually an imminent risk in order to distract from those things that are.
They also don't fail to realize when you ultimately drive 80% unemployment due to AI replacing everyone's job. That war is going to be internal and it's going to look like the French revolution.
It will only look like the French Revolution up until the point where fully-autonomous battalions churned out by fully-autonomous factories fed raw materials by fully-autonomous mining and transportation operations make the owners of AI untouchable.
There comes a point at which the plebs can't do anything about their fate.
But that's why we have TikTok, Instagram, Netflix, cheap Corn Syrup, and Porn. You keep the plebs hedonistically satisfied while you slowly consolidate your power and protect it with an autonomous army. THEN you pull the plug.
TSMC is at risk due to geopolitical tensions, particularly between China and the USA. These risks led to Warren Buffett's Berkshire Hathaway selling its stake in TSMC. Investors are worried about that. That s my best guess. Apple also opened three factories in India and other places to mitigate this risk.
Yes and no. If NVIDIA loses access to TSMC due to geopolitical events, presumedly their competitors do too. There might be a couple years where they face increased competition from their own used market if they're unable to produce chis competitive with the previous generations', but at some point Samsung et. al. will catch up on capability and capacity, and NVIDIA will be as well positioned relative to their competitors to take advantage of that as they are today. The only case where this would be significantly different is if one of NVIDIA's major competitors was independent of TSMC and thus could use the lean times for NVIDIA to leapfrog them; but that would require considering Intel a real competitor.
Arguably in this sense their only competitors would be screwed even harder. The last non-TSMC GPU that AMD has released is based on GloFo 12nm/14nm, NVIDIA would actually be ahead with Samsung 8nm. Intel's only dGPUs are TSMC as well, they flatly don't have a product without TSMC.
I think Intel's advantage in this hypothetical is access to foundry space. Porting their current CPU designs from TSMC to their own foundry is non-trivial (although it can't be that hard -- their integrated graphics are fabbed on their own process, and share quite a bit with their discrete units), but at least having completed that effort they have somewhere to go, instead of fighting over what will be extremely over-subscribed Samsung fabs.
NVIDIA also depends on not getting the Micron treatment from China. Or even not having China take a particularly hard line on their Micron policy and disallowing NVIDIA to import Micron chips to use in their manufacturing produce for export from China.
You can easily find helpful coding resources like Stackoverflow, blogs, and forums through a simple Google search. Relying solely on one source is not advisable, I think. Cloudflare, AWS, and now OpenAI are all central clouds. This is why we need independent forums, StackOverflow, blogs, etc. Otherwise, it is yet another monopoly. Anyway, it's always important to explore multiple options for accurate information. At least, that is how I do it. YMMV.
I was mostly joking but I will say part of the appeal of ChatGPT is 1) it is centralized so basically any question I have I can go to chatGPT versus hunting and pecking on the internet 2) answers are tailored to my needs versus a blog or stackoverflow which will often be close to but not exactly what I need. I’ll survive a few hours downtime but these damn jest timers just got much more annoying to deal with.
For large categories of questions, I get better answers faster on ChatGPT. If I'm not asking the most basic question on a subject I'm usually better off than I would be searching.
Here's my rule of thumb: if my search doesn't depend on recent information, and it is likely to return blog spam as the top result, then I will use ChatGPT instead.
I still use web search frequently to find project homepages, official and up-to-date documentation, news and announcements, discussion (hearing people's stories of their experiences with a product is a lot better than ChatGPT's noncommittal and abstract pros/cons), searching for videos/images, etc.
GPT 4 just got browsing, so I've actually started telling it to do the entire research phase I was gonna do and just let it grind it out without having to despair at Google's abysmal search results. Still a bit unreliable but actually gets it done quite well on occasion.
Caddy cannot be found in the default repositories of Debian or RHEL. This raises the question of why one would use such a server. Personally, I am hesitant to download a random pre-built executable from Github, even if it is open source. I would much rather use the apt or dnf version, as anything else seems like just another toy server.
