It bothers me as well. I love the focus Alpine has on minimalism and security, it's been my main desktop distro for years. It's easily the best distro I've ever used.
No, as my main OS on my laptop and any other computers. I had better luck and a better experience over Void and Artix, and I'm not interested in systemd based distros.
> what security feature they ship???
The focus on minimization is a security feature given it reduces attack surface area. I'd say embrace musl wholeheartedly is another (as an example, Alpine sshd wasn't vulnerable to that big remote root vuln from last year). They have a general commitment to security as a priority that I don't think most distros share, which I appreciate.
I'm still dealing with figuring out how to dodge regreSSHion on Windows so this piqued my interest, I haven't had the occasion to compare glibc and musl, but this post is illuminating [0]
Honestly, I have had very few issues with it. Generally for the big issues there compatibly layer packages available, e.g. you can install a musl-fts package since musl doesn't implement fts.
I think there is value in a cleaner, newer, more minimal c library. Pretty much everything just works, and for what doesn't I either compile statically in a devuan container or use a flatpak.
Perhaps off-topic, but as someone who shares dissatisfaction with all things Poettering:
Using Void on my main desktop has been fun and I've learned a lot about how modern Linux systems fit together whether I liked it or not, because the instructions for using ZFS root at that time involved starting mostly from scratch.
But I feel like a lot of people who use Void are using it mostly-headless, and that this means when something does go wrong then I'm in mostly uncharted territory.
How does Alpine compare in the day-to-day business of using a computer, do you suppose?
> Using Void on my main desktop has been fun and I've learned a lot about how modern Linux systems fit together whether I liked it or not, because the instructions for using ZFS root at that time involved starting mostly from scratch.
This is why I used Slackware 20 years ago. Slackware then tried to compete with Ubuntu and Fedora and IMO lost its way.
> How does Alpine compare in the day-to-day business of using a computer, do you suppose?
For day to day usage I think there are similairities, but I can share some reasons I prefer Alpine:
- Not rolling release, possible to stick to a version and just get security updates
- Focus on minimization. A minimal Alpine install is about 500mb, 700 after I install X and my WM and a few other core things. A void install was something like 1.2gb even trying to keep it minimal.
- Because Alpine, IMO is more dedicated to musl, the ports to musl have more care behind them and seem to work better, just anecdotal maybe biased experience.
- I prefer apk over xbps, one thing xbps can't do afaik is search files in packages, e.g. apk search library.h will return a result if it exists.
- I still feel void gets in the way more than it needs to. Installing or overriding a bootloader and custom kernel was easier in Alpine then void, only barely, but enough I noticed.
There are folks using Alpine in the desktop (or laptops). Several of us are lurking in #alpine-linux.
postmarketOS is a downstream of Alpine, and they focus on shipping ready to use GUI images. They also count as Alpine users in terms of testing and fixing packages related to a GUI session.
So that was there whole platform - “we aren’t Trump”?
Do you think the population got more ignorant in 4 years? This is all on the DNC and Biden. Biden should have either voluntarily not run or stronger Democrats should have had a primary and crucified him.
The DNC lied to the American public for years. They knew that Biden wasn’t all there. They basically tried to do a “Weekend with Bernie” on them.
Not to mention that strategically for the first time in modern history they had the new industry titans in their back pocket - BigTech - and threw them under the bus.
The American population doesn’t care about going after BigTech like HN does.
I long maintained that there should be a minimum level of 'something' required to vote. It used to be land, but anything that effectively makes one have a stake in the country would do. If possible, would you accept a restriction on the right to vote based on such a criterion?
Democrats lose due to significant ignorance in the population and successful propaganda by hostile entities. It's not an accident that the reddest states at the least educated and least literate. If you doubt that I'm happy to support the claim, but I think we both know it's true.
> They are completely out of touch with what the mainstream wants.
Democrats are the only party actually offering to give the majority what they want, but due to ignorance and propaganda the majority have become emotionally hostile to the means necessary to accomplish implementing what they want.
Despite Trump's promises that gullible desperate people fell for, his policies are likely to make things much harder for hid voters and not only not give them what they want, but give them what they explicitly don't want. Well, they'll still get bigoted policies, at least.
> Any other Democrat could have distanced themselves from Biden. But his own VP couldn’t.
There should have been no reason to. Trump is a rapist felon who literally advocated for injecting leach as a cure to a pandemic. That people voted for him at all shows just how bad things are.
Democracy can't function with such a gullible population. At the least I have a front row ticket to the fall of a modern empire though. That's something.
<< Democrats are the only party actually offering to give the majority what they want
<< Democracy can't function with such a gullible population.
I am trying to be charitable in my interpretation, but you are not making it easy. One could easily argue that given that Trump won, majority got what they want already. Please tell me that you understand what I am telling you now. I did manage to hear some people drawing appropriate conclusions from this cycle, but I am not certain you did.
