AI tools can find bugs faster than they can be patched

Not a security expert but wasn’t that the case already? It feels like before AI there were already a lot more bugs, security related or not, on backlogs. That’s precisely why there are metrics like severity.

🍾

I think the “trap” is to believe “we” can “win” once and for all.

Under capitalism (and I’m not suggesting there are better systems, only highlight a core mechanism) there will always be competition to capture value, both customers and lawmakers who (should) protect them.

There are countless examples but one of the most obvious on that topic if Microsoft itself with it’s sadly now classic EEE https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguish of which we can admire the comtemporary version with Github. Initially Github was acquired and no changed, nowadays a lot of basic functionalities, e.g. search within a repository are locked behind a login, there are more and more advertisements for Microsoft other products, e.g. CoPilot. That last product itself is questioning the foundation of free software and open source with its license washing process making unclear who did what, breaking provenance, etc.

The same happened with Google acquiring Android but not locking it down more and more.

The list could grow longer and longer, overall the point is to showcase a pattern : nothing is just “let” alone to grow on its own. It’s gradually captured and enshittified until there is nothing left but the name of a project because corporations exist only to extract more money. There is no moral, only an imperative for profit or their death.

So… unfortunately we WILL have to keep on both building AND protecting what’s been built so far with newer and more powerful threats. Microsoft, Google, and all large corporations who advertise themselves as allies of free software and open source MUST be judge on what they actually do, not on what they claim.

We have to push back and we will always have to. This year and the next.

Most distributions include Wine AFAICT yet I’d argue you shouldn’t use Wine because typically it means using proprietary software.

If you are using Wine for games then it’s also reconsider that there are plenty of open source game you can still pay for to support their author.

If you still want to play proprietary Windows games without native support then I would recommend to use a wrapper, e.g. Bottles (because of Proton, not because of the GUI) or even Steam (since you want to play proprietary Windows games anyway) as they’ll remove a layer of tinkering to find the right version, path, etc (basically prefix management).

… but yeah, even though Wine is amazing I would argue every time one uses it, if they are using Linux because they want more agency, they probably should reconsider and search for a free software alternative instead. It will be awkward at first, other UI, other UX, new community, but it’s an investment in the future.

No and honestly I don’t think it matters. Set the age of your OS to 18 (assuming you are 18) and move on. What’s the issue?

That being said if you are really interested in the topic and use this as an “excuse” to learn check out https://jsandler18.github.io/ and don’t worry if you don’t have an RPi to run it, you can use QEMU. After that you can dig into https://wiki.osdev.org/ really a fascinating journey.

I tinker with VLC using and… so far my “trick” is a bit dirty, namely I don’t “control” it as much as I killall potential running instances then I start cvlc again with the right parameters. If you want continuity though you might not want that.

Note also that if you plan to do scripting check mpv as it’s a bit easier to tinker with IMHO.

Python

Check https://pypi.org/project/python-vlc/ then for Python bindings, that should give you the affordances you need.

I have genuinely no idea how that could work.

I believe I get the genuine intent (protecting children) but I have so far never encountered any device or software or both that didn’t relatively easily bypass user authentication.

The closest I’ve tried are (expensive) XR headsets like the Apple Vision Pro or the Microsoft HoloLens both thanks to eye tracking. Basically for these you have to validate you are who you claim to be when you put the headset on. If you remove it, put it back (or on someone else head) you have to do it again. Nobody else (unless you explicitly share) can then see what you are looking it.

Every other devices I’ve seen, including mobile phones with banking apps, typically ask you to authenticate then assume than you are the one who keeps using the device. Meanwhile anybody else can grab the device from your hand and be “you”. Typically specific action (e.g. password change) do require to authenticate again but “normal” usage does not.

Duplicate post, please remove.

This will not be a fork of OpenRGB. While I plan to take a huge chunk of it (the reversed generiert device protocols)

How about opening an issue on OpenRGB asking what you need and why, maybe it can be abstracted away, headless, and that architecture change could be useful for them and other projects too then?

You can do that part yourself and let other use that new tool as their dependency but it means you’ll have to keep it up to date against OpenRGB itself as it supports more devices just because of its popularity.

Why fork OpenRGB rather than make it a dependency?

I’ll be honest : because people is ignorant.

They tried Debian once few years ago, it didn’t have the exact driver they wanted out of the box, they gave up. They think that’s the normal and current experience.

