Usually the asshole.

It’s you can modify the settings file you sure as hell can put the malware anywhere you want

True. (But in case it amuses you or others reading along:) But a code settings file still carries it’s own special risk, as an executable file, in a predictable place, that gets run regularly.

An executable settings file is particularly nice for the attacker, as it’s a great place to ensure that any injected code gets executed without much effort.

In particular, if an attacker can force a reboot, they know the settings file will get read reasonably early during the start-up process.

So a settings file that’s written in code can be useful for an attacker who can write to the disk (like through a poorly secured upload prompt), but doesn’t have full shell access yet.

They will typically upload a reverse shell, and use a line added to settings to ensure the reverse shell gets executed and starts listening for connections.

Edit (because it may also amuse anyone reading along): The same attack can be accomplished with a JSON or YAML settings file, but it relies on the JSON or YAML interpreter having a known critical security flaw. Thankfully most of them don’t usually have one, most of the time, if they’re kept up to date.

Yeah. The “this got dumped on us and we’re doing the minimum until we can replace it” is a genuinely solid use case for vibe coding.

And honestly, that’s all I usually did with those before AI came along anyway. So I welcome better tools for it.

If you want better software, you have to give developers worse hardware to develop on, and more time to develop.

Shhh. There could be application development managers listening… (I’m joking… Mostly.)

Sweet. Thank you.

I like your idea, but hear me out:

A Python file for configuration is the best way to guarantee that any friendly code I write to help the user with config usually won’t execute. And I hate my users.

Yeah. Maybe .to_lower() is really expensive in their environment, lol.

Hey, that’s my username too. Or it was going to be, while the site was still up.

What a coincidence!

I guess I’ll wait for the site to come back, and see if it’s still available…

so that it looks like you messed up the tiling somehow

I wish more tiling developers understood this. Gaps between windows looks broken. I don’t mind it being an option, but to me it’s such a weird choice for the default.

Yeah. If the whole heating the planet to exterminate all humans gets revealed to be an alien attack on us, I’ll be angry.

But if the aliens simply share a screenshot of Hotdog desktop theme, in explanation of their actions… I’ll probably just nod.

There’s an extension that lets me close and open windows with the Matrix Code Rain so I can pretend I’m cool n shit.

Awesome. Looking into that just got added to my weekend plans. Thanks!

Today I learned the term Vibe Coding. I love it.

Edit: This article is a treasure.

The concept of vibe coding elaborates on Karpathy’s claim from 2023 that “the hottest new programming language is English”,

Claim from 2023?! Lol. I’ve heard (BASIC) that (COBOL) before (Ruby).

A key part of the definition of vibe coding is that the user accepts code without full understanding.[1] AI researcher Simon Willison said: “If an LLM wrote every line of your code, but you’ve reviewed, tested, and understood it all, that’s not vibe coding in my book—that’s using an LLM as a typing assistant.”[1]

Did we make it from AI hype to AI dunk in the space of a single Wikipedia article? Lol.

Sounds just like my last dual boot setup, as well.

I believe I said “I’ll just boot back to Windows next time I want to play…this game…that just launched and played perfectly under Proton…or…this other game…which also works…huh…”

while Linux will boot you into broken system and expect you to know what to do.

But…

even if the answer is a simple as selecting a different entry from the GRUB.

Okay. Yeah. It’s often that simple.

I take your point, but I’ve had my Windows blow itself to hell way more than my Linux has, and putting Linux on relatives machines has been by far the least hassle of the big three, for me.

But that’s just my anecdotal experience.

I feel seen. And belittled. But mostly seen.

Then there will just be some other stuff that has been developed that people want ;-)

Yeah. As a “DOS was good enough” person, I honestly didn’t expect so exited for all the updates in Gnome this year. But the Gnome team is on a hot streak. I really may get to eat my “Debian stable is all I need” words again in a few years.

Oh I understand. I’m the person who reaches for a terminal for my Windows user relatives, when they ask nicely.

Lately though, they just live with it, or they go learn some CLI if they care enough, because Windows throws them all kinds (variety) of crap that Linux doesn’t have trouble with anymore.

(Edit: The frequency of Windows issue is fine. But the variety of Windows corner cases makes casual “I’ve seen that” friend support not work as much anymore for me. I used to be able to help my friends more when Windows was a lot worse, ironically.)

I never have to mess with the settings on my Windows boxes once I have them configured the way I want. Like, ever.

Yeah. Same here. For both my Windows and Linux boxes. Though if I’m comparing, my Windows box is the only one that demands technical support every so often.

And that’s genuinely a big change. Us tinkerers are using threads like this one to come to terms with it.

And we realized we should sort of quietly wave the “all clear” for folks who wanted to switch but couldn’t.

Then we give ourselves permission to go back to pretending Windows users are happy and don’t need our help, for another couple of years.

How is the company fucking me, if I enjoy playing the game and get my money’s worth?

If it doesn’t bother you, you do you.

To me, it’s fucking with me when they add software layers that adds no value and just makes my game harder to play, long term.

Note that I’m not as mad at anti-cheat stuff, since it does add value. It’s usually a shitty half-assed solution, but it has a reason to be there. And most of it works better on Linux anyway.

It’s the weird other extra stuff that makes feel like they’re just fucking with me. There’s no remaining technical reasons a new game can’t run on my SteamDeck better than on my Windows laptop. And most games do.

This is a lot safer on Linux than Windows, this year. A lot of engineering has gone into making updates resilient.

And Linux hasn’t done the Windows 10 to Windows 11 - black screen for a couple hours, hope you know not to touch it - that we sometimes see.

Linux now has a stronger default permissions model, so it’s a lot harder for user error to break the machine in serious ways, even if they do reboot during a sensitive update.

Month and a half into using Mint Cinnamon… frankly it’s hard to feel like I’m not still using Win10.

I haven’t used Mint in a minute, but yeah, I think that’s the dream with Mint.

I’ve been digging the vibe of recent stock Gnome and KDE releases, myself.