Debian's requirements for packaging of Go software is unreasonable. They expect every single dependency to be individually packaged. The total dependency chain of Caddy ends up being massive. We (the Caddy maintainers) don't have time necessary to allocate to a single distribution, to package and maintain every single dependency individually when all we want to do is ship a single static binary (plus some support files).
Instead, we ship with our own debian repo, hosting graciously provided by CloudSmith https://caddyserver.com/docs/install#debian-ubuntu-raspbian. This is packaged via CD with GitHub Actions, and you can verify the authenticity of the build since it's signed by Matt Holt's GPG key.
Adding to Francis input, the release artifacts (not the .deb packages, which are signed with Matt's key) published on GitHub are authenticated with Sigstore tooling[0]. You can verify the artifacts and the .deb packages were not tampered to the byte! The builds are reproducible and verifiable. FUD doesn't have any room to loiter.
You can also build it from source using the `buildable` source archive artifact that includes all the deps so it can be built in air-gapped machine. Like its sibling artifacts, the source archive is signed, the signature is published, the signing certificate is available, and the checksum is published and also signed. What's so concerning?
Debian only ships free software (in main, but that's a detail).
This is actually enforced and there is processes in place to ensure that it stays that way.
This means that all new software that Debian packages is audited by a group of volunteers, the ftp-masters team, they check copyright, license and stuff like that.
If all binaries in Debian would vendor all of their dependencies, this would cause a lot extra and duplicated work for the ftp-masters, a team that already have a lot to do.
Same with security, if a popular go library needs to be patched to fix a security problem, then it's easier to do that in one place instead of patching it in N different binary packages.
Honestly, I don't understand it fully. I just know the barrier-to-entry is too high for us to spend time on it. We don't have contact with any debian packaging maintainers that would be willing to work with us. But https://go-team.pages.debian.net/packaging.html is one of my main resources for my understanding of their requirements.
And that goes without saying that Debian in general tends to release much slower than we'd be comfortable with. We don't want users running outdated and potentially insecure versions of Caddy. Best if users keep up to date by using a first-party installation method where we have control over the distribution pipeline.
All software in Debian needs to be Free software - the user must be able to modify and run it (ie recompile after modifying). And for software packaged for Debian that means being able to work with "apt-get source" and "apt-get build-deps". This of course includes dependencies.
That creates a bit of a split between Debian packages and language specific packages like rust crates, golang, python eggs or ruby gems.
There's some friction there, but the reasoning makes sense (but it is ok to disagree of course).
Certainly AFAIK. I didn't mean to imply otherwise. But FOSS as distributed in binary packages by Debian needs to remain possible to inspect, modify and build via the Debian (source) mirrors - hence all dependencies need to be packaged too (as opposed to living their seperate existence somewhere "go get" may be able to retrieve them from - or not ten years from now - and your respirator depends on a certain version of caddy for it's status display...).
Ahh that makes sense!! I get why Debian maintainers would want that, but it does seem quite hard to manage as a developer. I've went down the rabbit hole of how different Linux distros manage their repository packaging after your original comment so thanks for that :).
FWIW, that was created by someone not affiliated with the Caddy project, and looks to no longer be maintained (latest is v2.6.4, but it has v2.6.2). So as a maintainer of Caddy, I cannot recommend using that repo.
This is the official Debian repository. The package versions are frozen in each major Debian release. However, they may backport security and bug fixes.
In practice, in the case of less popular packages, they do this on demand, when someone requests it in the bug tracker.
Well, users should know that if they report issues while using releases from that source, we can't reasonably help them, and that they should use an official release to get bug and security fixes promptly.
I want to emphasize that we have no contact at all with the people maintaining that Debian package, they've never reached out to discuss anything. We're absolutely open to that (and they know where to find us, not hard to contact us either on GitHub, Twitter, our forums, here, etc).
It's exactly the same way tens of thousands of other packages have been shipped for decades, including many other web servers like nginx, httpd, lighttpd. No need to paint so much drama over this.
They will contact you if the need arises. It's the same usual process that has been used since the 90s to great success.
