In an infinite universe, all possible things should be happening at the same time

Misunderstanding of infinity.

E.g.: 1.101100111000... is an infinitely long number, yet it will never be bigger than 1.2 nor smaller than 1.1, it does not contain all digits, nor does it contain all possible combinations of 0s and 1s.

I went from a fundamentalist community to full blown antitheist to agnostic (after studying religious philosophy in college) to pagan.

My experience teaches me there are many, many great arguments for the existence of the gods. You just have to accept that gods do not fit the conception the christian fundamentalists have: there is no sentient entity in existence that is omniscient, omnipotent, omnipresent and omnibenevolent (towards humanity).

If, and when, you are willing to relax your criteria for what constitutes a god (mine are personifications of the forces of nature) and what your relationship with such a being should look like (I respect them, but worship no one), you too will realize that the "either god is perfect in every way and should be worshipped without a shred of skepticism or there is no god and everything is doomed" mindset is just another arifact of christian zealotry and brainwashing.

I dislike the conception of Free Will that asserts will is only free if it is not deterministic. Any system dictated by the law of Cause and Effect will necessarily be deterministic, given knowledge of First Cause. Together, those premises imply that the only way to be truly free is in a chaotic universe, i.e. one without a relationship between Cause and Effect, where decisions are completely arbitrary and have no predictable outcome anyway.

The fact of the matter is that you're already free to do whatever you want, even if that's shooting yourself in the foot or refusing the choice entirely and running off to live in the woods, and that's freedom enough for all practical meanings of the word.

Two addenda:

1. Incompleteness applies to all formal systems of logic, not just maths, which means that the systems we based the scientific method and our best attempts at justice systems and formal argumentation/debate and academia are all subject to incompleteness.

2. Incomplete systems can also be inconsistent, it's possible everything we base our collective knowledge on are such systems.

That one's pretty obvious though. It's got no windows nor doors, and like 8 condensor units out back.

I bet there are ones that are less obvious

Omnipotent, not just omnipresent (which would be entailed by the combination of omnipotence and omniscience).

Otherwise the problem has a very obvious and unsatisfactory solution (god has no power to make a difference).

thank mr skeltal

None. The sad, infuriating truth is that the makers and devs are a lot like this comments section: focusing on how good of a computer it is (or what apps it has).

You do a little digging and beneath all the hype there is a line buried in every review, so as not to raise suspicions, that says something like "now the call quality isn't perfect, but..." and what they mean is "it will sound like your friends are playing a full concert on a kazoo trying to talk to you."

Time and time again. Every linux-based, privacy-respecting, freedom-loving phone team out there seems to have conveniently neglected to make the phone good at being a phone.

Has any online leftist ever talked to an ancap? It's not that they suppirt oppression outright, just that they don't care if it doesn't affect them. That's why their ideology makes sense: they don't consider that they'd be the proles, they'd be the capitalists.

Coincidentally, that's why most authoritarians support their brand of oppression: in their specific genre, they're the winners and the losers can go fuck themselves. And no, they don't consider that they're just paving the way to their ineviable overthrow

What kind of horseshit twist is that? Are you literally 14, OP? "There's an immortality pill, but OH NOES 😱 it goes in your BUTT 💀💀💀!!!!" Have you considered writing for Black Mirror?

I'm taking it even if it's the size of a horsecock, regardless of which hole it goes in.

Bluesky wasn't as confusing as Mastodon

I'm so tired of this bullshit. I went to the mastodon.social; clicked the big button labeled "create an account"; read and accepted the rules; filled out a form asking for my email address, a username and password; confirmed my email; and could immediately post.

How the fuck is that confusing, that's standard fucking practice. Jesus fucked on a pike.

They tried to destroy linux and free/libre software, and when that didn't work, they started cornering the market and pushing for a move from "Free" to "Open Source." They also support SaaS model, and have made it next to impossible to get a new computer without their mediocre OS. On top of that, their OS is full of spyware, and is starting to become adware too.

But that all pales in comparison to the fact that you do not own your own OS: you can run Microsoft's OS, but you can't modify it or share it.

Oh, and this falls more in the realm of personal preference, but the deliberate lack of customizability is a real pain in the ass.

4/10 OS, only slightly better at disguising its capitalist greed than Apple.

