I've always felt like Pat was a scapegoat who was chosen to clean up the mess when the whole place was already up in smoke and the smell was only starting to leak out. I liked his strategy, was disappointed to see him booted out.

Every Internet café had at least 2, with Ask.com, Google, Yahoo and later on, Bing being the main contenders.

But if not, I'm not criticizing GNOME in isolation here. It's just what I use and what I'm most familiar with. KDE has the same issues and it does have an extension system too. It's called KNewStuff.

But it wasn't always this way, and so, I don't think it has to be. People just need to start paying attention to this.

The impact of a lot of those vulnerabilities would be mitigated if the affected programs didn't connect to the network in the first place.

As for updates in general, I really like the model adopted by Linux update managers and BSD port systems. The entire repository metadata is downloaded from a mirror and cached locally, so the search terms never leave your machine. Downloads happen from the nearest mirrors, there's no "standard" mirror software (unless rsync and Apache count?) so they don't report what was downloaded by whom back to any central system and you can always host your own. Everything is verified via GPG. And most importantly, nothing happens on its own; you're expected to run `apt/dnf update` yourself. It won't randomly eat your bandwidth on a metered connection or reveal your OS details to a public hotspot.

Simple, non-invasive, transparent, (almost) all-encompassing, and centrally configurable.

Note that LibreWolf still leaves some of the stuff on for you to manually disable (dom.push.connection.enabled, extension updates).

[0] https://support.mozilla.org/en-US/kb/how-stop-firefox-making...

- GNOME Shell (extension updates without a way to disable this, weather),

- GNOME Calculator (currency exchange rates),

- NetworkManager (periodic hotspot portal checks in most configurations),

- GDB (debuginfod enabled by default),

- Firefox (extension updates, push notifications, feature flags, telemetry, ..., some parts cannot be disabled),

- VSCodium (Open VSX callbacks even when installing extensions from disk with updates disabled, JSON schema auto-downloads, extensions making their own unsolicited requests, ...),

- Electron (dictionary updates from Google servers, no way of disabling; includes any application running on top of upstream Electron, such as Signal, Discord, etc.),

- GoldenDict (audio samples fetched from the Internet on word look-up, no way to disable)

Of course, this is nothing compared to Windows [0] and macOS [1], but the malpractice of making Internet connections without asking, by default, has unfortunately been finding its way everywhere since modems stopped making audible sounds.

Having read about PRISM and seen the leaked dashboards of Paragon Graphite (said to be used by ICE), and with LLMs bridging the gap between mass and targeted surveillance, I don't want any of this.

[0] https://github.com/microsoft/calculator/blob/ffd0519676019a0...

[1] https://sneak.berlin/20201112/your-computer-isnt-yours/

Thanks for your correction!

A web-of-trust-like implementation of votes and flags, as suggested below, might be a solution, but I feel like it's an overkill. I've recently flagged a different clickbait submission, about Android Developer Verification, whose title suggested a significant update but that merely linked to the same old generic page about the anti-feature that was posted here months prior. Around 100 points too, before a mod stepped in, changed the title, and took it down.

Maybe the upvote button is just too easy to reach? I have a feeling that hiding it behind CSS :visited could make a massive difference.

systemd won't boot with this (needs to be PID 1), but a lot of software will work just fine and there's nearly zero emulation overhead.

Nice try, OpenClaw

Others (well, two people really) have also noted the lack of a linker script, start-up code, and that the project doesn't even build.

82 points at the time of writing, which is 4 hours from the post's submission. Already on the main page. The only previous activity of the author? Two other vibe-coded projects of similar quality and a few comments with broken list formatting, suggesting that they were never even reviewed by a human prior to posting.

Does anybody read past the headline these days? Had my hopes higher for this site.

[0] https://github.com/cmc-labo/tinyos-rtos/blob/2a47496047fdb45...

[1] https://github.com/cmc-labo/tinyos-rtos/blob/2a47496047fdb45...

[2] https://github.com/cmc-labo/tinyos-rtos/blob/2a47496047fdb45...

The Internet was carefully designed to withstand a nuclear war and this approach, being adopted en masse, is slowly turning it into a shadow of its former self. And despite the us-east1 and multiple Cloudflare outages of last year, we continue to stay blind to this or even rationalize it as a good thing, because that way if we're down, then so are our competitors...

Does this still count as clean-room? Or what if the model wasn't the same exact one, but one trained the same way on the same input material, which Anthropic never owned?

This is going to be a decade of very interesting, and probably often hypocritical lawsuits.

Here's what I'm referring to: https://github.com/califio/publications/blob/7ed77d11b21db80...