In all fairness, a LOT of this was copied over from the military. From ranks to "High Year Tenure" (aka "Up or Out") nothing here is particularly innovative.

SKG is basically "right-to-repair" but for games. I do contend that if your phone breaks and the company says "we won't fix it and you aren't allowed to" then the government isn't doing its job. On the same token, if a game that you purchased turns off their servers and says "we won't run it and you aren't allowed to" then the government isn't doing its job.

Now, how I would be able to run it is a very open question and I do agree there are some ways that are more reasonable asks than others. But the present-day status quo of "company says suck eggs and you just have to deal with it" is not an acceptable final state.

The text "prevented further rollout and ultimately got the cameras shut down" is verbatim in their post maybe a few sentences after talking about how the muni piloted them.

Depends on the token; JWTs usually have payloads that are only base64 encoded. As well, if there's a refresh token in there it can be used to generate more tokens until invalidated (assuming invalidation is built in).

I've only dabbled, so I'm happy to have people with more linux-side knowledge to call me out on any inaccuracies here, but...

io_uring is effectively as "secure" as any other syscall unto itself. The issue is that the mechanism by which io_uring makes its syscalls as part of its submission/completion queues means that those underlying syscalls can't be filtered by seccomp. The real question is your security posture.

If you're writing a hypervisor that's intended to partition resources between underlying users in a secure fashion, the ability for io_uring to bypass seccomp is largely a non-starter. But if you own the machine and you just want to run an application on it (i.e. an HTTP server that uses io_uring for file/network io) you should largely be in the clear.

I don't consider myself fully qualified to speak to this, so please take it with a grain of salt.

From what I gather it seems like you could potentially create scenarios where TOCTOU is indeed a problem, but in considering the situations where it could come up I do feel like all my ideas are somewhat contrived in nature. And even when noodling on it I very much get the feeling that I return to my previous statement: consider what you're building. I think that the potential for TOCTOU could potentially compromise a hypervisor's security (i.e. letting an arbitrary number of user on a system make arbitrary io_uring calls) and even if I couldn't demonstrate how that could be weaponized I would avoid it. However, if you're writing an application that's going to do a read(2) or something, I don't see TOCTOU being a uniquely io_uring problem.

Similar sentiments here. I can't find much common ground with Charlie Kirk but that doesn't merit an assassination. Unfortunate all around, and a situation not too dissimilar from the Mangione case (in the context of what happened, not necessarily why).

That said, while I don't condone it I can't say I'm surprised by it. It seems stoking divisions is a large part of the modern media landscape and all it takes is one person with the motive and the means.

The GP did not say anything about war continuing due to logical outcomes or nationally-motivated ones. Most wars simply are personal pursuits wrapped in convenient excuses.

Curious how we're defining "democracy" and "free market" with this one. I wonder how countries with a pure democracy and an actually free market compare to the republic and regulated market we have in the US.

The US is a constitutional democracy with a free market and I consider it successful.

The definitions of these words can be the predominant use of these words in the English language. But if you want "constitutional democracy" here use this: https://civiced.org/lesson-plans/constitutional-democracy

And for free market here, use this: https://www.investopedia.com/terms/f/freemarket.asp

People frequently misunderstand "constitutional democracy" as being substantially different from "republic" but that's usually an ESL error that can be fixed quickly.

The vast majority of markets in the US are hardly free. Every single large company in the US is heavily government subsidized, market protectionism is rife, and regulatory capture and artificial moat-building is the norm. I think it's quite a stretch to day we have a free market. Maybe a 'free-er' market.

So be it. s/free/free-er/g in comments above if that will lead to convergence.

> The US is a constitutional democracy with a free market and I consider it successful.

Out of all the definitions you gave, I feel you left out the most important. How exactly are you defining “successful”? Considering the current state of the US, that one seems really important.

> The free market is an economic system based on supply and demand with little or no government control.

Given the amount of government subsidy and regulation that exists in our markets I assume this, too, is a simply ESL error that can be fixed quickly?

Damn, what country is this in? Maybe the US could learn a thing or two from this level of attention to detail.

I'm only really describing the due diligence I do to keep people safe who might rely on my OSS work. I didn't realize I was so far ahead of the defense industry...

Yeah, I think they didn't mean max "accurate" integer and rather meant max "safe" integer.