Translation: "I'm terrible at business, and I'm making it everyone else's problem"

Might seem a little far-fetched, but i'm going to go out on a limb here and say that the community that basically worships conspicuous consumption of electronics with complete disregard for e-waste and electrical consumption in support of being a better gamer, a consumer identity fabricated by marketing companies, and have thus turned it into an implicit contest might not be interested in practicality, liberty, nor freely available goods unless they're the most visually appealing

My mischievous side wants to do only one word answers, but my rational side knows they'd probably know how to twist it to fit their narrative

Q: What originally got you into DIY
A: Dave
Q: Dave?
A: Yes
Q: Who's Dave?
A: Nobody
Q: Would you please elavorate?
A: No
...
Q: So have you stopped grooming kids?
A: No... Yes! FUCK!

What if every software became FOSS? Who would put in the free labor to write the software

The implication that we can make all software FOSS and have nothing else about the world change is a textbook example of putting the cart before the horse. It's like asking "what if everyone became vegan, who would pay the cattle ranchers?"

The world FOSS strives for, the world where it is the norm, has a fundamentally different economy from our own.

It's not a valid thought experiment to ask "what if all software was FOSS (but nothing else changed)?" because that creates a hypothetical world that has a fallacy at its core. A world where entire social movements can blink in and out of power without regards for sociological and historical factors is a world unconstrained by logic as we understand it. The correct framing should be: "what would our world have to change to enable FOSS to be the norm?"

The distinction is subtle, but cuts to the core of the contention betweem movements aiming to change the world in radical ways and their detractors offering criticism that boils down to "but the future you propose doesn't integrate seamlessly into the present state of affairs."

We all want change, we just don't want it to change things.

- person using software developed in opposition to monolithic architectures rediscovering the benefits of monolithic architectures

I call it "museum source": look, but don't touch

2001: A Space Odyssey

It's my favorite because of the cinematography and atmosphere. It's my favorite because of the themes and philosophy. It's my favorite because space and psychedelia are cool.

It's just an all around great movie if you can appreciate the slow pacing and intentionally jarring or tense aspects that drag on. 30 minutes of monkeys fucking around for seemingly no reason (at least, at first). Discordant wailing that lasts so long it nearly leaves your ears ringing. Space shots with no sound at all, or just the hissing of the space suit, which linger on the slow drift of a character moving from one location to the next. A character begging for his life as another dismantles his brain bit-by-bit.

To me, this movie always flys by, and it always feels like i was there in it, fully immersed. To my friends, it lasts a week and has one cool part that took an eon to get to.

Also it begs for multiple watchings to develop a theory of what the fuck is happening at the end and what the obelisk is and where it comes from.

It also raises philosophical questions that are interesting to come up with and grapple with in new ways with each viewing. Is HAL alive? Whats the next leap in evolution? can uncomfortable art be good? Who owns the moon? How did consciousness evolve? What's happening to Dave?

I don't buy the whole "the more users a software has, the better it gets" rhetoric. Historically this has been the opposite of the case. There's an even higher users-to-contributors ratio amongst the general population. Not all users share the same respect for the philosophy behind FOSS.

If the driving force behind design decisions becomes "what keeps people happy so they'll keep using our software" and not "freedom," there's now a practical incentive to sell out and introduce more Intellectual Property shenanigans into the ecosystem. After all, it's a lot easier to hire devs and churn out new features and keep the software actively developed for the foreseeable future if there's money in it. And the only way there can be money in it is if there are proprietary licenses shitting up the place, and Shit As A Service suscription models as far as the eye can see.

Linux always has been, and should always continue to be, about freedom. If that freedom comes with user-friendliness, great! If not, then we have to pay the price: taking responsibility for the tools and tech we use and learning how to use them properly and contributing to them to maintain a community of likeminded people. Otherwise, we're not worthy of the freedom and the responsibilities it entails.

I get your point about elitism and gatekeeping. We're no better than Windows users or Mac users or any other OS' users. We just have a set of values unique to our community, and they have sets of values that differ. We also shouldn't be throwing users under the bus in the name of politics, but part of what makes Linux slightly more bearable is the way the driving philosophy of Free Software is evident throughout. Linux is better than it could be because it attracts the people who want to be here for the community's values, not the people who have to be coaxed and coerced into accepting the values to use the "best"/"easiest"/"friendliest" software.

