Even the Linux kernel / Linux Torvalds are moving towards Rust.

No, they aren’t. They are experimenting with it in certain new device drivers. No move is planned, and it’s too early to tell whether there will ever be one.

Either of these commands will reveal processes listening on the port that’s vulnerable by default:

$ sudo lsof -i :631

$ sudo fuser -v 631/tcp 631/udp

The wording of this post gives me the impression that it could exploited even if you don’t have any such processes, if your system contacts a malicious or compromised print server. I would avoid browsing or using printers on unsafe networks until this is patched.

The port 631 process just makes it worse, by allowing someone else to initiate that contact remotely.

Based on this…

Exploitation involves sending a malicious UDP packet to port 631 on the target, directing it to an attacker-controlled IPP server. The system’s cups-browsed service then connects back, fetching printer attributes, which include malicious PPD directives. When a print job starts, these directives execute, allowing the attacker’s code to run on the target system.

…it seems the exploit can be triggered either remotely through your CUPS instance listening on port 631, or locally by interacting with a malicious/compromised print server.

So if I understand correctly, shutting down that port wouldn’t be enough by itself. You would also have to keep your system from initiating contact with such a server, such as by using a public printer, or conceivably even just browsing printers at a cafe/business/school. I haven’t read the exploit details, so I don’t know which interactions are safe, if any.

Whenever I see posts like this, I wonder if they cover manual loop unrolling, which these days is usually an optimization left to the compiler.

Control+F, Duff’s Device

Yep, this post mentions it. Good for them. :)

All desktop environments are fancy compared to a simple window manager.

https://en.wikipedia.org/wiki/IEEE_754

Which KDE Neon download contains the current 6.2 beta?

(I ask because last time I tried to test a beta, none of them did.)

The unfortunately paradoxical thing about opt-out services is that using them requires giving out your details, and hoping that they aren’t (deliberately or accidentally) leaked.

CoreLogic defended its practices as legal, saying it’s too difficult to verify consent or anonymise personal data.

And this is what needs changing. It should not be legal for them to have it, nor for anyone to give it to them, in the first place.

Gemini is not just a delivery protocol. It also specifies a content format.

I mentioned Electron only to acknowledge a well-known cross-platform toolkit, not as an example of acceptable results.

Tauri on Linux is effectively a Gtk wrapper (plus WebKit), which makes it unappealing to me. I keep it bookmarked anyway just in case I find myself in a situation where the only other option is Electron, since I suspect Tauri would at least be lighter on system resources.

I don’t enjoy writing in Tcl. If I were to use Tk today, it would probably be through Python’s tkinter package.

IMHO, Tk interfaces look awful by default, but they can be made to look pretty decent if you’re willing to hunt for (or create) a good theme. I have considered it a couple of times for trivial tool UIs, and I occasionally use one that someone else wrote.

That said, getting it to look native on multiple platforms would take more effort than I feel is worthwhile, and getting it to feel native (keyboard nav, etc.) even more so. Qt has this stuff built in, and a lot more.

be as portable as possible

This is important to me, which narrows down my options quite a bit.

Electron is portable across desktop OS, but unacceptably bloated (I don’t want my users to have to deal with that) and buggy (I don’t want to deal with that).

wxWidgets and various similar wrapper libraries exist, but on Linux most of them wrap Gtk, which in recent years has become very opinionated in UI directions that I find intolerable.

A few new cross-platform GUI toolkits have been appearing recently, but I’ve found all of them suffer from poor text handling, anemic widget sets, or very out-of-place look and feel (especially keyboard navigation) relative to native applications.

That leaves Qt as my only reasonable choice, at least for now. This is mostly okay, as it does a wonderful job all around. My main complaint is that using the full power of its widgets and libraries means I’m restricted to a handful of languages: C++, Python, and maybe one or two minor ones like D. Its declarative API (Qt Quick) seems to be getting more language bindings, though, so simpler apps might be possible in other languages.

Note that the landscape is different for mobile apps. I don’t have a recommendation for those.

“Feel,” “happy,” “comfortable”… Privacy doesn’t care about your feelings.

The motivation to do the work, spend time learning the risks and available mitigations, disrupt existing social relationships in order to adopt better tools, inconvenience friends and family, partially isolate one’s self by avoiding the popular systems… all of these things are part of improving privacy in the real world, and at least for many people, fueled by a person’s feelings. Don’t discount the human factors just because you can’t quantify them.

2. distributed server network controlled by many entities (resilience)

It only fully meets the first criterion, yes. But personally I give it a bit of credit for the second too, in that it belongs to a non-profit foundation with multiple stakeholders, somewhat like Wikimedia.

These two things are not at all equivalent, or even comparable.

Signal is not my tool of choice, so I’ll answer from a more general perspective:

Having multiple friends and social groups on an e2ee chat system for the past few years feels great. Knowing that our words aren’t being recorded and exploited by half a dozen companies, we no longer feel the need to self-censor. The depth and value of our online conversations have grown noticeably.

Yes, there is more work to do, both at the endpoints and in the protocols. No, not all of us have flipped all the switches to maximize our privacy yet. That’s okay. Migrating is a gradual process. We do it together, helping each other along the way, rather than trying to force it all at once. Every step an improvement.

I think how often this is a problem varies widely from person to person. I don’t remember the last time I gave a mobile number out to a company, but it was more than a few years ago. The last few that strictly required one were non-essential; I just took my business elsewhere.

many results say to install custom ROMs which I can’t since its a US model and the bootloader is locked.

Are you sure it can’t be unlocked?

https://xdaforums.com/t/guide-to-root-galaxy-s22-plus-b-e-n-0-unlock-bootloader-and-flash-official-firmware-noob-friendly.4404351/

Many phones that don’t officially support unlocking can be exploited to do so anyway. Some will lose relatively minor functionality in the process (camera enhancements were lost on mine, but the camera still works fine) but the tradeoff is often worth it.

https://en.wikipedia.org/wiki/Internet_Draft

I think it’s pretty clear that IETF drafts are not what author meant when he wrote draft, and I’m pretty sure the IETF doesn’t have much to do with C++ standards.

Are you under the impression that there is no other sense of the word?

It might help you in the future when you are discussing things like drafts, specifications, and proposals.

As it turns out, I have done more than a little of that. Thankfully, I don’t usually see such condescending remarks in the process, nor such insistence on misunderstanding. Good luck to you, too.

Either it’s a draft or it’s a new iteration of the language. Can’t be both.

It’s a draft of a proposal for a new iteration. Is that so difficult to understand?