Many systems do not fetch updates from the Mozilla root store, but from their (possibly Debian-derived) stable distribution of it. Meaning two highly respected entities, known for being well aware of the wider impact of their careful enforcement of strict policies, need to agree to cause any major breakage. When that happens, I can blindly trust they did the thing needed to keep the unaffected parts of that weird system working as intended.. and then still head to bugzilla and read about the background - to laugh at whoever triggered the mess.

> Meaning two highly respected entities, known for being well aware of the wider impact of their careful enforcement of strict policies, need to agree to cause any major breakage.

Note that this is not a "both" but a "any of them". One can disagree with the other on this and still cause wide breakage.

If my revealed preference is that you should pay extra to subsidize my shopping, does that really make you any more complicit in the redistribution scheme?

>bury any negatives

I was looking for the x86-specific rant, and did not find it. You'd think that team would have had something to say about architecture complexity.

Nvidia’s GPU root of trust, where they are using SPARK, is based on RISC-V, they have a talk about that choice, https://news.ycombinator.com/item?id=43045952

I never gave my poem to Facebook. My site is for humans. And there was absolutely no problem with that website being public, until Facebook et al wanted to move the goalpost.. again. Remember when companies started to claim that their abuse is on you, because you failed to publish the correct headers/robots.txt and their bot needs to be told the rules in specific language? And now we get the same attempt at making such distinction again, just this time its our fault for .. having a public website in the first place (should have operated a paywall, duh!)

They flat out refuse to show what the origin server sent, unless you run some Javascript. Which is sufficient to no longer care about what the browser states in the request headers.

It is difficult to gauge the size of the Cloudflare effect.. if the usage statistics the site owner is collecting.. are also not collected for those undesirables.

Well yes: if Canonical cared they could make most of their snaps work almost as good as the Debian packages they dropped, and then it would be the same to the user.

But also no: even if they spent years catching up they would not reach the level of not-sucking that .deb get without extra effort, as a result of decades of policy ossified into the supporting tools. Such as the strong expectation that apt deals with packages that can be (re)built from their declared inputs and share common build-essentials. Whereas snapcraft does not even provide the tools yet to easily rule out building from ephemeral inputs or merely-accidentally working rust versions.

Even twine decoupled itself from my python toolchain some time ago [1], through some dependency. Cannot install it unless you are on a system trusting trust in rust™.

[1] https://github.com/pypa/twine/issues/1015

I've seen people do that, and the results are.. just sad. These modern models insert their twitter-era "what grabs attention must be true" view into the very little authentic past we still possess.

What did 4o get wrong about the title image in the transcription I just gave you?

We're at something like 116 now and they keep coming up with funny terms for it.

secure enclaves, secure virtualization, trusted execution environment, trusted platform, confidential computing, protected execution, LaGrande, protected launch, hardware attestation, ..