<< Trump is a rapist felon who literally advocated for injecting leach as a cure to a pandemic.
Yeah.. a felony in this case being the equivalent of a parking ticket in business; not to mention national level politics. It is hard for me understand why people have a hard time grasping that and/or why this was not a useful label for this election cycle. Hell, the moves taken ( including mug shot ) did the exact opposite of the desired effect.
<< At the least I have a front row ticket to the fall of a modern empire though. That's something.
> Yes, because of how ignorant much of the population is, correlating lower grocery prices with whoever was in office at the time.
Get off your high horse. If you lose the election, you are the ignorant. The democrats lost because they over-estimated their hand and under-estimated the intelligence of the general populace.
The democrats were in a position of power. The only thing you need to do is to not screw up.
They lost because 49.9% of voters believed inflation would be decreased by tariffs and all the money FEMA spent on North Carolina was a lie. Among other things, this was very much a “we have a different truth to offer” election.
EU is always slow. They felt browser choice was an issue 0 years after it stopped being one, and then freaked out about cookies also 10 more more years later when it wasn't really an issue. Data tracking is an issue, sure. Not cookies though, not anymore.
It would be more like Coke was Mexican owned and HFCS was outlawed in Mexico. Then Mexican Coke used sugar and the Coke they exported to America used HFCS. And America said, hey, you're not consuming the same Coke you send here: we're going to ban you if you don't sell to us and our plan is to keep making HFCS Coke once we buy you. You were also hurting Pepsi (Facebook/Twitter), who also only plan on ever using HFCS.
> They only need to ask for permission if they want consent for the kind of invasive tracking that the GDPR and related regulations were intended to discourage anyway.
This is exactly the problem, and exactly why the EU is to blame for those popups.
Instead of outlawing a behavior they had a problem with, they are trying ti discourage it. The way they try to discourage it is why we have all these stupid popups.
The vast majority that I see give you an easy button on the first screen to grant consent, but then hide the option to refuse consent on a second screen behind something like "manage preferences". That dark pattern is not compliant with GDPR.
I would say the most I see have accept, reject and manage preferences as buttons, normally with manage preferences being a link rather than a button. The dark pattern you describe isn't on any big business websites for example.
Out of curiosity, you mean against the spirit of the GDPR rather than the letter of it, right?
The spirit, and the letter too. (It's quite a well-written law.) Article 7, "Conditions for consent":
> 3. The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.
> It shall be as easy to withdraw as to give consent.
Being as easy to withdraw as to give consent is technically a different thing from being as easy to refuse as to give consent, since consent that is refused was never given in the first place but consent that is withdrawn was previously given. But yeah, courts have been clear that both of these actions must be as easy as giving consent, and both requirements are too often not complied with.
The law says that it should be easier to refuse consent than give it. That's thoroughly implied (and then there's Recital 43, if the text of the law isn't clear enough for you).
Separate from my other reply to this comment: withdrawing consent and refusing consent are two different things. If it's difficult for someone who previously granted consent to subsequently find the screen where they need to click the reject button, that's not legally compliant.
Nope, including EU big business sites as well. There are also EU big business sites which illegally claim the legitimate interest basis for advertising and tracking purposes of data processing which have already been ruled by the courts as not acceptable justifications for the legitimate interest basis.
> The non EU sites are due to the EU trying to claim global jurisdiction.
The EU is trying to protect the data of the people in the EU. There's no way to do that while allowing companies outside the EU to freely violate the privacy of people in the EU. Otherwise these rules become laughably easy to circumvent for all but the smallest EU companies which are also the least dangerous from a privacy and tracking perspective.
> The EU are very much to blame for the popups, because even the non dark-patterns one are annoying.
Disagree. They're not supposed to be annoying enough to impair site usability. The truly compliant ones aren't.
Maybe some, but generally businesses are not breaking the law willy nilly like that.
> There are also EU big business sites which illegally claim the legitimate interest basis for advertising and tracking purposes of data processing which have already been ruled by the courts as not acceptable justifications for the legitimate interest basis.
And did the EU follow up?
> The EU is trying to protect the data of the people in the EU.
The problem is it's unenforceable nonsense and has led to this foolish cookie popup situation.
If they had limited it to entities with a presence in the EU, it would have worked better. At the moment it applies to some malicious Chinese teenager who blatantly wants to collect and sell the data of Europeans who visit his self-hosted low-traffic blog.
> The truly compliant ones aren't.
Yeah, they really are. It's still something you have to interact with to make it go away.
If your response says something if companies don't track they won't need a popup, then you have missed the point.
> I would say the most I see have accept, reject and manage preferences as buttons, normally with manage preferences being a link rather than a button. The dark pattern you describe isn't on any big business websites for example.
I can accept that our website visiting patterns, and maybe our specific countries of residence within the EU, expose us to different experiences in this regard. I stand by my statement as a description of my own personal experience, but I'm willing to believe your own personal experience too.