Uncharitability to those you disagree with, style without substance, and all built upon thought-terminating cliches.

This isn't helpful or enlightening or informative, it's entertaining but not in an interesting nor original way. It reminds me of 2010s Reddit memes where everything was about adding as many "fucks" as possible because our moms aren't supervising our internet time anymore. It espouses a consoomer mindset of "gotta have bigger numbers and shinier visuals because all that matters is appealing to lizard-brain."

And it's all couched in the obvious mindset that any criticism will be met with "ok boomer" (I'll almost be insulted if I don't get one) because being superior is more important than being right. Y'know... like a boomer?

You've got a point, focus on that: you can make the case that Linux fits your use case, or that certain mindsets within the Linux community are hindering progress. But please do so in a way that doesn't just lend itself to more infighting and drama. That shit is for shallow people who have nothing to contribute and only serve as the cultural detritus that destroys communities and community-driven projects.

"Death is only the beginning" - Imhotep's last line in The Mummy.

A man that has been dead for a couple millenia and is about to return to death utters these ominous words. Yes, it's probably just to leave the story open for a sequel, but the metaphysical implications are terrifying. He knows what it's like, and he's claiming that so much more comes after, but we're just left with a vague notion of what it could be. What could this mean? Is there sunshine and rainbows? Eternal torture? An endless void? An infinite realm of possibilities has just opened up for us, the audience.

But there's no time for that shit, there's gold and Benny's a greedy sack of shit, the temple's crumbling, and once they escape there's a celebration and denoument to be had! We've all but forgotten that threat—or promise, as the case may be.

One of the best ways I have ever seen writers leave the door ajar for a sequel. There's no hand pushing up through the rubble, no sinister laugh as the screen fades to black, no "did anyone remember to check that he died for sure?" no cheesy gimmicks. Just an ominous vaguery, that may be about hinting at another installment, but still works by itself as a raw line that goes hard af.

1. Stagnation isn't always evil, it's just part of tech. Once tech solves the problem it set out to, it should stagnate. Adding more bells and whistles makes things better less often than it makes them bloated and more prone to breaking. On the flipside, software that hasn't changed much other than bugfixes and security patches is the backbone of a loooot of our tech infrastructure. Edit: @SkyeStarfall@lemmy.blahaj.zone provides an excellent refutation, with counterexamples showing where lack of new features is hurting X11 here (direct link broke for me on lemmy.ml, hence the redirect)

2. I fail to see how the architectural difference fundamentally solves the issue of changes breaking compatibility. Now instead of breaking compatibility with the server, you're "only" breaking compatibility with the compositor. But that's okay because at least there are other compositors that fulfill this use case... oops switching to that compositor broke 3 of your other apps, well lets try another! ... and now my pc won't communicate with my GPU... well, we can always... and so on and so on.

Not saying that wayland is bad nor that X is better, but these are the two most common "cases against X/for wayland" that I hear and I just don't buy it. As much as I argued against it, I love trying new and different software and eking every last bit of performance out of my 8 year old PCs, I can't wait to give Wayland a try and see if there's a noticeable difference... I just wish these two arguments would go away already

Cards Against Madlibs was a mistake

FOSH

Here are my hobbies/interests that simultaneously get me off Social Media/Content Streams while giving me something to talk about/post about/watch about when I'm back. I may also have podcasts or youtube on in the background if the activity permits

Group A, the "touch grass" activities:

1. go on a walk
2. do some cleaning/organizing
3. spend time with people irl

That last one requires a lot of effort and rarely has immediate payoffs if you don't already have a friend group bigger that one or two friends, but it's so important and requires putting time into it and developing social skills. In fact, 2+3 both benefit from learning skills and shortcuts and habits; therefore they require just as much time and energy as any hobby.

Group B, the "what I do for fun"

1. "hacking" — pentesting computers and VMs, whether on HackTheBox, TryHackMe, Vulnhub, or someones one-off github-hosted machine; and of course so many online CTFs

2. "tinkering" — I like messing with the physical part of electronics too. Or mechanical devices. Or anything that I can dissect and modify

3. active listening to music — taking the time to listen and be carried away by music, maybe even start to analyze it. I know it's still technically "consuming content," but I consider it to stimulate a different part of the brain than, say, watching a random youtuber bring himself one mukbang closer to an embolism.

