An unchanging community is a dead community, period.
Attempts to "preserve" a community, both online and offline, tend to end up preserving unhealthy power dynamics within the community as well, which would have been slowly replaced with something else if you had just let the community evolve (or disappear) naturally.
Often, members of the community who benefit from the status quo are the ones who cry the loudest for such preservation.
That looks like a rather flat trapezoid for something that fell from high above.
With a fast-moving object, we can usually tell its trajectory across the map much more accurately than we can tell where along that trajectory it impacted the ground. See: MH370.
Maybe fits the "DoD is shooting something at some kind of incoming drone" explanation - they know they're shooting _from_ the top of the trapezoid but in terms of direction, only that they're vaguely facing south. (Doesn't really explain why the TFR doesn't extend into Mexico though.)
So while most of the software is open source rather than proprietary, you still have a fair point that customers pay for support (as they do with most enterprise products). One could theoretically use the product without first-party software updates, managing the open source oneself... but that would have practical impediments (and runs counter to the all-in-one simplicity that customers value in the Oxide product).
Two points about your last point. First, software improvements benefit all customers; as the business grows, the effective cost per customer shrinks. Also, most customers grow their Oxide deployment or will replace hardware after a depreciation cycle. The sustainability of investments into the software (and the product generally) is on solid ground.
Back in the 90s and 00s, lots of companies churned out software products that were sold once, supported forever. It was a sort of Ponzi scheme, supporting old customers with money from new customers. Which was okay during a period of high growth. But sooner or later the market matures, growth plateaues, and the cost of ongoing maintenance becomes a much bigger problem.
Right now you're growing fast and swimming in VC money, so this is probably not an issue. At some point, though, you might find that even hardware depreciation cycles don't provide as much of a cushion as you hope they will. In an economic downturn, people might suddenly realize that Oxide hardware actually remains serviceable much longer than they expected. :)
That's not enough. As the article explains, SVGs can reference external resources. So you also need to prefetch those external resources, recursively, if you want to be thorough.
OP here. Roughly 50GB in db size. Fairly standard queries (full-text search + filters). Most queries are on the order of 10-100ms. Some more complex ones involving business logic exceeds 100ms.
This is well within my budget, but it sounds like there might be room for improvements?
The only way to clean up an infected Windows system is to wipe your disk and reinstall the OS.
There are so many nooks and crannies where malware can hide, and Windows doesn't enforce any boundaries that can't be crossed with a trivial UAC dialog.
I'd say it's more true on Linux that malware can hide anywhere if you allow a sudo prompt (which people have been unfortunately been trained is normal when installing software).
Windows enforces driver signing and has a deeper access control system that means a root account doesn't even truly exist. The SYSTEM pseudo-account looks like it should be that, but you can actually set up ACLs that make files untouchable by it. In fact if you check the files in System32, they are only writable by TrustedInstaller. A user's administrative token and SYSTEM have no access those files.
But when it comes down to it, I wouldn't trust any system that has had malware on it. At the very least I'd do a complete reinstall. It might even be worth re-flashing the firmware of all components of the system too, but the chances of those also being infected are lower as long as signed firmware is required.
Malware can't modify files in System32, but it can drop extra files in there no problem. The only way to find and clean them up is a clean install.
In Linux, one could write a script that reinstalls all packages, cleans up anything that doesn't belong to an installed package, and asks you about files it's not sure about. It's easy to modify a Linux system, but just as easy to restore it to a known state.
Well, try again. I just managed to copy a random .exe to C:\Windows\System32 using an administrator account. I got a typical UAC dialog that most people would blindly click "Continue" on, and the copy succeeded. :)
It's a testing box, sure, but a lot of people have the same setting, usually because of some legacy app that requires it.
It does contradict your insistence that Windows would never allow such things. An exploit doesn't need to do its thing silently in order to be effective. If a security apparatus can be bypassed by tricking a user to flip a switch, it WILL be bypassed. Heck, just trying to install or update Notepad++ throws up a UAC dialog. Who would suspect anything?
I'm not going to say that any OS is perfect. and it's great that you actually test Windows. most critiques I see are 1990s assessments of ACLs and memory protection.
Generally protected folders (CFA) will protect system32 , but trusted apps can make it through. e.g. explorer.exe and powershell.exe if it's run in the terminal. Untrusted apps are expected to be blocked.
My general point is that modern windows landscape has an incredible number of protections that linux systems don't. and linux has become a bigger target over the past 10+ years as well.
It's not so much to say that Windows is better, but to encourage Linux users to be more careful with their systems, and Windows users to enable those features if they turned them off in the past.
not to mention secure boot kernel protection, protected folders , memory protection, real time scanning , real time behavioral scanning, signature scanning, code signing. And Windows S mode protection.
Malware and supply chain attack landscape is totally different now. Linux has many more viruses than in the past . People don’t actively scan because they are operating on a 1990s mindset
The lack of a well-known, well-designed package manager for Windows has always been a problem. Too many programs, including FOSS programs, are downloaded from suspicious-looking websites with tons of ads, and every app updates itself in a different way.
