JakenVeina

You're right to think that "since it's open source, people can see what it's doing and would right away notice something malicious" is bullshit, cause it pretty much is. I sure as hell don't spend weeks analyzing the source code of every third party open source package or program that I use. But just like with close-source software, there's a much bigger story of trust and infrastructure in play.

For one, while the average Joe Code isn't analyzing the source of every new project that pops up, there are people whose job is literally that. Think academic institutions, and security companies like Kaspersky. You can probably argue that stuff like that is underfunded, but it definitely exists. And new projects that gain enough popularity to matter, and don't come from existing trusted developers are gonna be subject to extra scrutiny.

For two, in order for a malicous (new) project to be a real problem, it has to gain enough popularity to reach its targets, and the open source ecosystem is pretty freakin' huge. There's two main ways that happens: A) it was developed, at least partially, by an established, trusted entity in the ecosystem, and B) it has to catch the eye of enough trusted or influential entities to gain momentum. On point B, in my experience, the kind of person who takes chances on small, unknown, no-name projects is just naturally the "exceptionally curious" type. "Hmm, I need to do X, I wonder what's out there already that could do it. Hey, here's something. Is it worth using? I wonder how they solved X. Lemme take a look..."

For three, the open source ecosystem relies heavily on distribution systems, stuff like GitHub, NuGet, NPM, Docker, and they take on a big chunk of responsibility for the security and trustability of the stuff they distribute. They do things like code scanning, binary validation, identity verification, and of course punitive measures taken against identified bad actors (I.E. banning).

All that being said, none of the above is perfect, and malicious actor absolutely do still manage to implant malware in open source software that we all rely on. The hope is that with all of the above points, as well as all the ones I've missed, that the odds of it happening are rare, and that when it DOES happen, it's way easier to identify and correct the problems than when we have to trust a private party to do it behind closed doors.

Great recent example, from last year: https://www.akamai.com/blog/security-research/critical-linux-backdoor-xz-utils-discovered-what-to-know

Me, I see this story as rather uplifting. I think it shows that the ecosystem we have in place does a pretty good job of controlling even the worst malicious actors, cause this story involves just about the worst kind of malicous actor you could imagine. They spent a full 2 years doing REAL open source work to develop that community trust I talked about, as well as maintaining a small army of fake accounts submitting support requests, to put pressure on the project to add more maintainers, resulting in a VERY sophisticated, VERY severe backdoor being added. And they still got found out relatively quickly.

By Thursday afternoon, the attorneys were taken off the case while a transportation department spokesperson speculated they published the document as an act of sabatoge.

Props, if true. But this is the Trump administration, sabotage is absoutely not a requisite for incompetence.

I agree, RFK should stop telling people to kill themselves by ignoring modern medicine.

Sick.

Me, I've thought about doing an "unlock everything from the beginning" playthrough, but I don't think it would appeal to me. In the face of having to invent my own purely-creative goals for building stuff, instead of having in-game goals to work towards, I find I'd rather go play something else on my backlog.

Instead, I leave the game at default settings, and come up with personal challenges to keep things fresh. The challenge for my current playthrough is "farm-to-table", meaning every factory has to make all of its intermediate products from raw resources (except for project parts) and "optimal resource usage" which means each factory has to make FULL use of the raw resource nodes its connected to, and ALL machines in the factory need to be clocked to run at 100% efficiency.

If I do another playthrough, I might do "excessive usage of trucks and trains" or "machinery as compact as possible".

Long story short, think about what would really keep you engaged, and I'd say go for it.

There's the guy who urges the captain to increase the ship's speed, so they can arrive a day early and impress everyone that the "unsinkable" ship is also super fast. And then sneaks his way onto a lifeboat at the end, when they're only supposed to be taking women and children. Arguably a parallel to Musk in that he's partly responsible for the sinking of the ship.

Much more prominent is Rose's (Kate Winslet) rich scumbag fiance who refers to Jack (Leo DiCaprio) as a "gutter rat", responds to "half the people on this ship are going to die" with "not the better half", tries to bribe with cash one of the men loading boats in order to secure himself a slot, and ultimately manages to get on a boat by picking up a random crying child and claiming it as his own. Much more like Musk himself, but not really a parallel in having resposibility for the ship sinking.

My wife runs a large online D&D guild, with games 4-5 nights a week (not that you play in all of them, they just have that many people). They're no strangers to kicking people that cause drama, and they have several trans and non-binary members already.

I will say that they might not be able to bring their character in, as-is, if it's heavily based on "official" D&D lore and sourcebooks. The group has spent 8 years building all their own lore and tuning some homebrew rules and classes. It's mostly built on the 5e foundation, though.

I believe this is where they'd go to apply.

I will make this agreement with anyone, today, so long as it is made in good faith. Which means, they have to start by fully acknowleding their role in getting us to where we are, apologize, and promise to do better.

This is not what we're getting from Rogan.

"I'm sorry. You all tried to tell me, and I didn't listen. I was wrong"

We can talk about forgiveness and acceptance when he gets to this point.

I wonder how much Harry Potter had to do with the trend, cause superficially, that's Harry's story. It's a good implementation of the trope, though, because it's subverted rather quickly, and by the end of the seeies it's a core theme: Everyone WANTS to treat him like he's inherently special, and he's really not. It's his CHARACTER that makes him special.

Not yet, but I've only played 3 sessions since they came out. I suspect when I do have an opportunity to use them for debugging something, the 1-minute sampling window will limit their usefulness.