robryk @robryk@qoto.org
I enjoy things around information theory (and data compression), complexity theory (and cryptography), read hard scifi, currently work on weird ML (we'll see how it goes), am somewhat literal minded and have approximate knowledge of random things. I like when statements have truth values, and when things can be described simply (which is not exactly the same as shortly) and yet have interesting properties.
I live in the largest city of Switzerland (and yet have cow and sheep pastures and a swimmable lake within a few hundred meters of my place :)). I speak Polish, English, German, and can understand simple Swiss German and French.
If in doubt, please err on the side of being direct with me. I very much appreciate when people tell me that I'm being inaccurate. I think that satisfying people's curiosity is the most important thing I could be doing (and usually enjoy doing it). I am normally terse in my writing and would appreciate requests to verbosify.
I appreciate it if my grammar or style is corrected (in any of the languages I use here).
Joined Nov 2020
YMMV, but quite a few people find casein generally more palatable too.
Do people drink coffee with lemon juice? If not, why not? Is the combination of the tastes terrible, or does something happen chemically when one adds it?
This makes me wonder whether coffee with lemon juice would be awful or not. (Sadly, can't really check myself because I find nearly any coffee at most meh.)
Also, why not casein instead of whey? IIUC it's more tolerant of high temperatures (after all, you can boil milk).
Maybe it just tasted terrible without? I have a vague recollection of some other food missing entries from the matrix of possibilities where that was a very plausible reason.
I'm not sure nixos would help here. Alsa has this extremely weird approach to saving state across reboots, where the state includes not only volume levels, but also sometimes something about device naming/existence of software devices. (I don't remember exactly what it stores, except that I remember that restoring old asoundrc does not actually go back to that state if the diff is of some particular shape.)
@Ajediday we had a cat that would "sample" my tea when I wasn't looking.
toxic exercise culture bullshit
That's so amusingly backward, given that you burn more fat (as opposed to sugar) at lower heart rates.
@jrose except they're not just left blank, but they have basilisk eyes drawn on them
Do you mean that they'll say things off the sort "if you have mental problems you are likely to be exploited by the next attacker"? (I fall to see any other way xz affair could change things in that direction.)
I don't think a straight up misinterpretation is the main risk here (for reasons that you mention: if someone interprets it that way the company has bigger problems). There has to be some prioritization between different kinds of potential outages for cases where you have some measure of choice. Stating things this way provides a way to prioritize them (pick one that has the lowest chance of yielding a frontpage article) that's not necessarily the intended one, and this IMO is actually somewhat likely to be picked up by totally reasonable people, especially if they are under time pressure.
I always bristled at putting things that way, because taken literally it means that misleading the public is within the purview of the team. Though that might be a very academic distinction if the teams responsibility was reliability as opposed to e.g. security.
What about getting called by defining a symbol that is normally exported by another library?
Using that as a way to determine maintainer obligations allows others to foist them on the maintainer. (If you mean that these are the questions important when determining how important it is to investigate a particular library, then I agree.)
What I think would be helpful is if there was a way to report one's suspicions to an organization that is more competent in this area and that can be generally trusted not to use the information provided for other purposes than ensuring security of software (so that doing so is something that one can do without much hesitation). (I think that many people would have lots of qualms about reporting such suspicions to the FBI, because they'd worry it would negatively affect involved people even if the suspicion was baseless).
For cases when there is no explicit ground for suspicion I still think that doing nothing (and relying on counterintelligence of your country/of the USA) is strictly better than engendering less-trust-by-default.
As I already explicitly stated, I assert that the maintainer should not be under obligation to suspect a nation state attack in a help offer.
There's no well defined zero point on the trust scale, so I don't see what absence of trust really means. You are positing that the amount of default trust should be lower, which to me means distrusting newcomers.
You are literally asking for a suspicion campaign by saying that people should have less trust that they currently have in total newcomers.
Because I expect that to have an effect that's worse than doing nothing. First, for many kinds of social norms this kind of distrust makes everyone uncomfortable (and even more so if the norms differ across participants). Even ignoring that, doing this is tantamount to asking laymen to do counterintelligence. We've had examples of similar things being counterproductive (many of the "look out for suspicious things" campaigns). All the counterintelligence manuals for nonspecialists that I've seen (e.g. WW2 era instruction movies) emphasized that one's estimate of trustworthiness is easy to manipulate and to not rely on it, instead sticking to action-oriented rules and reporting attempts to dissuade one from doing so, even if they seem innocent.
@codepope @losttourist @martinpitt @bagder
Please do not put words in my mouth (or rather hands).
I do not want anyone to consider it their duty to approach an offer of help with suspicion that it originates from an agent of a hostile nation state.
Where can I find (a summary of) that evidence?
@codepope @losttourist @martinpitt @bagder
I don't think one can find future Jias with any feasible methods. Doing what you purpose would imo worsen the situation by raising the bar by a larger increment for honest contributors.
@codepope @losttourist @martinpitt @bagder
How meeting someone repeatedly irl helps in determining that they won't do something malicious in the future?
I enjoy things around information theory (and data compression), complexity theory (and cryptography), read hard scifi, currently work on weird ML (we'll see how it goes), am somewhat literal minded and have approximate knowledge of random things. I like when statements have truth values, and when things can be described simply (which is not exactly the same as shortly) and yet have interesting properties.
I live in the largest city of Switzerland (and yet have cow and sheep pastures and a swimmable lake within a few hundred meters of my place :)). I speak Polish, English, German, and can understand simple Swiss German and French.
If in doubt, please err on the side of being direct with me. I very much appreciate when people tell me that I'm being inaccurate. I think that satisfying people's curiosity is the most important thing I could be doing (and usually enjoy doing it). I am normally terse in my writing and would appreciate requests to verbosify.
I appreciate it if my grammar or style is corrected (in any of the languages I use here).
Joined Nov 2020
