Yeah, it can quickly lead to analysis paralysis.
I've set up three laptops with a Linux on them for non-tech friends and family members and deliberately went with distros that "just work" (Debian and Fedora specifically).
In general I'd recommend sticking to the simple options and not going into niches unless you/the user actually wants or needs to.
Most sensible Compiler flags aren't enabled by default... I keep a list of arguments for gcc to make things better, but even then you'll also wanna use a static analysis tool like clang-tidy
There was a grant in 2023 which was supported by the European Comission. So I think the topic itself isn't entirely unknown.
https://nlnet.nl/project/Forgejo/
> We are seeking project proposals between 5.000 and 50.000 euro's — which should get you on your way.
Am I the only one to think this is completely ridiculous amount of money?
So, you want me to leave my very well paid job to innovate for the sake of EU competitiveness but you don't to invest more than 50k EUR (max grant). And as an individual you don't even stand a chance so this 50k EUR has to be distributed across several people. Did I get this right?
Ah, and I almost forgot about the double standards ... the same EU commission is on a spending spree when it comes to the development of a fkn EU website which you use to apply for these funds. Each Brussels-based developer doing that very innovative work is paid ~100k EUR. What a blasphemy.
No, they don't want to you leave your very well paid job for this grant, they want to chuck a few bounties at some FOSS projects and pay for some people to attend hackathons or conferences if they can fill in a form giving sufficiently compelling reasons. How dare they!
You're missing my point. "Chucking in a few bounties" is very different from what this topic is about. Let me spell it out for you once again:
> The EU faces a significant problem of dependence on non-EU countries in the digital sphere. This reduces users' choice, hampers EU companies' competitiveness and can raise supply chain security issues as it makes it difficult to control our digital infrastructure (both physical and software components), potentially creating vulnerabilities including in critical sectors.
The point you expressed was indignation at FOSS bounties paid by the Fediversity project out of a fraction of a single EUR 3m EU grant their consortium won being less than the full time salary of EU devs.
If you were trying to more widely insinuate that this third party dosing out small-to-modest incentives to individuals to do a bit of hacking on Fediverse stuff was the only thing the EU was doing to support Open Source or represented some sort of ceiling on the amounts EU-funded projects working on FOSS could pay their developers, it would be even more wrong.
Plenty of valid criticisms of the EU's cyber non-dependence strategy or the detail of grant and equity funding programmes for research and building stuff and how they weight FOSS (that's part of the reason for the consultation!) but you need to have the slightest idea what exists to get into those...
I took the Fediversity project as an example because it was mentioned above in the comment and not an example of something I wanted to specifically point it. Truth to be told 90% of other EU funds are similar if not the same in the context of grants, and no, I don't find it sufficient, and no, I don't think such strategy will yield anything worth the salt. You will keep the developers have fun with their projects but something worthwhile? Forget. It doesn't exist at such minuscule scale.
The only bigger denominator in terms of funds is Horizon which is completely political, and not worth mentioning at all, if that's what you wanted to suggest. It also operates under minuscule scale in terms of grants (up to 2.5M over 2 years) or funding (1-30M). No possibility for seed rounds which implies you already must be in the business and already have an almost viable product ready to deploy to the market tomorrow (EU bureaucracy calls it TRL6-8). This is all ridiculous and shows how detached from reality people making decisions there are. They even hire "experts" to weigh your application for which you know ... ta-da ... have to hire yet another "expert" to write that application for you. 100s of pages to prove your idea worthy. Once a year. World innovation runs at much much higher pace.
So, sure the R&D environment in EU is built on a very fertile ground and Brussels is doing their best to "call for an evidence" because open-source software is going to save the economy??? Right.
I'm currently a participant under a NLNet grant. I'm unemployed at the moment so getting a trickle of 1-2K of donation money per month working on my passion project is a pretty decent proposition.
You can also be a participant alongside your well paid job, because once the memorandum of understanding is signed you have a year to work through the proposal at your own pace, during weekends or moonlighting.
I don't doubt that at all and I'm glad for anyone who is managing to make some money from their open-source contributions, even more so in today's age where market is so volatile. I am being empathetic for that cause. But the point I am rather trying to convey is that this is not the strategy that will converge to something substantial that will make EU more competitive on global landscape.
I don't know how I could convince you, or anyone that's educated under the American capitalist system, that working for a commons is better in aggregate than relying on companies to pay for innovation and then keeping it a secret. "Competitive" is a slur in my opinion, I'd rather my work be "useful".