4. playing music — the world's shittest bassist. I'm not trying to be good, just have fun and improve my ear and dexterity and musical intuition

5. foreign language learning — good for the brain, good for someone who wants to travel good for jobs and making genuine human connections. Not fluent in anything besides english yet, but I'm always acquiring new vocabulary words when I can

6. Creative writing — Most of what I do anymore is just drafting elaborate shitposts to post online later, but I've been known to crank out parts of short stories and terrible poetry

7. Activism — I won't say where, when, who, nor why, but that doesn't matter. The important part is that there are few things in life more fulfilling than coming home after a long day of doing outreach/aid/[redacted]/fundraising for a community and/or cause you care about.

8. coding — of freaking course I'm also learning to program. You thought I was done with the electronics, but of course I had to sneak this in. You expect me to learn binary exploitation without having a strong understanding of programming? You expect me to do DIY hardware projects without coding the firmware? You've been absolutely HAD.

9. Worshipping the dark goddess [redacted] at the temple of [redacted] — a healthy spiritual aspect to your life has far reaching benefits that scientific medicine and psychology are only just beginning to scratch the surface of. Of course you don't have to start with worshipping [redacted], it can be as simple as cultivating a healthy appreciation for the beauty in every aspect of the natural world around you and the mystique of existence itself. Then later you can move onto the [redacted] sacrifices to make [redacted] [redacted] so [redacted] may once again [redacted] the earth.

Group C, the "dangerously close to consuming content" group, but still technically separate activities/skills

1. Armchair philosophy — we all do it, but I'm the only one who was smart/lazy enough to list it as a hobby. Unfortunately this does ocassionally learning about others' philosophy and the topics you're bullshitting about, which is why I say it's "dangerously close"

2. Media analysis — see previous... Okay, I got my degree in Literature + Language, I really enjoy deep analyses of media, and sometimes make my own. The act itself doesn't require consuming anything more than you already have, but if you haven't consumed any media in awhile...

3. reading — okay, I know, this is literally just back to consuming content, but... You don't learn how to do any of the above without some reading. It helps you learn a language if you read a story in your target language. it's the format most philosophy was originally recorded in. It's the medium writers have to learn to be good at their craft. It's what format most electronic/software documentation is in. It's how music was recorded for centuries before audio media. It's also just a fun activity that engages different parts of the brain and trains your imagination even when it's "just" fiction.

-it should be more or less stable, comparable to Ubuntu with or without LTS

Ubuntu was based on Debian, which touts its stability

-it should not be related to IBM to any way (so no fedora/redhat)

Debian has no afiliation to IBM, they're not even loosely part of each others' "partners" programs

-it should not feature snaps (no Ubuntu or KDE neon)

Debian doesn't use snaps (welcome to the greener side of the fence btw, fuck snaps)

-KDE plasma should be installable manually (best case even installed by default)

Debian uses KDE as one of it's default install options when installing the OS, and it can be installed later with tasksel (or by just getting all the packages if you want to do it the hard way)

-no DIY Distros

Debian has a barebones headless option, but the installer defaults (which come with the whole DE and oyher convenienve packages) are pretty user-friendly

In summary, I have no fucking clue what OS you should use.

P.S. newlines on lemmy are either done by using two spaces at the end of a line
and then pressing enter
(make sure your phone doesn't autocorrect/one of the spaces away like mine does) or by pressing

Enter twice (without the double spaces), so there's a

blank line in between

Maybe this is the trauma from the unhinged, raging, exploitative robber barons talking, but...

I can't in good conscience support any economic system that ties political power to economic power. One extreme will always do their best to accrue and centralize that power, and will be effective by virtue of the fact that the power creates more opportunities and ways to accrue more power. The other extreme will always be ineffectual because they shun that power, seeing the necessary rejection of certain values as inherently corrupt. The middle will struggle against both to maintain a status quo that always has a stronger pull toward the former group, effectively recreating the political ratchet.

I can't in good conscience support a system that allows people to effectively own others, regardless of how well they treat the people they own, regardless of how many owners one of the owned has to choose from. The dynamic has a strong tendency in favor of the owners and requires a lot more effort from the owned to fight that.

