• 0 Posts
  • 10 Comments
Joined 1 year ago
cake
Cake day: July 12th, 2023

help-circle
  • You wish the CEO of a company would harass you?

    You wish a CEO would give general denials and the same non-answers you see in a comment thread while pretending to engage with you in good faith?

    Fuck off, the CEO gave no new info or perspectives and just showed himself to be the asshole that recent emerging evidence had been showing he was.


  • Not OP. Used Linux since the late 90s. My daily driver is NixOS. GUI here is synonymous with TUI.

    What about GUIs appeals to you over a command line?

    I like the GUI because I can see what options the tool can execute in this state. I don’t have to pass --help to grep or keep several man page sections open. The machine knows what it’s capable of and I direct it.

    With CLIs I feel like I’m always relearning tools. Even something as straightforward as ‘enable a flag’ has different syntax. Is it -flag? --flag? --enable-flag? Oh look, a checkbox.

    Not to say that I think a window environment is best for all things. When using an IDE, I have the terminal open constantly. Programmers are as bad at visual interfaces as they are module interfaces. If no UX designer was involved in displaying complex data or situations, I’m likely to try to fall back to the commandline. Just that - when there are GUI tools I tend to prefer them over an equivalent CLI tool.


    tl;dr GUIs can represent the current state of a complex process and provide relevant context, instead of requiring the user to model that information (with large error bars for quality of the UI).

    Anyway, I hope you take this in good humor and at least consider a TUI for your next project.





  • lol and you said you weren’t big mad.

    It’s not a matter of “less or more information[…]”

    Escalating every such bug […] would quickly drown out notices that people actually care about.

    If your argument is that a specific class of security bugs aren’t worth CVEs, then make that argument. Instead, you’re saying the CVE isn’t valid and making an argument about the risk assessment and development lifecycle (as if those aren’t part of a CVE) and not the class of security bug.

    I have, this entire time, said it’s a valid CVE that you don’t care about and that you shouldn’t be working as a cybersecurity professional. You have conceded the first point and continued to demonstrate the later.


  • “Uh, no. The CVE is valid, but it’s not about that.” You say, scrambling. “The dev cycle! It was already scheduled for release, so it’s not necessary to disclose. If everyone disclosed security bugs, we’d have too much information and we wouldn’t be able to filter for the notices we care about.” You retort, not realizing that you had already conceded that this wasn’t about the fact you didn’t care about the CVE, and instead arguing that less information is better rather than building tools to cope with the number of CVEs that are increasing regardless of their relevance to you personally.