Reality is I use Debian every day on my servers, SBCs, laptop but also my desktop. I’ve been gaming on it since the first day of the installation and it just worked. Sure I had to follow https://wiki.debian.org/NvidiaGraphicsDrivers and basically follow those steps. It took me maybe 15min and 1 reboot but since then NO tinkering, 0, and I’m gaming nearly daily from indie to AAA, from 2D to 3D to VR. As I mentioned in another reply sure I might not have perfectly optimized all my performance but I don’t give a shit, I’m just gaming!

Also as I mentioned elsewhere the “cutting edge” is bullshit. You can have a Debian installation, stable, and cherry pick the packages you want. Heck you can even pull from a forge the software you want, built it, run it. That’s how “bleeding edge” it can be. Of course you can use VM (with GPU passthrough), distrobox, AppImage, Nix (different from NixOS), etc so they are many many ways to make sure you use the absolute latest without breaking your system.

TL;DR: Debian does not position itself as a gaming distribution. A lot of gamers want to optimize everything for gaming and consequently assume a specialized distribution will do better. Meanwhile people who JUST want to play can definitely do so on Debian.

Switch workplace.

There are countless ways to bypass that (e.g. https://docs.linuxserver.io/images/docker-webtop/ running on a server) but honestly if a workplace does not value your expertise to hone your own tools, they don’t really value you as an employee.

lol, sorry but in what world do you live in? NONE of the OS “just works”.

I’m sorry but this is such a trope. I watched someone using an up to date iOS phone. That thing is LOCKED down to no end, countless people claim that Apple are some kind of UX geniuses … well you look somebody trying to do anything as complex as watching a video on this and it’s a damn struggle.

Sorry for going on a rant here but the very concept is a lie. It’s like Windows being easier to use, it’s absolutely not BUT people have trained, at school (sigh) or at work, on how to use it. They somehow “forget” that they went through hours or even days of training and somehow they believe it feels “natural”. That’s entirely dishonest but why do I insist on this so much? Because it’s unfair to then compare Linux distributions to things that do not exist!

What “just works” but STILL is not perfect or flawless, is SteamOS on the SteamDeck not due to any “magic” from Valve but rather because :

• the hardware is very limited (basically selected to work well for it)
• the use case is very limited (start Steam, play)

and as soon as one start to tinker with SteamOS on SteamDeck by replacing part, adding USB-C devices, remote the r/w restriction on the OS, etc then again “just works” becomes “worked at some point”.

You’d have settings for when to stop seeding, e.g. 1:1 ratio minimum, duration of the track xN, etc with a reasonable default. Suggestions welcomed.

I would recommend against a new player when existing scriptable ones like vlc and mpv already exist.

Instead what I would do is a plugin for either, eventually repackaged as its own player (if somehow installing the script itself is too much for some) for which the script would

• include a very small torrent client
• point that client to the torrent (which AFAICT is still not public, so for now a reconfigurable URL)
• include a search function that when it fails, proposes to search within the trimmed cleaned torrent metadata then does the torrent download then plays.

Because they literally wrote the book on lock-in https://fabien.benetou.fr/ReadingNotes/InformationRules and they tried with all their might to stop free software https://en.wikipedia.org/wiki/An_Open_Letter_to_Hobbyists so beside the money and power they have been strategically at it for decades. Dependency is deep in the product.

Funny I have the opposite experience.

I use KDE Plasma, Firefox, konsole, etc and sometimes, no idea when and why, I just pick a file then drop it somewhere else, including ON the terminal… and it works?! Like it brings the full path for that file and then I can compose with CLI tools, amazing!

I’m quite used to the terminal so I rarely use drag&drop (mv, cp, scp, rsync, etc just work) but when I do I’m actually often positively surprise that totally different software made with different interaction paradigms (e.g. GUI vs CLI) do work well together. Overall I think https://specifications.freedesktop.org/ is quite impressive.

Gosh… wish I could upvote twice. Feels like we just gave a low cost (for now) chainsaw to anybody who wish they had a pocket knife then say “There, you can cut anything with that!” and somehow they forgot they can just buy some OK stuff from Ikea or a nice artisan. The need to “build” anything without taking a minute to know, not even the state of the art, whatever already exist out there and “fix” it by “personalizing” it is nuts.

Let’s not “vibe code” anything when existing reliable solutions already exist!

AFAICT it relies on https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/HEAD:/libavfilter/vf_scdet.c

Neat, made me curious, seems to rely on https://ffmpeg.org/ffmpeg-filters.html#scdet-1