I can't in good conscience support a system that allows people to own pstches of the earth, especially beyond those which they occupy or personally use. Yes, I want everyone to have somewhere to live, and have that place be free from unwanted interference by others. No, i won't support a system that in theory has no hard limits against someone powerful enough buying up all the land and then renting it out to everyone else for a profit.

I can't in good conscience support a system that allows people to own ideas, and even necessitates them doing so to "earn their keep" (worth as a citizen/right to survive). I feel like I'm in bizzaro world when i think about how there are people oddly comfortable with the fact that people have put patents on living things, or that there are people who can tell you when, where and how you're allowed to express certain ideas/arts/mechanisms/songs/images/sounds/formulae under threat of being stripped of power you managed to accrue (whether or not it came from aforementioned ideas), imprisonment, and in some cases slavery.

I won't support any political system that doesn't give me at least as much power as everyone else. I have enough emapthy to realize that pure democracy is a better compromise than authoritarianism, especially considering most other people either feel the same or just want a system where their needs get met.

But mainly, it's just plain illogical ti support any given political system as an ends when 1. The world is a constantly changing place, and any rigidly defined system will inevitably fail regardless of how well it fits to the context in which it was created. And 2. I am aware of better alternatives—to paraphrase what some stranger once said to me: idealism is what we aim for, reality is the compromise we make; in other words: if politics is a negotiation, why lead with a compromise?

Hopefully this isn't too Murrica-brained. When I see news of proto-fascist movements on the rise in the UK, Brazil, Italy and Australia, or extreme class disparity in Singapore, China, and Japan, or ethnic "cleansing" in China, Turkey, Rwanda, and Liberia, or just something as simple as how common scams and fraud are from places like India and Nigeria—indicating a need to resort to intercontinental theft to survive—I feel like my experience of politics and economics isn't as limited to my geographic region as I'd like to believe.

Y'all seriously overestimate thr average user:

Debian. It's simple, stable, minimal upkeep, rarely if ever has breaking changes, and all this out of the box.

Someone new doesn't need to be thrown in the deep end for their first foray into linux, they want an experience like windows or mac: simple interface, stable system, some potential for getting their hands dirty but not too much to worry about breaking

I'm a self-taught sysadmin. It took me ~3 years to get comfortable, and I'm srill learning stuff that feels like if not 100-level then at most 200-level course knowledge...

I started making a pivot to self-taught pentesting in hopes of breaking into red-teaming, but I'm stuck at finding time to practice and learn and still invest some time in the parts of life that aren't my job and/or future job. I enjoy doing it just for fun outside of the career potentials, but I've been burnt out for years from turning my current career into my hobby as well, I won't make that mistake again

I guess the only answer I have is: depends on how much time you plan on investing in self-teaching. I wouldn't say anything's necessarily out of reach, but I would say that learning the skills is only half the battle of getting employed.

I do have a little advice with my perspective: don't think of it in large timeframes, e.g. "I wan't to get to this goal within a year," do it in hours or less. Force yourself to sit down and do something that furthers that goal for X amount of hours each day; that way, you have a very clear metric and can start measuring progress by how much time you actually spent studying and applying for jobs and networking (as in building relationships with your peers and future employers... but also the other kind too).

Oh, another piece of advice: don't just read, watch videos and listen to lectures—learn by doing. Set up a home lab for whatever it is. At least a solid 80% of what you'll encounter in the field can be emulated with a good enough PC and the right software (yes, even cabling). And for everything else... Well, that's just good fun to own all those tools and gadgets and gizmos galore and so, so, SO much cable of every kind.

Last bit: are you having fun? If it's not fun to learn, it'll be soul-crushingly, mind-numbingly dull when it's your job. You don't get to do the cool new stuff most days, most days it's just replying to emails and forcing the users to restart while you observe because most of the time "Yeah, I already did that" means "I may not understand computers in the least, but I'm inexplicably dead certain that the thing the expert is telling me to do won't work." So make sure you're enjoying even those bits now

Otherwise, get out now while you still can and the Sunk Cost Fallacy hasn't kicked in.

Context:

TLDR: The devs don't like bugs in released software being assigned CVEs, which requires a special security update instead of a standard bugfix included in the regular update cycle.

:The most recent "security advisory" was released despite the fact
: that the particular bug in the experimental HTTP/3 code is
: expected to be fixed as a normal bug as per the existing security
: policy, and all the developers, including me, agree on this.
:
: And, while the particular action isn't exactly very bad, the
: approach in general is quite problematic.