The crappy installation and update channels are often tightly integrated with the vendors' monetization strategies, so there's a huge amount of inertia.
Microsoft Store could have changed this situation, had it been better designed and better received. Unfortunately, nobody seems to use it unless they have no other choice.
WinGet looks much better, but so far it's only for developers and power users.
The Microsoft store would have needed proper vetting and support for normal desktop apps from day 1 for it to actually have been a good option. Also, not requiring the system be set up with an online account would have been helpful for adoption.
I can't say it would have guaranteed people would have liked it, just that those were needed for it to have a chance.
I think the Microsoft Store actually did not require the account, which is quite a unique feature across app stores. Whether that is actually relevant on an OS that now forces online accounts in other ways is questionable.
The stupid thing is that a packaging system - MSI and later MSIX - has existed for a long time. But the tooling for it, to put things into packages, is a mess; nor is there a single tool even for Microsoft's own stuff. They really need to get onto dogfooding this stuff.
But then, in an environment dominated by corporate IT who have no real means of switching, why improve the product?
The thing is that I trust the Debian maintainers, so I use dpkg to install my software. I do not trust Microsoft, so I use the browser to install software.
If you trust Microsoft enough to run their operating system, you trust them enough to develop a package manager.
Suppose, for example, that they caught up to where Debian was 30 years ago and Windows shipped with a default list of sources for the core OS to which you could add your internal or preferred partners (e.g. Adobe in many companies). Literally millions of systems wouldn’t have been compromised because they had unpatched apps. If they’d had a curated list of responsible vendors, multiple generations of people wouldn’t have been trained that it’s normal to run installers because a web page told you so.
> If you trust Microsoft enough to run their operating system, you trust them enough to develop a package manager.
Yeah enough to run MS Windows in a VM, with services that mess with Windows Update and modified Group Policy.
I do install as most things as possible with the MSYS2 package manager.
> Suppose, for example, that they caught up to where Debian was 30 years ago and Windows shipped with a default list of sources for the core OS to which you could add your internal or preferred partners (e.g. Adobe in many companies). Literally millions of systems wouldn’t have been compromised because they had unpatched apps. If they’d had a curated list of responsible vendors, multiple generations of people wouldn’t have been trained that it’s normal to run installers because a web page told you so.
The issue is that Microsoft is already forcing a lot on its "users", if only installing things from the OS store becomes commonplace, then I think MS Windows will end up like iOS and that is way worse (for me).
> Microsoft Store could have changed this situation
Don't you need to create a Microsoft account to use it? That makes sense for a store where you buy apps with money, but not for a package manager for free software like Notepad++.
P.S. I'm waiting for the day you need a registered Ubuntu account to use their snap store :(
Many of the software that people install on Windows are quite expensive. So if any package manager were worth calling a "store", one for Windows definitely would be.
It doesn't make sense to have one package manager for paid software and another for free software, so both types of software would be available in the same "store", with the unfortunate consequence that you need to log in with a Microsoft account in order to get free software.
But if I only used free software, I wouldn't even be using Windows.
Do you really need the entire walled garden of the store? It's not impervious just harder to attack but due to it's scale and value it will be constantly attacked. Not a great trade.
What happened to just good old OS APIs? You could wrap the entire "secure update" process into a function call. Does Windows somehow not already have this?
I'm sure updating can be done with OS APIs, though MS doesn't look like they're in any hurry to integrate even their own store with the Windows Update mechanism.
The problem is finding and installing new software. Without a well-known official repository, people end up downloading Windows apps from random websites filled with ads and five different "Download" buttons, bundled with everything from McAfee to Adobe Reader.
We should be asking how to enable adding external sources like Ubuntu PPAs (which can then be updated like the rest), not whether there should be an official repository to bootstrap the package manager in the first place. "Store" is just a typical name for such a repository, it's not mandatory.
The value of the store is curation: if the random scammers who put up “Totally Acrobat PDF” websites can’t get listed, it’s safer for people who aren’t security experts to trust the installer isn’t blatant malware.
The problem is that this needs strong regulation to prevent it from turning into a payola marketing scam where vendors have to pay for placement.
Why wouldn't those also become a target, if they would grow to be sizable?
And if they have prevention mechanisms, why can't existing supply chains be secured with similar prevention mechanisms, instead of funneling to a single package manager provider?
The supply chain for Notepad++ updates was a PHP script on a shared hosting account pointing to the URL of an executable file.
Surely someone with more resources and more sets of eyes could do better than that? AFAIK nobody has compromised Debian's APT repositories and Red Hat's RPM repositories yet.
Honest question. Are you telling me this has never happened to Linux? I seem to recall a situation where the source code was compromised. But maybe I am wrong.
Attempts to "preserve" a community, both online and offline, tend to end up preserving unhealthy power dynamics within the community as well, which would have been slowly replaced with something else if you had just let the community evolve (or disappear) naturally.
Often, members of the community who benefit from the status quo are the ones who cry the loudest for such preservation.
reply