I cringed hard when some people started to make pacman wrappers that could install from AUR directly.
I've installed stuff from the aur before but most of the times I prefer to skip the middleman and just navigate to the project website. A premade pkgbuild is not convenient enough to take the risk of typoquatting or the tactical npm or pip dependency.
`yay` (one such wrapper) shows me the PKGBUILD diff on every update. The first time I install something I verify the URL, and check any install script etc. seems sensible; the vast majority of subsequent updates are changes to just version number & checksum. A typosquat attack would be very obvious.
(It's a bit vulnerable to it on first install, but so is 'just navigate to the project website [and click download]'.)
Git repo have been attacked other times in the past, but a 500/1000 stars project still sounds more trustworthy than a user repository managed by randos with a couple of upvotes.
I still use the aur for simple cases, but when I see aur packages depending on multiple other aur packages I immediately leave.
It shows the overall diff since last update, not patch-wise. But it does show any extra patch file, install script, etc. – not just the PKGBUILD – if that's what you meant.
People continue to criticize Arch for being elitist or gate-keeping to keep casuals out but there are clear benefits by not allowing dangerous things to be simple. This is true in many aspects of life.
After using Void Linux I switched to `aurutils` to get a similar separation on Arch. I can easily maintain a local AUR repo by compiling/making my own binaries and can use `pacman` to install and manage them which improves the upgrade process overall.
For me, this tradeoff isn’t worth it. I didn’t switch to Linux so that I can waste time going to websites and clicking “download” to update my programs like a Windows user.
The pacman wrappers you mention are crazy, though.
You then get the advantage of the OS’s package manager accounting for everything, however. It’s quite nice to not wonder whether there’s random stateful detritus throughout your system and what it might be affecting. (OK, to be honest there still will be, but much less of it, and a greater part of it will be attributable.)
I think it's also a bit of a testing ground for the main repos as well. I maintained the `ruby-build` AUR package for a couple of years after the previous maintainer wanted to step down, but they eventually added it to the main repos and now it's maintained by one of the official people. (I don't recall ever having to do more than paste in the new release tag into the PKGBUILD each time and then generate the new .SRCINFO and checksums in terms of actual maintenance, although I'd test locally first before pushing of course).
I only have a couple of things in /opt/ and some manually installed fonts, and vim plugins in my home.
Everything else that I don't use often lives in the original cloned git repo in /home/projects and never really gets installed.
Of course the process breaks down for a large amount of packets, but I've never been in that situation.
In part because the official repo is already large, and in part because I like minimalism.
If that even became an issue, I would manage a personal set of pkgbuild probably.
I will add to the list that for some weird reason in my country original language is not always available for all movies, and the subtitle experience in genenal is lacking.
In some Netflix shows, they say words in the english audio that are translated in French with different words with a similar meaning, and with english close-caption words that are also different from the original english audio.
My favorite example of bad Netflix subtitles is Suits (2011). The music during the intro is the same throughout the series, from the song Ima Robot - Greenback Boogie. The English subtitles for the lyrics are wrong every single season, and they're wrong in a different way for every one of those seasons. The lyrics are not at all hard to understand--they've pretty specifically cut together some of the lyrics that are easiest to understand--so it's extremely obvious, but somehow nobody at any point figured out that they could just do it right once and not look totally incompetent.
After the initial Netflix release of the first 3.5 seasons (might have been 4.5, it was a baffling cutoff) they somehow decided not to add the rest, so I pirated it. Every single pirated intro came with perfectly correct lyrics.
French part of Switzerland. Quite a few shows and movies, ie anime but also others, have original audio track (so lets say japanese for anime) and only german subs. You can probably count number of folks on your fingers and toes who would even be able, let alone willing to watch this in such combination from this region of meagre 2.2 million folks but quite rich on average.
So torrents it is, its legal here, lightning speed, always superb quality (one can choose any movie in range between 1GB and 50 GB for 1080p and all is very good looking), get it in a minute, and watch.
I don't blame Netflix generally (well for those german subs I definitely do, I know they have english ones just couldn't be bothered and I have hard time believing they have region issue with english subs) but license owners, they are the ultimate fuckers messing with content holders/resellers/renters, and consequently us users.
Also, torrents are so convenient, I won't be paying some service just to see a single show a year. I just won't even for a month and shuffle things like idiot, thats a bad proposition.
Downloading such content is not prohibited by law in Switzerland, thus legal. Uploading however is a different story.
