To attack your specific example, cars have added all kinds of things that "hand hold" the user and keep them (and others) safe: Seat belts, air bags, anti-lock brakes, traction control, automatic emergency braking, back up cameras, lane keep assist, blind spot monitors, etc, etc, etc. (Oh, and guess what, per-mile traffic deaths are WAY down from a few decades ago).
All of which are trivial for a user to override, disable, or ignore completely except the primary airbags, which I believe is the whole point. The user is in control and its all in the owner’s manual to boot.
Many are not, and ma y of the ones in the pipe line, like speed limiters and drunk driver detection are going to be legally mandated to be nondisableable..
Nearly every package manager I've ever used had post-install scripts.
You're collapsing two different threat models. The risk isn't that code runs, it's WHEN it runs.
This worm spreads because npm install runs arbitrary scripts as you, automatically, just from resolving the tree. You don't have to build it, run it, or even import it. Opening the project in an IDE is enough.
apt/dnf scripts run on packages a maintainer signed and a distro gatekept. Not on whatever some rando pushed to a public scope 20 minutes ago that landed in your lockfile six levels deep.
"They both technically execute code" is true and beside the point. One runs signed code from a trusted path, the other runs unsigned code from the default automated path. That's the whole ballgame.
> You're collapsing two different threat models. The risk isn't that code runs, it's WHEN it runs.
> You don't have to build it, run it, or even import it
If you just installed something with npm, chances are you'll be running it shortly, either as a tool or a library, probably minutes or seconds later. I imagine the use case of installing an npm package you don't plan on using or transitively importing, constitute a small portion of npm installs.
> apt/dnf scripts run on packages a maintainer signed and a distro gatekept
Unfortunately apt/dnf isn't much better here because random tutorials online suggest people add random repositories where the creator of any repository effectively has root access to anyone machine that adds it as a remote.
It's the exact same problem when random tutorials (and official pages) recommend to do a curl "URL" | bash to install something. Every time that I see it, I look it suspicious.
You only need that fancy database when you have lots of users. When you release a server binary that anyone can run it doesn’t need to support quite so many. Have a compile–time flag that excludes the fancy database when set, and have it fall back to something simpler like SQLite or Postgres or whatever you want.
After years of plugging away at it, sure. We can't rely on years of free labor from the community to make the games we bought work. Even if they had to substitute some proprietary libraries, it would be a much better starting point.
It seems if you want you're allowed to set it up on your own property, which is surprising reasonable for Sydney standards. Just no more than 6 months after which you need to make a permit, possibly make a development application or something as it may be viewed as a permanent increase in floor space which tends to be tied infrastructure levies and maybe rates (think property tax). You can't set it up in the middle of the outback without some kind of planning proposal to rezone it to permit it.
At least with NSW (the state Sydney is in) the criteria are likely consistent across the state)
In Sydney Trailers likely aren't subject to Development control plans (DCPs) but other kinds of prefab/manufactured homes definitely are. Here's an example of a DCP, here is an example one from Randwick (one of 20-30 councils sydney is compromised of): https://hdp-au-prod-app-rcc-yoursay-files.s3.ap-southeast-2....
It regulates room size relative to floor ceiling distance, solar and privacy impacts on adjacent sites, minimum privacy and solar inside the dwelling (such as the amount of sunlight during the least sunny hour of the least sunniest day of the year), setbacks, etc, etc. If its next a heritage item it can't mimic it, it also can't take attention from it, has to confirm with some abstraction notion of sympathy to the heritage item
Agreed, although in addition to that the hope was to do other things too like divert funds out of tasks the police do that they shouldn't be doing in the first place (like mental health calls and wellness checks) and into social services/EMS instead and also away from internal affairs and into independent/community oversight boards (no more policing themselves).
I doubt any pithy slogan would have encompassed all of it, but the least they could have done was avoid something that most people would reject instantly for being insane. It's amazing that so many people managed to get past the slogan at all to get into the "well actually what we mean is..." and it was totally predictable that the slogan would be weaponized against the movement by opponents
For the same reason the CIA doesn't publish the Windows exploits it finds?
reply