francescovv's comments

> Debian (...) are distributing a series of patches to the Makefile.

Where do you see that, sorry? I'm looking at the "Download Source Package" section here:

https://packages.debian.org/sid/stterm

...and the only patch on there is debian/patches/0001-fix-buffer-overflow-when-handling-long-composed-inpu.patch, which doesn't touch Makefie.

> you need to "edit your makefile". That isn't going to work for distributions

Is it not? [st] requires exactly that. And it works for distros, from what I can tell - debian/ubuntu, arch, almost everybody seem to ship it just fine.

[st] https://st.suckless.org/

Hanlon's razor is useful to curb one's paranoia, but it is far from being a universal rule.

In fact, malice and incompetence are not necessarily mutually exclusive.

This very incident shows several instances where "Jia Tan" is being arguably incompetent, in addition to being clearly malicious: unintended breakage by adding extra space between "return" and "is_arch_extension_supported"; several redundant checks for `uname` == "Linux"; botched payload, so "test files" had to be replaced, with pretty fishy explanation; rather inefficient/slow GOT parsing, list goes on...

Wait, lens can affect colours?

That was between two Android phones, with receiving phone being "oppo" or some such, with stock firmware. Receiving phone would see incoming file request, ask user to accept, then error out with "unknown file", and no way to actually save it. I've sent files via bluetooth from lineageos to lineageos, no problem.

> What (...) happened to easily sending data, over the Internet

And for mobile phones - without internet is similar, unnecessarily hard. The other day I was hiking with friends, and wanted to share a .gpx file with the route, at some spot with no cell coverage. I thought: "I 'member, bluetooth can send files". Well, we spent good 15 minutes trying and miserably failed, that's no longer possible in the name of "security". So I had to wait for cell signal to come back and send the file via whatsapp. To someone standing right in front of me.

Alternative would be to have model itself aware of sensitive topics and and meaningfully engage with questions touching such topics with that awareness.

It might be a while till that is feasible, though. Until then, "content safeguards" will continue to feel like overreaching, artificial stonewalls scattered across otherwise kinda-consistent space.

> [Alpine] just do not link SSH against libsystemd

Arch doesn't either.

In fact, official releases of openssh-portable don't. One has to patch it for that. Debian and Fedora (as well as their downstreams) do apply such a patch [1]. Most other distros don't.

[1] https://sources.debian.org/src/openssh/1%3A9.7p1-2/debian/pa...

> 100s of dependencies. If there is a 1% chance of a random repo having a backdoor, the project will be compromised

Apologies for nit-picking, but that's not quite how sum-of-probabilities work. Total probability across 200 tries of 1% chance each, is ~87%:

  p=0
  for _ in range(200):
    p=p+(1-p)*.01
  print(p)

  0.8660203251420382

Your "sooner or later, to the point where we can assume" conclusion, still stands, of course.

> transistors in an orderly matrix (...) forming scattered circuits connected by thin metal wires.

That's [ULA], isn't it? This tech was also known as "Gate Array", before FPGA came along.

[ULA] https://en.wikipedia.org/wiki/Uncommitted_logic_array

Excellent article, and sections "NAT Problems" and "NAT Solutions" are a good starter on that topic.

Except even third-choice solution is not always feasible. Reserving fixed RTP/UDP port range is not possible with carrier-grade NAT, which is quite common with residential ISPs and nearly-universal with cell ISPs.

Fourth-choice would be to reserve port range on a personal server (which would run B2BUA, asterisk in OP's case; or an RTP proxy), and force calls, including media, from/to SIP handsets to go via that.

@dang: sdf.org is a multi-tenant domain. It would be nice if HN's site link would treat it as such, i.e.:

- /from?site=thomask.sdf.org

- not /from?site=sdf.org

> No one is taking your voice print and biometric details

Some Italian cell operators do. For example, when you are buying a new sim card for Iliad, you do this in front of an automated kiosk where you have to scan your ID, then face camera and say outloud "my name is Insert Your Name Here, and I would like to make a phone service contract with Iliad".

Is there anybody around here who tried both Guacamole and https://github.com/novnc/noVNC - and can describe pros/cons?

OP touches on a slightly tangential topic:

  This is kind of meta because I’ve turned this
  autocomplete feature off, I’m sure of it.
  Did I just do it on my phone? Did my wifi
  blip so the AJAX didn’t work? I certainly
  didn’t turn it on.

This strike home hard for me, as a pervasive problem. So many tech companies conveniently "forget" about user preferences all the time.

For example, on my kobo e-reader, I'm positive I've disabled auto-update. And yet, one day few weeks ago it auto-updated and the new version stopped displaying side-loaded .epub files (from project Guttenberg). No rollback, no appeal. Seller's 2-year warranty has recently expired. Now essentially I have a modestly expensive semi-brick that will only let me read two titles purchased via kobo store, and nothing else