There was no public discussion. The only discussion I'm aware of
happened on the security-alert@ list, and the consensus was that
the bug should be fixed as a normal bug. Still, I was reached
several days ago with the information that some unnamed management
requested an advisory and security release anyway, regardless of
the policy and developers position.

And nginx's announcement about these CVEs

Historically, we did not issue CVEs for experimental features and instead would patch the relevant code and release it as part of a standard release. For commercial customers of NGINX Plus, the previous two versions would be patched and released to customers. We felt that not issuing a similar patch for NGINX Open Source would be a disservice to our community. Additionally, fixing the issue in the open source branch would have exposed users to the vulnerability without providing a binary.

Our decision to release a patch for both NGINX Open Source and NGINX Plus is rooted in doing what is right – to deliver highly secure software for our customers and community. Furthermore, we’re making a commitment to document and release a clear policy for how future security vulnerabilities will be addressed in a timely and transparent manner.

The big takeaway is that you do not own this computer. It is not yours, it is being lent to them for a very specific purpose. And what you want to do, hell what you're already doing, is way outside of that purpose.

How would you feel if you lent a friend your conputer to check their email and found out they had bypassed a lot of your security mechanisms (passwords) to set up their own admin account?

What about when you begrudgingly get a MFA app on your personal phone because your employer's too cheap to shell out for a yubikey or hardware token? How would you feel if their app also rooted your phone just for shits and giggles?

What you're proposing is not only dangerous to your career, it's also potentially illegal. And also just downright unethical.

Thousands of selfless individuals contribute to FOSS
Tech journos: 🥱
Some profit-driven business contributes to FOSS
Tech journos: ✊🍆💦💦💦😩

My first experience with linux was Ubuntu. Sue me, it was listed under most "most user friendly distro" listicles when I wasn't smart enough to realize those were mostly marketing.

It worked fine for my purposes, though it took getting used to, but it would wake itself up from sleep after a few minutes. I would have to shut it off at night so that I wouldn't wake up in a panic as an eerie light emanated through the room from my closed laptop. I did my best searching for the problem, but could never find a solution that worked; in retrospect, I probably just didn't have the language to adequately describe the problem.

Nothing about the GUI was well-documented to the degree that CLI apps were. If I needed to make any changes, there would be like one grainy video on youtube that showed what apps to open and buttons to click and failed to solve my problem, but a dozen Stack Exchange articles telling me exactly what to do via the terminal.

I remember going off on some friends online when they tried to convince me Linux and the terminal were superior. I ranted about how this stupid sleep issue was indicative of larger, more annoying problems that drove potential users away. I raged about how hostile to users this esoteric nerds-only UX is. I cried about Windows could be better for everyone if the most computer-adept people would stop jumping ship for mediocre OSes.

I met another friend who used Arch (btw) within a year from that hissy fit, and she fixed my laptop within minutes. Using a CLI app nonetheless. I grumbled angrily to myself.

A few years later and everyone's home all the time for some reason, and I get the wild idea that I'm going to be a(n ethical) hacker for whatever reason. I then proceeded to install Kali on a VM and the rest is history.

The point being that some people labor under the misguided belief that technology should conform to the users, and because we were mostly raised on Windows or Mac, we develop the misconception that those interfaces are "intuitive" (solely because we learned them during the best time in our life to pick up new skills). Then you try to move to linux for whatever reason and everything works differently and the process is jarring and noticeably requires the user conforming to the technology--i.e. changing bad habits learned from other OSes to fit the new one. The lucky few of us go on to learn many other OSes and start to see beyond the specifics to the abstract ideas similar to all of them, then it doesn't matter if you have to work with iOS or TempleOS, you understand the basics of how it all fits together.

TL;DR Category theorists must be the least frustrated people alive

Wish they had gone through with it. The app is just a front-end that sends requests to the server, presumably the server is where authentication happens (otherwise everyone could just pull up dev tools on their desktop and become insta-mods of any sub with a few tweaks). That being said, if it was a server-side bug, then they have a big problem; otherwise it's just little more than a graphical error.

No home internet connection. I only use public wifi.

Please never do anything important online. It's way too easy for someone to have their Access Point broadcast the same SSID as starbucks (or whatever network) and then just sit and watch people connect, and MITM everything.

