Audiences watching any live TV on the likes of YouTube or streaming platforms need a TV licence, but this is apparently not well known and not effectively enforced.

I hate this. What does it mean by live TV? Is that any live stream on YouTube? Or live shows published by the BBC. They make no attempt to clarify WTH you need a license for. I am not going to pay for a TV licence to watch someone in Australia live stream something that will never see a dime from it. Also YouTube and these other platforms have their own monitozation methods. Are they not collecting on that as well? What about people outside the UK that watch these shows through these platforms?

The whole thing is just a mess of confusion.

When 94% of people use the BBC each month yet fewer than 80% of households contribute,

How the hell did they get this 94%. Seems very high number. I know many people that just don’t have a TV anymore.

In an open letter to the prime minister, Labour MPs said “successive governments” had done “too little to protect young people from… unregulated, addictive social media platforms”.

They are focusing on the wrong thing. The problem is not young people access it, it the unregulated and addictive parts. Those affect everyone not just the young. Regulate the addictive behaviours of these platforms and protect everyone. Don’t just force ages ineffective age verification that harms the privacy of everyone.

I treat warning as todos. Fix them all before I release something. I would only ever disable one if I know for a fact the warning is a false positive.

I would question why you are seeing so many warnings you are not sure about? If you keep on top of them you really shouldn’t have that many. Marking them all as allowed with a Todo comment feels just like you are burying you head in the sand.

I would leave them all there to keep nudging you to investigate and remove them. Hiding them behind a Todo will just mean you will ignore them. And warnings are important, they very likely point to a problem, even if that is just the code could be simpler. It is rare they are true false positives.

Looks like there is going to be a shift to using nftables in arch. The iptables package in core is currently for the legacy interface with an iptables-nft package for the new interface, but the core-testing iptables package is for nft interface and there is now a iptables-legacy package in core-testing.

My guess is they are moving packages that can work with nftables to depend on that instead of iptables which looks like it is shortly going to be using the new nftables interface anyway. Probably as part of migrating to nftables by default. Looks like docker does have experimental support for nftables in version 1.29 and that is when the dependency was added to the PKGBUILD script.

It does not look like nftables or iptables conflict with each other at a package level. And nftables can work with iptables rules.

It is probably worth just migrating to nftables now if you rely on managing iptables yourself.

Why do this at all. Design your tools and systems to create directories in the repo that are needed if they don’t exist.

One source said officials had discussed including a virtual private network function to make a user’s traffic appear to originate in the U.S. and added that user activity on the site will not be tracked.

Somehow I don’t believe that last part 🤔

Free speech for him, not for you.

You really don’t. And probably shouldn’t. Remember this is the findings of a pen testing company that was working with these password managers. They found some issues. Issues that are very hard to pull off - you need the password manager servers to be completely compromised. Which is not something that happens often if at all. Vastly more common is just data exfiltration which bitwarden is secure against. Additionally the issues have already been addressed, in bitwardens article linked in that one:

All issues have been addressed by Bitwarden. Seven of which have been resolved or are in active remediation by the Bitwarden team. The remaining three issues have been accepted as intentional design decisions necessary for product functionality.

So you are already safer then before without having to do anything. Switching now all you are doing is switching to a provider that has not undergone this testing and may or may not have similar issues.

Don’t just jump at the first mention of things like this. You really need to look at the companies response - like Lastpasses who have given a token statement that basically says they are not going to fix these issues any time soon if at all. Stay away from companies like that. But companies like Bitwarden that actively fix issues that are found are worth sticking with.

The companies responses are probably more important then the findings.

Dashlane published a comprehensive response, thanking the researchers, and said the infoseccers’ decision to test using a malicious server model represented “a useful exercise.”

The vendor also confirmed it had fixed the most serious issue

Which is what you want to hear. The worst of the issues has been fixed and they look like they want to improve things further.

Bitwarden, meanwhile, said in a post: “Bitwarden has never been breached and believes third-party security assessments like these are critical to continue providing state of the art security to individuals and organizations.”

Is less encouraging although not damning. Would be nicer to hear they are hardening things in case of a breach rather than just relying on not being breached. They could still be doing that though.

A LastPass spokesperson told The Reg: “Our Security team is grateful for the opportunity to engage with ETH Zurich and benefit from their research. While our own assessment of these risks may not fully align with the severity ratings assigned by the ETH Zurich team, we take all reported security findings seriously. We have already implemented multiple near‑term hardening measures while also establishing plans to remediate or reinforce the relevant components of our service on a timeline commensurate with the assessed risk.”

Is just terrible. Basically they don’t think they have a problem and have done nothing more then a token effort to fix the easiest of things. I believe they have been breached before as well which is also a bad sign. They just don’t seem to care about security at all. I would continue to recommend no one use last pass and everyone one switch away from it.