It's also possible that I've increasingly realized that "reject" allows the companies to get away with illegally misusing the "legitimate interest" basis for data processing, so I've mentally stopped assuming that it means what it says because it often doesn't. See below for more on that.
> Out of curiosity, you mean against the spirit of the GDPR rather than the letter of it, right?
No, I mean against the letter of it as well. The free, informed consent which the letter of GDPR requires according to public and legally binding official interpretations (such as from the European Court of Justice) is not present when those dark patterns make it harder to refuse consent than to grant it.
Similarly, EU courts have been clear that simply wanting to do a bunch of tracking to facilitate more profitable personalized advertising does not legally justify the legitimate interest GDPR processing ground, but so many sites default to allowing processing based on "legitimate interest", including when you click reject for the consent question, for many of the same advertising/tracking partners where the "consent" basis is off by default. They also don't usually have a way to object en masse to these, and it's often tricky to correctly click off every single "legitimate interest" button which is falsely and illegally claimed to be a valid legitimate interest.
Plus, I've heard reports that many sites set these cookies even before consent is granted, and/or don't properly respect the refusals of consent and objections to legitimate interest processing. However this is from memory and I don't have stats or evidence to back up this statement.
The problem in all of these respects is primarily very weak and reluctant official enforcement of the rules by the relevant Data Protection Authorities and very low fines when they do enforce them. It's more profitable for companies to take the risk on genuine GDPR compliance, beyond some mild public-facing lip service and the lowest-effort bit of engineering they can do to underpin the public-facing lip service.
> I can accept that our website visiting patterns, and maybe our specific countries of residence within the EU, expose us to different experiences in this regard. I stand by my statement as a description of my own personal experience, but I'm willing to believe your own personal experience too.
I appreciate your attempting to reconcile different anecdotal experiences. In the spirit of objectivity however, I would insist that big businesses are not breaking the law.
> The free, informed consent which the letter of GDPR requires according to public and legally binding official interpretations (such as from the European Court of Justice) is not present when those dark patterns make it harder to refuse consent than to grant it.
I think here we've shifted the problem to dark patterns. The problem though is with the popups at all, because even when they are compliant, they are no less annoying, just slightly more clear.
> The problem in all of these respects is primarily very weak and reluctant official enforcement of the rules by the relevant Data Protection Authorities and very low fines when they do enforce them.
They probably shouldn't have claimed global jurisdiction then. Since that's a big part of what has resulted in so many poorly done cookie banners.
> I appreciate your attempting to reconcile different anecdotal experiences. In the spirit of objectivity however, I would insist that big businesses are not breaking the law.
Take a look at the many GDPR violation complaints which noyb.eu has filed against big businesses, almost all of which they eventually win in court. Yes, many big businesses are in fact breaking the law in this regard.
> I think here we've shifted the problem to dark patterns. The problem though is with the popups at all, because even when they are compliant, they are no less annoying, just slightly more clear.
The truly compliant ones are far less annoying. They all generally need only a single click to refuse consent, and they are also easy enough to ignore while using the site without ever responding to the banner at all.
> They probably shouldn't have claimed global jurisdiction then. Since that's a big part of what has resulted in so many poorly done cookie banners.
It's also essential to actually achieve the goal of protecting the data of people in the EU, much of which is done by companies which are based outside the EU. Do you not see the big truck-sized loopholes which would exist without that? All they would then have to do is change the website's contracting legal entity to a foreign partner or parent company and then they could refuse data subject access requests, track without consent, and so on if the jurisdiction provisions in Article 3 were as narrow as you're advocating.
> Yes, many big businesses are in fact breaking the law in this regard.
Define big business here. Coca Cola? IBM? Amazon?
> The truly compliant ones are far less annoying. They all generally need only a single click to refuse consent
No, they yare still annoying. It's still something you are forced to itneract with that diverts your attention.
> It's also essential to actually achieve the goal of protecting the data of people in the EU, much of which is done by companies which are based outside the EU.
The problem is it's unenforceable nonsense and has led to this foolish cookie popup situation.
If they had limited it to entities with a presence in the EU, it would have worked better. At the moment it applies to some malicious Chinese teenager who blatantly wants to collect and sell the data of Europeans who visit his self-hosted low-traffic blog.
> All they would then have to do is change the website's contracting legal entity to a foreign partner or parent company and then they could refuse data subject access requests, track without consent, and so on if the jurisdiction provisions in Article 3 were as narrow as you're advocating.
They can already do that because EU has no jurisdiction outside of the EU no matter what they claim.
Also, we are basically having the same conversation in two places. If you want to consolidate your two replies into just one I would not object.
> I have libertarian leanings and so would prefer a truly free market, because I would like to believe it would lead to affordable levels of health care for everyone.
Medical is a very technical field, and the costs are obfruscated from most people. I'm not surprised laymen can't give a technical breakdown of what exactly is wrong with the health insurance field.