I prefer to stick to FireFox, thanks.

For the record I agree with @fernandofig@reddthat.com, but I also want to add that a DoS is not necessarily a security risk. If it can be leveraged to expose sensitive information, then yes, that's a vulnerability; this isn't that.

Digging into the CVEs:

CVE-2024-24989:

#Security Advisory Description

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. (CVE-2024-24989)

Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3.

#Impact

Traffic is disrupted while the NGINX process restarts. This vulnerability allows a remote unauthenticated attacker to cause a denial-of-service (DoS) on the NGINX system. There is no control plane exposure; this is a data plane issue only.

CVE-2024-24990 basically says the same.

Some choice clauses:

undisclosed requests can cause NGINX worker processes to terminate

Traffic is disrupted while the NGINX process restarts.

So it doesn't take down the server nor the parent process, it kills some threads which then... restart.

Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental

I was able to find that the affected versions:

NGINX Plus R30 P2 and R31 P1
Open source subscription R5 P2 and R6 P1 Open source mainline version 1.25.4

but most importantly:

The latest NGINX Open source stable version 1.24.0 is not affected.

And saving me the hassle of linking and quoting all 5 of the version history pages for the affected products, the uniting factor is: they're all based on Open Source versions 1.25.*

None of them are using the latest stable version.

It's not even going to affect most sites, and definitely not ones for whom downtime is a major issue: they would not be using the non-stable version, much less enabling experimental features in a non-stable version.

But the part that irks me the most is the dillution of what a CVE is. Back in the day, it meant "something that can lead to security breaches," now it just seems to mean "hey guys, I found a bug." And that's bad because now you have one of two outcomes: 1. unnecessarily panicking users by leading them to believe their software is a security risk when it isn't, or 2. compromising the integrity and usability of CVE reports by drowing the important ones in waves of "look guys, the program crashes when I can leverage root privileges to send it SIGKILL!"

If this was just a bug hunter trying to get paid, that's one thing, but these were internally assigned and disclosed. This was an inside job. And they either ignored or never consulted the actual experts, the ones they have within their own staff: the devs.

Why? To what end? Did they feel left out, what with not having any CVEs since 2022? Does this play some internal political struggle chess move? Do they just hate the idea of clear and unambiguous communication of major security holes to the general public? Are they trying to disrupt their own users' faith in their paid products? Does someone actually think a DoS is the worst thing that can happen? Is there an upper level manager running their own 1.25 instance that needs this fixed out-of-band?

It's just all so asinine.

What do you recommend I do about disk partitions?

I recommend using defaults unless you do disk-level backups, or plan on switching disks/partitions between systems (you can put your whole /home dir on a NAS, but should you?)

I’m keeping a Windows install for the few things that demand it, does Windows still occasionally destroy Linux partitions?

Yes*. Many such cases.

*there's always a reason why it was preventable (as the top comment on that post explains), but c'mon... Really?

Do I need separate partitions for data and OS?

Probably not, for reasons I explained above

Is it straightforward to add additional distros as new partitions or is that asking for trouble?

It's straight-forward-ish. It will require deviating from installer defaults, and depends on how interconnected you want the OSes to be.

This is actually a good reason to get into partitioning shenanigans, if you'll use all the distros regularly, and you want them to have shared access to certain folders (e.g. /root, /var, /home, /tmp, /etc, etc). I recommend turning everything (except windows, /boot and /boot/efi) into logical volumes with LVS to avoid space issues when you can't extend a partition sandwiched in between two others.

By default, /boot and /boot/efi should be their own partitions--/boot should be created for Linux, and Linux will use the EFI partition created by micro$oft--and I'd recommend giving /boot N times the default amount of space (N being the number of distros you plan on keeping in rotation at any given time); this shouldn't eat up too much space, Debian gave me 500 MB for /boot. The reason being /boot carries the kernel images for each and every OS, and often duplicates thereof for rescue backups.

Is disk encryption straightforward? And is that likely to upset the Windows partition?

Yes it's easy with LUKS. Full disk encryption encrypts everything, and that will likely upset windows, idk haven't tried on my dual-boot.

Is cloud storage sync straightforward? It’s my off-site backup solution on Android and Windows (using Cryptomator with Dropbox, Google Drive, etc) but I don’t think that many providers have Linux clients. Is something like rclone recommended?

