I don't play a lot of games but one thing I've noticed over the years is that the best games with the best communities are more niche. Like Xonotic for instance. It has a fair number of players; there's always at least one or two servers going in the evening. Everyone is friendly to each other. I've never seen any kind of trash talking in there. Same with other games like Quake etc which are long past their heyday. Wherever the masses are, that's where the toxic assholes are. When they move on, things just get a lot better.
You're harsh but that's OK. There is a lot of truth in what you're saying. I really wish people would quit downvoting everything they disagree with. HN would be 100x better if both the downvote and flag buttons were removed.
To me, a C guy, the focus on garbage collection is a turn-off. I'm aware that D can work without it, but it's unclear how much of the standard library etc works fine with no garbage collection. That hasn't been explained, that I saw at least.
The biggest problem however is the bootstrapping requirement, which is annoyingly difficult or too involved. (See explanation in my other post.)
I'm not sure how I'm being harsh. It's literally a somewhat well known programming language being reposted for the 100th time or something silly like that. I'm literally just pointing out the truth and it's almost certainly the main poster downvoting things.
I had D support in my distro for a while, but regrettably had to remove it. There's just too many problems with this language and how it's packaged and offered to the end user, IMO. It was too much hassle to keep it around.
To get it onto one's system, a bootstrapping step is required. Either building gcc 9 (and only gcc 9) with D support, then using that gcc to bootstrap a later version, or bootstrapping dmd with itself.
In the former case I'm already having to bootstrap Ada onto the system, so D just adds another level of pain. It also doesn't support all the same architectures as other gcc languages.
In the case of dmd, last I checked they just shove a tarball at you containing vague instructions and dead FTP links. Later I think they "updated" this to some kind of fancy script that autodownloads things. Neither is acceptable for my purposes.
I just want a simple tarball containing everything needed with clear instructions, and no auto downloading anything, like at least 90% of other packages provide. Why is this so hard?
Tip: pretend it's still the BBS days and you are distributing your software. How would you do it? That's how you should still do it.
I haven't tried the LLVM D compiler, and at this point quite frankly I don't want to waste any more time with the language, in its current form at least--with apologies to Walter Bright, who is truly a smart and likeable guy. Like I said, it's regrettable.
The only way to revive interest in D is through a well planned rebranding and marketing campaign. I think the technical foundation is pretty sound, but the whole image and presentation needs a major overhaul. I have an idea of how to approach that, were there interest.
The first step would be to revive and update the C/C++ version of the D compiler for gcc so as to remove the bootstrapping requirement and allow the latest D to be built, plus a commitment to keeping this up to date indefinitely. It needs to support all architectures that GCC does.
Next, a rebranding focused on the power of D without garbage collection.
I'm willing to offer ongoing consultation in this area and assistance in the form of distro support and promotion, in exchange for a Broadwell or later Xeon workstation with at least 40 cores. (Approx $350 on Ebay.) That's the cost of entry for me as I have way too much work to do and too few available CPU cycles to process it.
Otherwise, I sincerely wish the D folks best of luck. The language has a lot of good ideas and I trust that Walter knows what he is doing from a technical standpoint. The marketing has not been successful however, sadly.
Maybe the lesson here is to stop letting the GNU folks do things, if this is what they do. This is only one example of craziness coming out of the GNU camp.
Or, flip the responsibility to what it has always been understood to be, when using open source software from random volunteers (some being bad actors) on the internet for anything remotely critical: audit the source.
GNU doesn’t provide labor, only organizational tools like mailing lists and whatnot. The projects that GNU supports are still run by individual volunteers. If you want it done better then please volunteer so that you can be the one doing it better.
I just checked, and it's confirmed: I am definitely using a web browser. It seems my browser and this site have a different definition of web standards, however.
So exhausting to be surrounded by people with a paranoid, irrational fear of robots, who don't give a shit who they harm in their zeal to lash out and strike the evil bots.
Ubuntu and derivates removing telnet from the default install, along with other basic tools like traceroute etc, was one of the driving factors toward me creating my own distro. I'm sick of basic stuff being omitted because somebody just decided it's not needed anymore.
Because I go long periods of time without internet access, and I don't want to have to "sudo apt install" a fucking thing, ever. Especially not a tiny utility that is all of 172k in size, that I might need for something. Understand?
I want EVERYTHING that I might use installed AT ALL TIMES, FROM DAY ONE, so that I can IMMEDIATELY USE IT when required.
This is only one of many reasons why I abandoned the giant dumpster fire that is mainstream Linux. I do not agree with their idiotic philosophy, on practically every level.
You've now discovered that there are sections of God's Green Earth that you never knew existed! One of many benefits of stepping outside the Matrix for a moment.
I would never ever install your distro for this reason alone.
Someone has already pointed out that old/deprecated/obsolete software like a telnet client represent tech debt.
Removing the telnet client was, in part, a recognition that its complementary server was deprecated and unsafe. If everyone was transitioned to ssh and nc, [and custom MUD clients], why keep telnet around?
Any software like this represents tech debt and a support burden for the upstreams and distros which carry them. You have unnecessarily assumed a burden in this way.
Furthermore, ask the maintainers of OpenBSD or any hardened OS about attack surfaces. The more software that you cram into the default distribution, the more bundled features an OS or system has, you are multiplying your potential vulnerabilities, your zero-days, and your future CVE/patch updates.
Especially in the face of growing supply-chain attacks and LLM-automated vulnerability disclosure. Your focus should be on limiting attack surface in every regard.
It is good practice for everyone to uninstall unnecessary apps and software. Whether you use Android, iOS, Mac, Linux, BeOS or Plan9 or Inferno. Do not install and maintain software that you do not use or need. It will come back to bite you.
