Not silent, the passwordless sudo calls are logged and available for review. I do trust that after several months in a sandbox without calling sudo, it’s unlikely that a sleeper agent will awaken and call sudo out of the blue - more likely that my apps that have been calling sudo will do something nefarious on the 1000th access…

Somebody (possibly an AI agent…) could/should automate the process of transcribing the sudo logs to the NOPASSWD setup, just leave sudo unlocked for those things that show up as needing it during validation test runs and turn the sudo lock back on for everything else.

enabling passwordless sudo

This is the way. Physical security FTW.

until it predictably fails in an unpredictable way?

I said it was flamebait… only trust it with trust it has earned.

Flamebait style: people are getting in the way of AI fixing the bugs.

Use LLMs to triage the flood of reports, and implement the fixes.

Learn to stop worrying and love the Skynet. https://en.wikipedia.org/wiki/Dr._Strangelove

An actual interesting experiment: fork the system and work toward fully automated maintenance on the fork. Sure, if you want to make it fail you can, but try to succeed and see how it competes with / compares to old-school real-life Linux.

I interviewed/hired C graphics programmers off and on for 20 years. 95% of candidates had near 0 actual ability to draw a sine wave on the screen, given example code that draws a rectangular box to draw the sine wave in. We pre-screened the applications for appropriate experience, so 100% of interviewed candidates had appropriate experience or academic background claimed. About 2/3 of the candidates “talked a good game” but it was literally less than 1/20 who could actually make lines appear according to a math function WHICH WAS THE CORE OF THE JOB. I tried giving clues. One intern level hire I gave 3 heavy hints to, basically doing the test for him. He never did learn to do much of anything for himself even after a 4 month trial period. Then there were the ones who got it, and they performed the test like a hot knife through butter. One candidate took the (time series simple sine wave) test before we paid him to travel for an in-person interview, and in person we sprung a “now, do a polar plot of sin(t) on X vs sin(3t) on Y” - he aced that too, we made an offer - then he discussed moving with his wife who he assumed would be fine with it, oops.

AI agents may not be great, but in my experience they beat the hell out of the advertise, interview, hire process.

this is a thing where you should be studying for the test, rather then real life.

Like so many professional certification exams, not just in computer skills. I had a construction contractor complaining to me about the same problem with his certification exam: exam questions that don’t cover real life scenarios and even expect you to give answers that don’t make sense outside the exam.

Do you know the cost to change the color on a box? Just the color, not the text, not the information, just the color?

Not just in implantables, though implantables have that whole additional surgical risk aspect, but all medical devices have painful piles of paperwork required for each revision. They’re trying to lighten the load for “security patches” but so far it’s still a major pain. I suspect it’s the much the same in avionics and any other industry that requires documented validation against traceable requirements and all that jazz.

And the real thing, in our industry, once it is verified and validated and shipped - you don’t touch it unless absolutely necessary.

Every time I look back at old stuff, I have to remind myself of the relative importance of getting it done, vs getting it perfect, at the time.

Inevitably, there were no clear requirements at the outset, or if there were they were vastly outnumbered by additional requirements that scope-crept their way into the project. The project was “due” before I was asked to help / landed with the whole thing to do myself. The project was under-estimated and is now “on the critical path” for a larger initiative. Other interested parties are too busy to meet during definition time, but all too willing to point out missing scope after a “finished solution” is presented.

Yeah, me from the past… not a fair reflection.

:q

I use nano because it’s always there.

Compacting…

Oh, so you believe MP3 pirates have actually stolen something off of the retail music shelves as well, then? Digital piracy is the ultimate evil and all that? Supporting strong jail terms for pirates, are you?

The difference between the commons of the industrial revolution and the commons of the digital landscape is that the commons of old was a finite resource. The digital commons is effectively infinite.

Our new present and its future requires the defense of ideas for all.

And MIT is lacking because it doesn’t force commercial users to lie about what they do behind closed doors? Trust me, if they are so inclined, they already do plenty of that. Next, with LLM assistance, all your copyleft code is freely available for word-salad-surgery remix and rebrand with whatever license anybody wants - as it always has been, LLMs just cut the labor required to do so by a huge margin.

Well, yeah, if they have a dominant market position, they can force their customers to do just about anything.

critical stuff like security fixes.

Yeah, that’s straight outta Canonical’s “pay us for extended support” playbook. Which is why I shifted to Debian a couple of years back. Canonical used to add positive value to Ubuntu, now they’ve shifted into the negative from my perspective.

How is MIT a “chance to take over”? It’s a chance to go proprietary with future enhancements, but that’s far from a takeover.

The mit license allows someone (some company) to modify the open source codebase and sell the result without making their modifications public.

That is not equivalent to closure of the commons, that’s some company spinning a proprietary version of something. If they try to sell it, most people won’t buy - most people will continue to use the FOSS version. The people they sell it to may enjoy the proprietary enhancements, but that doesn’t prevent the FOSS community from developing those enhancements in the open if they so choose.

MIT license is not a software patent.

How does copyleft benefit you?