Yes, if you use a DE with it integrated. Otherwise, it's up to you to choose the right software, rclone looks like a good choice to me, but I have not used it

Should I just use apt to install software? I know there’s some kind of graphical package manager (synaptic?), does that use apt under the covers or is it separate?

synaptic is no longer used iirc. It's just called "Software Manager," but yes, I believe it's just a GUI for apt. I personally prefer doing as much as I can with the command line. Not only is it the simplest, most straightforward way of achieving whatever I'm trying to do, it's usually also the quickest and best documented. YMMV

Is it recommended to install something like Flathub too?

My experience has been to avoid non-defaults as much as possible. If there's a software you can only get as a flatpak and you need that and can't make do with an alternative, then do it. Otherwise, just see what you can do with the apt repositories

Any other pearls of wisdom? ... Any warnings about what not to do?

I could spend a few hours digging up every mistake I made and telling you what not to do, but I'd rather focus on giving you the tools to clean up after yourself when you make your own. The one best piece of advice I can give is "keep at it." There will be times when you shoot yourself in the foot and your options are to give up and lose the foot or do foot surgery right then on your own (with the help of the online community ofc). Don't be afraid to ask questions everywhere or anywhere, don't let assholes dissuade you from enjoying your Linux your way or seeking help doing so, and do read the docs. But most importantly, do keep trying; it's such a rewarding feeling.

Another would be to change as little as possible from a known working configuration at a time. Go with installer defaults as much as you can, change the stuff later. Want to try out new software? Try one new thing and get it working and looking how you envision before moving on. Read the docs so you don't take any settings for granted, that way you're not left with something that's passable instead of exactly what you want.

Make backups. Get a second SSD or an external drive and backup your system. Things like /usr, /etc, /root, and /home at the very minimum. Backups are the best way to unfuck your foot when you inevitably shoot it.

Learn the coreutils. You might not use them daily, but you'll be glad you know they're there when you need them and don't have to install extraneous software that isn't well maintained because it's a redundancy of the most common pieces of linux software.

How do I keep everything tidy?

Learn the FHS. As with most documentation, it's a bit dry, but very enlightening and will automatically put you in the top 10% of linux users with your newfound special knowledge.

There are some automatic file organizers, but you can recreate them yourself to suit your exact needs at 1/10th the resource cost using bash scripts.

Sidebar: another good piece of advice, learn to script in Bash. It basically immediately qualifies you to be a *nix sysadmin, and it makes everything automatable. It's so much easier than downloading new software or compiling a git repo for each individual task you want to automate. Additionally, it helps to learn to use cron, to run the scripts automatically, and to learn a command-line text editor (no, nano does not count)--but those're mostly just for efficiency boost, the big timesaves are in learning to script first and foremost.

As with any skill, the common wisdom is to "choose a project you want to make, then learn the skill by making it." So it's not a bad idea to learn scripting by, say, writing a script that detects files of a certain format in a directory tree and moving them elsewhere. E.g. check ~/Downloads and all of its subfolders for files ending in .jpg, then move them to ~/Pictures/JPGs (and make the directory if it's not already there). This should give you a good chance to practice file operations and string manipulation/parsing. After that, learn how to have cron run it once a week or something.

Should I use a particular terminal emulator or Firefox fork?

This just falls under my "probably best to stick with defaults and branch out later" advice, but:

I use terminator, purely because it has a logger plugin (which saves all input and output, including stderr, into a file if I'm doing something that needs that much documenting). I'd say learn to use tmux at some point as well, but that's just because I like moving my hand between keyboard and mouse as little as possible.

As for firefox, vanilla has always worked for me. It's not private enough for some people, so they will recommend something like LibreWolf or even Tor. On my laptop (which is completely keyboard driven so I can avoid using a touchpad) I use qutebrowser; it's not as full-featured (i wouldn't use it for video streaming), but it avoids using a mouse.

It's terrible for secure/private communications, it requires hacks that violate the TOS and EULA to modify the client to get rid of ads and change themes, it's not FOSS, and it locks features behind a paywall...

But it does what skype already did, so I'm glad we all have to migrate to the new fad site that strips even more of our dignity and privacy every 10 years that'll die anyway because it offers nothing and has a terrible business model.