Users will reach out to us first, not to debian, because we're easier to reach for help (via social or our forums). If they tell us they're using an outdated version which doesn't have the fix for what they need, I have no other choice but to tell them to stop using the debian-maintained package, and use our officially maintained package.
It's ok to not want to support older versions or downstream packages (even if imo there is value in doing so) but don't be a drama queen and claim you can't.
Has anyone actually done any research on how good the backporting of security fixes is in frozen distros?
Maybe it's pretty good for very popular packages, but how about the more niche ones (and when it comes to Debian I'm not sure how popular Caddy is in their view)?
This comment is so out of touch with how Linux distributions work. This is the package most Debian users probably should be using, unless they absolutely require one of the newer versions.
IMO most users do require the newer versions because we made critical changes to how key things work and perform. I cannot in good faith recommend running anything but the latest release.
That's exactly why people (including me) tend to like LTS - no critical changes till next release. Upgrades for security with minimal surprises. I go further and often use unattended-upgrades on my Ubuntu fleet. I don't wanna version bumping until I explicitly ask for it as much as possible.
A lot of users require stability and this is how stable software distribution works. Only security fixes get backported, but no functional changes. It is unfortunate that Caddy hasn't adopted a segregated LTS and non-LTS approach, but that's not Debian's fault.
While it is convenient to have software prebuilt in a trusted repo, these repos are more about providing toolchains.
If something isn't in the repo (or the repo, as it often is, ie out of date) use the toolchain to build what you want.
I guess, now is the ideal time for me to experiment with LXD or Docker images that are based on Alpine Linux or Debian Slim for QUIC support for Nginx.
Debian Slim all the way. musl is only good when you are building for and testing against musl. Third party software on musl has burnt me enough times to know that sticking to glibc is the way to go unless you like that sort of pain.
Footnote: I actually love musl, just for my own software that explicitly targets it and is validated against it.
Most software isn't written with Musl in mind! And that shows.
You can run in all kinds of extremely hard to debug issues and especially massive performance problems. Stuff may slow down to fractions of the performance comparison to regular Linux distros.
If you want maximal small containers go with Distroless.
> WireGuard is highly secure, but it’s not designed with privacy in mind.
I'm sorry, but I must inform you that the Toms guide contains affiliate links to OpenVPN services. However, it is important to note that neither OpenVPN nor WireGuard can guarantee your safety if you are being targeted by government agencies. The guide's attempt from TFA is to promote these VPN services as a solution for anonymity and censorship (deep packets inspection can block all VPN protocols) avoidance is misleading. VPNs are primarily useful for accessing corporate or home resources and viewing geo-blocked streaming content (say from your home network) on insecure networks like hotel or cafe WiFi.
I understand that some people may not agree with what I am about to say, but I feel it is important to share. Recently, some talented writers who are my good friends at major publishing houses have lost their jobs to AI technology. There have been news articles about this in the past few months too. While software dev jobs in the IT industry may be safe for now, many other professions are at risk of being replaced by artificial intelligence. According to a report[0] by investment bank Goldman Sachs, AI could potentially replace 300 million full-time jobs. Unfortunately, my friends do not find Sam Altman's reassurances (or whatever he is asking) comforting. I am unsure how to help them in this situation. I doubt that governments in the US, EU, or Asia will take action unless AI begins to threaten their own jobs. It seems that governments prioritize supporting large corporations with deep pockets over helping the average person. Many governments see AI as a way to maintain their geopolitical and military superiority. I have little faith in these governments to prioritize the needs of their citizens over their own interests. It is concerning to think that social issues like drug addiction, homelessness, and medical bankruptcy may worsen (or increase from the current rate) if AI continues to take over jobs without any intervention to protect everyday folks who are lost or about to lose their job.
I've no doubt AI is here to stay. All I am asking for is some middle ground and safety. Is that too much to ask?
I feel like on our current trajectory we will end up in a situation where you have millions of people living at subsistence levels on UBI and then the ultra-rich who control the models living in a post-scarcity utopia.