So stating that torrenting is legal is not actually true. Unless maybe you simply fake your upload.
Even for English speakers, the subtitle experience with pirated movies is often lacking. Movies with non-English-speaking characters are often meant to have subtitles for their dialog and not for English speakers by default, but many pirated versions don't do this. I recently saw discussions online of a lot of people saying they went an embarrassingly long time without knowing there were supposed to be subtitles for the aliens in District 9 or the mute hand-signing girl in The Boys.
Lots of systems like Jellyfin/Emby/Plex etc will pull subtitles from a online repo. And yeah, exactly what you say will happen a lot of the time, and it's near imposable to work out which ones are correct.
I watched an English language TV show, that had a load of German in it. And I got subs for all the English, nothing from the German, then I switched to another source, then it had the inverse, which was great. But what if I wanted subs for the whole thing?
I think one even had the German words, in German....
That's considered a feature in the community. Burning subs on the video trace is considered bad, but most video player will not automatically show any subtitle track.
I am no longer a junior, but would have been upset to be tasked with refreshing the old historical obsolete laundry (no matter how sacred or distinguished), expecially when I already had experience delivering safety critical products packing much more modern technologies.
The opportunity they would be offering is not rare at all! The opportunity to research and design something truly new on the other way is very scarce.
Also, many decisions taken Probably can be traced to limitations / idiosincracies of the era
And you're left with a codebase that has been in hands of 6 Decades of probably great engineers that have already done a lot, plus any of the arcane cruft of such a long lived and esoteric project
It's a great CV highlight, but I don't know if it's the best learning opportunity
What have you worked on that is as cool as a space probe that's cruising in interstellar space and still collecting valuable data?
There are a lot of things as cool as, done by people I know, such as the gyros on the Webb telescope, the APU in the F-35, or a small rack-mountable Cesium reference clock, but there aren't many opportunities like that.
That's the thing. You only have the cool factor, but that wears off very quickly when you are maintaining legacy code and tools and then your collegues are playing with the new hot and shiny toys.
I won't write about the projects I've been involved with for privacy, but to give you an idea some of my old team members were involved in ams-02 for example.
Is that because juniors want to leave their name on something? I ask honestly since I shared a lot of the same sentiment as you, and never quite got an understanding as to why working on the cool new thing was "more fun" even if a lot of the projects under-the-hood were recycled.
> Programmers are, in their hearts, architects, and the first thing they want to do when they get to a site is to bulldoze the place flat and build something grand.
> We’re not excited by incremental renovation: tinkering, improving, planting flower beds.
>> The opportunity they would be offering is not rare at all!
The opportunity to maintain software running on a spacecraft is not rare? I don't think so. And those two particular spacecrafts? I'd take that job in a flash.
It's owned by an American no-prrofit with a dedicated subsidiary, so still a commercial product and (more relevant) usa-based with all the potential implications.
Wire is for profit but german-swiss.
It's a commercial entity that is within EU jurisdiction, whereas Signal is within US jurisdiction. The distinction is important if for example a hostile country were to invade the territory of an EU member state, let's say a large island...
> It doesn't matter what country they reside in, if a valid court order is produced it must comply.
A USA court order is not going to get much compliance from a German/Swiss company.
> my understanding is that there is minimal meta data to hand over as the message contents are unreadable without the keys.
That may well be true at the moment (I believe so, anyhow), but it's entirely possible for the USA administration/security services to force any U.S. company to install backdoors and not be allowed to mention it to anyone.
The implication that eu is (rightfully) butthurt and don't what to relay on usa if there is the risk of meddling of any kind or blackmailed with denial of service (regardless if it makes sense here or not, this is entirely political).
And there is also the darker side of some eu parties pushing for more surveillance, and in that case stuff like signal would be kind of a problem as well.
The study want to prove that cocaine is yet another polluter thar alters the fish behaviour even in the small quantities that can be found in the wild in polluted areas. Not that something is special or different about cocaine pollution.
So the control group in this case are fishes with an implant with no drug at all.
I remember a lot of online servers from the Jedi Knight series where people would spend a lot of time talking (well.. writing in chat), messing around, making friendly duels or exploring weird custom mmaps.
I've installed stuff from the aur before but most of the times I prefer to skip the middleman and just navigate to the project website. A premade pkgbuild is not convenient enough to take the risk of typoquatting or the tactical npm or pip dependency.
reply