I don’t fully believe this is purely an AI agent. Not after the moltbot incident raised how many humans where responsible for the posts on it. It just seems to be an attempt to make LLMs seems more autonomous then they actually are. It may have been written by an LLM, but I bet it was directed by a human trying to stir up drama.

This sounds all well and good. But I find in practice it never works very well. Too easy to gain a conflict which then messes with the stash (things remain in the stash and need to be dropped if you remember to). I always found it a pain to manage.

These days I just commit everything to master. When I start work on one feature to realise I need something else or to refactor something else first the I do that work, patch commit the changes, create a branch and checkout a new worktree, cherry pick the changes and push that branch to create a pull request. Then continue with the previous work while I wait to get the previous work merged.

Have a script which basically lets me do all that with a single command. And I never need to manage the stash. The only time I use the stash is with a rebase or pull etc with the --auto-stash flag. Which pops things off when it’s done anyway. The stash only really works for very temporary stuff like that.

Basically they don’t. It is the scheduling pinning background processes to a subset of the cores leaving others free for foreground tasks that is what helps.

The E cores just give a convenient way to split them. They could have done the same thing on intel macs or any other computer that does not have e cores.

The big benefit to e cores is they are more power efficient for tasks that don’t need performance.

Someone once told me somewhere, that if I am trying to learn rust, I should learn C first, so that I know how to shoot myself in the foot, learning to avoid doing so

This is stupid advice. If you want to learn rust then learn rust.

So thats what I did (somewhat) for the past 6 months. I wrote some stuff in C

In that time you are no closer to learning rust. If you started with rust you would know it by now. Rust is not harder to learn then C. If anything C is harder to learn as it’s compiler doesn’t guide you at all.

You don’t need to learn C to appreciate the borrow checker. I find beginners just accept whatever they are first taught. It is only really those that come from C the put up a bigger fight when learning rust.

And 6 months in a language without a borrow checker is not really long enough to learn the reasons why a borrow checker is useful. Not without a good guide that focuses on that. Which most c books don’t. The best way to learn it is with rust that actually tells you when you mess up.

deleted by creator

Typo on my part.

— Lost work productivity (5 days × $150)

The way I read this is they cannot do ANY work without AI. Maybe you should consider if locking yourself into a tool that is so unreliable (with nothing in their terms of service) if you cannot do any work without it is the right choice? Rather than just demanding compensation.

Note that you can use systemctl list-timers to see all active timers including when they will next run and when they last ran. This is very useful for seeing if you have set things up correctly.

There are multiple ways to do this as well. You can do

OnCalendar=Sun 03:00
Persistent=true

To run every Sunday at 3am. And will run immediately when activated if the last time was skipped due to the system being off. Think that is the closest to your cron job.

You can also

OnCalendar=weekly
Persistent=true

If you don’t care when it will run. This is equivalent to Mon *-*-* 00:00:00.

KiB was defined decades ago… Way back in 1999. Before that it was not well defined. kb could mean binary or decimal depending on what or who was doing the measurements.

It’s both. If busses are cheap and reliable more people will use them. If more people use them they are cheaper to run. Which creates a positive feedback loop to a point.

You can make busses cheaper for people by other means though - like council/government substitutes or running at a loss for a bit. You need to do something to get more people, you cannot just force people to take the bus before doing anything else.

You have picked some weird hills to die on there.

for x in list:

This is fine. Many languages now do it. The extra brackets around a for or if dont really add any clarity or make things easier or harder to read. This is the type of thing you just get used to and prefer what you are used to. You get over it quickly.

Why would you provide a way to type parameters but don’t enforce it at runtime?

This is a bit stupid, but really is legacy reasons for it. Since it didnt use to have static type declarations and wants to remain somewhat backwards compatible it needs to ignore them at runtime. But as a JS and PHP developer you should be used to this. Both do the same thing as python here with types (well, TS for JS and the many other attempts at getting types into JS). So it is weird that you are singling out python for this behavior.

Why so many different ways to declare an array-like structure? Tuples, Sets, Dicts, Lists?

DIcts are not array like here. Tuples sets and lists are all common is many languages as well. PHP is a real weird case here given everything, even arrays are effectively a dict - that is a strange language design feature. But Java is way worst for different types of array types in the language.

I’m mainly using it because of interoperability, easy to setup, i

What? I hate setting up python projects. Each one wants to use a different dependency or version manager. Yeah you might have python on most systems but they are all different versions and python is famously terrible at backwards compatibility. It seems every few versions they throw something in the breaks some existing scripts so you really need a version manager for things. Which is more complex setup and management of things. There are far too many different tools to help you with this and fetching dependencies which means if you work on lots of different projects by different people you have a hodge podge of diffing tools you need. It is a complete mess.

Personally I hate python as a language, but you have picked some minor points that IMO dont really matter or that the other languages you use also suffer from. There are far better things to pick from that are far more annoying in the language.