Working on things that make you happy instead of pushing the agenda of your employers, which in majority is unethical, immoral, or plainly unhealthy, is dystopian? It sounds utopian to me. :)
Are you sure? You can post questions even with a completely new blank account. It's comments that require some reputation, maybe you were thinking about those?
Honestly, until encrypted client hello has widespread support, why bother?
I mean I did it for fun the first time and now with caddy its not a lot of effort. But for a personal blog, a completely static site, what benefit do you get from the encryption? Anyone monitoring the traffic will see the domain in clear text anyway. And they'd see the destination IP, which I imagine in this case being one server that has exactly one domain pointed at it.
Men in the middle including predatory ISPs can not only spy but also enrich. Injecting JavaScript and embedding ads is the best case scenario. You don't want that.
In addition even without bad actors TLS will prevent random corruption due to flaky infrastructure from breaking the page and even caching those broken assets, preventing a reload from fixing it. TCP/IP alone doesn't sufficiently prevent this.
TCP ensures what gets sent on one side gets received on the other side. TLS just encrypts the data. So even without TLS, random corruptions won't happen unless someone does MITM attack.
No it does not. I've had this happen in legacy systems myself. The checksums of TCP/IP are weak and will let random errors through to L7 if there are enough of them. It's not even CRC and you must bring your own verification if it's critical for your application that the data is correct. TLS does that and more, protecting not only against random corruption but also active attackers. The checks you get for free are to be seen only as an optimization, letting most but not all errors be discarded quick and easy. Just use TLS.
Integrity. TLS does prevent man-in-the-middle attacks. For a personal blog, that may not be important but you _do_ get a benefit, even if the encryption is not necessary.
Yeah, that was my point. This guy is Linus' chief lieutenant and heir apparent, and he doesn't even bother to ensure the integrity of his transmissions is protected through TLS.
I'm not sure how you square that with findings that show any increase in UV exposure is associated with all-cause mortality[1]. It would seem that in this case common sense is bad sense.
This is exactly what I mean. You cite a single 12-yr old study and extrapolate its conclusion to extremes.
No mention of the Swedish cohort study (Lindqvist 2016) showing sun-avoiders had 2x mortality risk over 20 years. No mention of the dozens of ecological studies showing inverse relationships between UV and many cancers.
I could go on all day. You can't just paste one link and call it settled science.
For your consideration a 2025 meta-analysis[1] of 73 eligible articles concludes no change to current avoidance recommendations.
You'll notice that Lindqvist 2014, 2016, and 2020 are references 77, 78, and 79 respectively. Definitely interested in what evidence would change your mind. Any chance you could describe your evidentiary bar?
The meta analysis is inconclusive. I would not use that as evidence to back up the idea that you should avoid any UV exposure. I’d describe this as a complicated situation where reasonable people could disagree.
“””
What did we find?: Our findings are mixed. Exposure to sunlight has been reported both to increase and to decrease your risk of dying. Alongside its harmful effect on skin cancer, sunlight may help prevent other types of cancer. However, there were issues with the amount of data available, as well as the quality of some of the data that was available, so we can’t be certain about the findings. Currently, there is not strong enough evidence to alter sun exposure advice and so people should continue to follow the guidance.
“””
I’m not the original poster but one thing I look at is recommendations from bodies in other countries that have more experience with the issue. During COVID I found countries that had experience with SARS had better guidance than the US.
Similarly Australia has more than 2x higher skin cancer risk. The American Academy of Dermatology recommends even people with dark skin wear sunscreen daily, even if they don’t go outside. Australia doesn’t recommend this noting the tradeoffs of having higher risk of vitamin D deficiency.
String handling (or arrays in general) has got to be the single aspect of C that I despise the most.
Its clunky to use, often needs unnecessary copying (e.g. atoi) and makes it really easy to invoke undefined behavior.
I still don't get why a simple ptr+size type hasn't made its way into the language. #embed got in but I guess a new type would have been too much... at least we got bool after a few decades.
Also, for those that want the trimming behavior of strncpy but with the null termination, you can replace the strncpy calls with snprintf.
You should also always enable -Wstringop-truncation.
Stable interfaces and not being in versioning hell (cough libc) would actually be good for FOSS as well.
If you make a piece of software today and want to package it for Linux its an absolute mess. I mean, look at flatpack or docker, a common solution for this is to ship your own userspace, thats just insane.
Agreed... I'm kind of a fan of AppImage/Flatpak/Snap (less Snap, but still)... even then, I don't use a lot of apps, and most of my variety is usually via Docker.
It's much more bloated than it should be, but the best way to reliably run old/new software in any given Linux.
In general I'd recommend sticking to the simple options and not going into niches unless you/the user actually wants or needs to.
reply