> Furthermore, ask the maintainers of OpenBSD or any hardened OS about attack surfaces.
OpenBSD still ships with telnet.
Their developers don't entertain nonsense virtue signaling about things that are "unsafe" and they know their users are not idiots that need to be coddled.
Hammers and matches are unsafe if you use them wrong.
> I would never ever install your distro for this reason alone.
And you are? Completely mystified as to why you'd think I would care. I built this distro for me and my people, not you. That's the whole point. We're getting off this ride.
> Someone has already pointed out that old/deprecated/obsolete software like a telnet client represent tech debt.
Not a subscriber to this religion. There is nothing about new software that inherently makes it safe, and nothing about old software that inherently makes it vulnerable.
New flaws are introduced all the time, and old bugs do get found and fixed.
I can patch old code. I can't guarantee that new code doesn't contain bugs.
The ONLY way to ensure code is flawless is through validation--mathematical proof. When you have devised a proof framework that I can use across my distro, get back to me. At this time you're nowhere near that level, and are therefore unqualified to lecture anyone about security.
> Removing the telnet client was, in part, a recognition that its complementary server was deprecated and unsafe.
Unsafe? On my personal LAN? I think not.
You don't get to just 'deprecate' things that I might need, or want to use for perfectly valid reasons.
That's the entire point of my distro: computing the way I WANT IT, not the way Ubuntu wants it.
> If everyone was transitioned to ssh and nc, [and custom MUD clients], why keep telnet around?
Because it's 172 kilobytes. Contrast with the giant bloated carcass of everything else they shove in there that's oh-so-needed by the herd.
> Any software like this represents tech debt and a support burden for the upstreams and distros which carry them. You have unnecessarily assumed a burden in this way.
I'm a distro maintainer. Hello? Telnet represents ZERO maintenance burden for me. There are no operators standing by on hotlines to "support" any of this. It's a 172 kilobyte utility.
> Furthermore, ask the maintainers of OpenBSD or any hardened OS about attack surfaces. The more software that you cram into the default distribution, the more bundled features an OS or system has, you are multiplying your potential vulnerabilities, your zero-days, and your future CVE/patch updates.
Nobody can magically teleport themselves inside my computer and compromise my telnet client. Nobody is injecting packets into my LAN.
> Especially in the face of growing supply-chain attacks and LLM-automated vulnerability disclosure. Your focus should be on limiting attack surface in every regard.
You're concerned about supply chain attacks, so your mitigation is...doubling down on getting the Latest Updates to everything? Because new code is inherently good.
Telnet has to go--way too risky to keep that around--but KDE/Gnome/systemd/dbus/etc stays?
'traceroute' is useless and dangerous, but let's keep the giant QT framework with its vendored copy of Chromium? (That's QT5 and QT6, each with a vendored Chromium, mind you.)
Chromium, by the way, itself represents tens of gigabytes of code/data now inside its repository, with 'third party' directories vendored three or even four levels deep. But a 72k traceroute utility is likely to be packed with security flaws and should be avoided.
> It is good practice for everyone to uninstall unnecessary apps and software. Whether you use Android, iOS, Mac, Linux, BeOS or Plan9 or Inferno. Do not install and maintain software that you do not use or need. It will come back to bite you.
Completely wrong and misleading theory of security you are proposing here.
I devised this new distro exactly because I was tired of my computing experience being shaped and controlled by clueless kids with intellectually bankrupt arguments and/or wolves in sheeps' clothing.
You talk about me, my, mine, my network, my computer. But you're promoting a "distro". That means you're distributing software. It's not yours anymore.
Attackers on a network will use techniques to "pivot". Once a "foothold" is established then they scan for other places to attack. They will indeed get inside "your" computer, or router, and then compromise your telnetd.
It comes back to the liberty of swinging your arms vs. the proximity to my nose. If your distro is connected to a network, then you're responsible and accountable for security issues that result. There are thousands of distro kiddies sending out their favorite flavor of Linux, but how many audited it like Theo de Raadt?
You don't seem to understand the CVE under discussion. It doesn't even affect telnet(1). Practically nobody runs telnetd(8) anymore since the introduction of encryption, ssh, and the like. MUD players use MUD clients. Network admins use nc(1). The reason "telnet" was deprecated is: it's just not really useful anymore without its complementary service. telnet(1) isn't inherently dangerous, it's just superfluous, and distros pretty much evaluated that it wasn't worth hanging on to.
As for "traceroute", I'm not sure it's "useless or dangerous", but it can be misleading and definitely superfluous. It is widely misinterpreted by novices trying to prove something about their WAN connectivity. It misrepresents network topology and doesn't work real good with modern equipment or protocols. It was a judicious decision to bundle it with network debugging tools, because not everyone needs to debug networks. Especially the ones who believe that they can.
I would say that any network debugging tool available is also useful to your attackers with a foothold. A "living off the land" attack will leverage your telnet client, will run traceroutes on your network, and they will use all the software cruft that you didn't uninstall! I am pretty sure there are distros that simply don't come with development environments, C compilers, or various interpreters anymore, and it is for this reason: they are not inherently insecure or vulnerable, but "living off the land" will weaponize them every time.
However, I must concede that your temperament and tone is well-suited to being a distro administrator. You remind me of Linus Torvalds vs. Andrew Tanenbaum, or Theo de Raadt vs. FreeBSD. Perhaps Scott Adams vs. the world. Carry on, good sir.
Another trick that works is just to let the windshield get cracked once. Then it will be immune to further rock strikes. Studies have shown that freshly replaced windshields are 937% more likely to be hit with a rock.
reply