I would go a step further and say that any time one of these MAC systems has to resort to user interaction to do its job, it’s a straight up failure case: the system simply didn’t have enough information to do its job, ended up doing no better than a blanket “block everything” config, and is asking the user to do 100% of the heavy lifting of determining what should happen.

So, when I hear

If someone is lazy or not knowledgeable enough to make the right decision…No automated system can protect [them].

I hear: “every access control system is fundamentally broken”. Which is fine, maybe that’s true, there’s a reason social engineering is so useful. So then all these systems should prioritize streamlining that failure case as much as possible: Tell the user what is accessing what, when, how, and then make it trivial to temporarily (with well defined limits), permanently, (or even volatile-y using CoW/containerization/overlay fs) grant or deny access as quickly and easily as possible.

Every other system you’re comparing SELinux, AFAIK, handles this case better, which is why users tend to prefer them.

For the record, I’m not arguing that SELinux is bad at the actual access control part, I’m only answering why people don’t like using it, which is how it handles the failure case part. Now it’s been a while since I’ve used SELinux and I’ve never used setroubleshooter, but if you tell me it actually streamlines all of this to be smoother than every other tool, then I’ll install it tonight!

How do you know when you’re letting through a valid access, an unnecessary one that could be a vulnerability, and an actively malicious one?

I don’t think anyone is saying throw out all access control, they’re just saying SELinux adds too much unproductive friction for everyday usage. You said it takes 15m to troubleshoot. But that’s not a one time thing, that’s 15m that scales with the amount of new programs and updates you’re running. And 90% of people aren’t even going to be able to tell they’re looking at a malicious access if they’re in the habit of always working around blocks that show up.

Yes, and I don’t like the common comparison to binary blobs, and I’m attempting to explain why.

It is inherently safer to blindly run weights than it is to blindly execute a binary. The issues only arrise if you are then blindly trusting the outputs from the AI. But you should already have something in place to sanitize outputs and limit permissions, even for the most trustworthy weights.

It’s basically like hiring someone and wondering if they’re Hydra; no matter how deep your background check is, they could always decide to spontaneously defect and try to sabotage you. But that won’t matter if their decisions are always checked against enough other non-Hydra employees.

If you are familiar with the concept of an NP-complete problem, the weights are just one possible solution.

The Traveling Salesman Problem is probably the easiest analogy to make. It’s as though we’re all trying to find the shortest path through a bunch of points (ex. towns), and when someone says “here is a path that I think is pretty good”, that is analogous to sharing network weighs for an AI. We can then all openly test that solution against other solutions and determine which is “best”.

What they aren’t telling you is whether people traveling that path somehow benefits them (maybe they own all the gas stations on that path. Or maybe they’ve hired highway men to rob people on that path). And figuring out if that’s the case in a hyper-dimensional space is non-trivial.

Ah that’s fair, I didn’t look closely

“Open carry prohibited, concealed carry without a permit” is Chaotic Evil energy.

Is this running in your rc (i.e. every single time you open a terminal)? Even if it’s safe, I’d be annoyed by any delay.

I’m going to say it’s not a “you” problem, but a “who you’re surrounded by” problem. Is this something you’re used to percieving accurately? Do you have friends or family who would actually mean it rudely? Because, as others have mentioned, I simply would not be able to function at work if I interpreted 👍 as rude/sarcastic.

I have to assume you’re young or your work doesn’t involve communicating with coworkers or clients over text. I’d also be curious if you look back at this post 5-10 years from now and think “wtf was I on about?” (I’d also be curious if civilization still exists 5-10 years from now, but I digress…)

It’s not sunk cost, dude. We agreed that $120 will get them 5 years of service that meets their needs. Even if they switch to jellyfin after 5 years, they still got their money’s worth.

It’s only sunk cost if they are worse off than if they had switched earlier. I guess if you’re arguing that they would still have $120 if they switch today, I would argue they should still pay that $120 toward jellyfin’s development. And that’s assuming they have time to switch to jellyfin AND it fits 100% of their usecases, either of which could be untrue.

Or Plex currently does everything they need it to, and $120 for 5+ years of keeping that going without any interruption of service is very reasonable. In the meantime, jellyfin will only get better and there might even be other options available by then.

Stop trying to make the issue black and white, one-size-fits-all. There are perfectly legitimate reasons for people to use both Plex and Jellyfin.

So, when you say crippled kernel, do you actually mean you tweaked the kernel params/build to the point that it failed to boot? Or do you just mean you messed up some package config to the point that the normal boot sequence didn’t get you to a place you knew how to recover from and need to reinstall from scratch?

I think I’m past the point where I need to do a full reinstall to recover from my mistakes. As long as I get a shell, I can usually undo whatever I did. I have btrfs+timeshift also set up, but I’ve never had to use it.

Let what happen? It’s already happened. When you say “the military or people won’t let that happen”, you’re describing a counter-coup to retake, and re-establish democracy. Will that happen? Unclear. But currently as it stands, Trump is blatantly ignoring what courts say, because he and his SCOTUS believe article 2 of the constitution places him above the law.

In b4 Trump pardons him and appoints him as head of the FBI’s Sex Trafficking division.

It’s like an AI ran the calculations and determined eradication of the species will minimize suffering. Except we didn’t need an AI, just a really dumb guy.

This isn’t even comedic absurdism, it’s just scary.

And then the citizens will own a chunk of Tesla? And we will see our investment pay off when it does well?

Pretend I made that into padme/anakin meme.

It makes sense once you recognize that none of these guys actually believe or feel anything. They’re all running a calculated sociopathic algorithm to maximize their own power.

The only reason any of them were anti-Trump at any point in the past was because they didn’t believe it would help their political career. Now they’re they’re all anti-reality/pro-fascism for the same reason.

Just like late-stage capitalism, we’ve set up a system that encourages this behavior. If you compare an honest politician vs one willing to say or do whatever is needed to secure power, the latter will always come out on top. Which is where we find ourselves.

If we somehow develop a forcing function to disincentivize this behavior, all of them will flip instantly, saying, “I had to. I didn’t agree with anything Trump was doing. I was only doing it because if I didn’t, someone worse would take my spot. Votes pleeeeaase 🫴”

I swear TDS originally referred to this. People who unquestionably supported trump back when no reasonable person did. And over time, somehow, the internet twisted it to mean the opposite. Even though it doesn’t even make sense as the opposite.

Unless…we can come up with some sort of legislation…totally important and necessary legislation, of course!

The govt has always been able to garnish wages or sieze assets, yes, which is one of the intended upsides of a decentralized crypto currency (disregarding all of the downsides).