MacOS has been getting a lot of flak recently for (correct) UI reasons, but I honestly feel like they're the closest to the money with granular app permissions.
Linux people are very resistant to this, but the future is going to be sandboxed iOS style apps. Not because OS vendors want to control what apps do, but because users do. If the FOSS community continues to ignore proper security sandboxing and distribution of end user applications, then it will just end up entirely centralised in one of the big tech companies, as it already is on iOS and macOS by Apple.
I knock on your door.
You invite me to sit with you in your living room.
I can't easily sneak into your bed room. Further, your temporary access ends as soon as you exit my house.
The same should happen with apps.
When I run 'notepad dir1/file1.txt', the package should not sneakily be able to access dir2. Further, as soon as I exit the process, the permission to access dir1 should end as well.
A better example would be requiring the mailman to obtain written permission to step on your property every day. Convenience trumps maximal security for most people.
> When I run 'notepad dir1/file1.txt', the package should not sneakily be able to access dir2.
What happens if the user presses ^O, expecting a file open dialog that could navigate to other directories? Would the dialog be somehow integrated to the OS and run with higher permissions, and then notepad is given permissions to the other directory that the user selects?
Pretty sure that’s how it works on iOS. The app can only access its own sandboxed directory. If it wants anything else, it has to use a system provided file picker that provides a security scoped url for the selected file.
Because security people often does not know the balance between security and usability, and we end up with software that is crippled and annoying to use.
I think we could get a lot further if we implement proper capability based security. Meaning that the authority to perform actions follows the objects around. I think that is how we get powerful tools and freedom, but still address the security issues and actually achieve the principle of least privilege.
For FreeBSD there is capsicum, but it seems a bit inflexible to me. Would love to see more experiments on Linux and the BSDs for this.
FreeBSD used to have an ELF target called "CloudABI" which used Capsicum by default.
Parameters to a CloudABI program were passed in a YAML file to a launcher that acquired what was in practice the program's "entitlements"/"app permissions" as capabilities that it passed to the program when it started.
I had been thinking of a way to avoid the CloudABI launcher.
The entitlements would instead be in the binary object file, and only reference command-line parameters and system paths.
I have also thought of an elaborate scheme with local code signing to verify that only user/admin-approved entitlements get lifted to capabilities.
However, CloudABI got discontinued in favour of WebAssembly (and I got side-tracked...)
A capability model wouldn't have prevented the compromised binary from being installed, but it would totally prevent that compromised binary from being able to read or write to any specific file (or any other system resource) that Notepad++ wouldn't have ordinarily had access to.
The original model of computer security is "anything running on the machine can do and touch anything it wants to".
A slightly more advanced model, which is the default for OSes today, is to have a notion of a "user", and then you grant certain permissions to a user. For example, for something like Unix, you have the read/write/execute permissions on files that differ for each user. The security mentioned above just involves defining more such permissions than were historically provided by Unix.
But the holy grail of security models is called "capability-based security", which is above and beyond what any current popular OS provides. Rather than the current model which just involves talking about what a process can do (the verbs of the system), a capability involves taking about what a process can do an operation on (the nouns of the system). A "capability" is an unforgeable cryptographic token, managed by the OS itself (sort of like how a typical OS tracks file handles), which grants access to a certain object.
Crucially, this then allows processes to delegate tasks to other processes in a secure way. Because tokens are cryptographically unforgeable, the only way that a process could have possibly gotten the permission to operate on a resource is if it were delegated that permission by some other process. And when delegating, processes can further lock down a capability, e.g. by turning it from read/write to read-only, or they can e.g. completely give up a capability and pass ownership to the other process, etc.
It's truly perverse that, at the same time that desktop systems are trying to lock down what trusted, conventional native apps can and cannot do and/or access, you have the Chrome team pushing out proposals to expand what browsers allow websites to do to the user's file system, like silently/arbitrarily reading and writing to the user's disk—gated only behind a "Are you sure you want to allow this? Y/N"-style dialog that, for extremely good reasons, anyone with any sense about design and interaction has strongly opposed for the last 20+ years.
Yet we look at phones, and we see people accepting outrageous permissions for many apps: They might rely on snooping into you for ads, or anything else, and yet the apps sell, and have no problem staying in stores.
So when it's all said and done, I do not expect practical levels of actual isolation to be that great.
> Yet we look at phones, and we see people accepting outrageous permissions for many apps
The data doesn't support the suggestion that this is happening on any mass scale. When Apple made app tracking opt-in rather than opt-out in iOS 14 ("App Tracking Transparency"), 80-90% of users refused to give consent.
It does happen more when users are tricked (dare I say unlawfully defrauded?) into accepting, such as when installing Windows, when launching Edge for the first time, etc. This is why externally-imposed sandboxing is a superior model to Zuck's pinky promises.
In the case of iOS, the choice was to use the app with those permissions or without them, so of course people prefer to not opt-in - why would they?
But when the choice is between using the app with such spyware in it, or not using it at all, people do accept the outrageous permissions the spyware needs.
For all its other problems, App Store review prevents a lot of this: you have to explain why your app needs entitlements A, B and C, and they will reject your update if they don't think your explanation is good enough. It's not a perfect system, but iOS applications don't actually do all that much snooping.
I assumed the primary feature of Flatpak was to make a “universal” package across all Linux platforms. The security side of things seems to be a secondary consideration. I assume that the security aspect is now a much higher priority.
Many apps require unnecessarily broad permissions with Flatpak. Unlike Android and iOS apps they weren't designed for environments with limited permissions.
The XDG portal standards being developed to provide permissions to apps (and allow users to manage them), including those installed via Flatpak, will continue to be useful if and when the sandboxing security of Flatpaks are improved. (In fact, having the frontend management part in place is kind of a prerequisite to really enforcing a lot of restrictions on apps, lest they just stop working suddenly.)
I intensely hate that a stupid application can modify .bashrc and permanently persist itself.
Sure, in theory, SELinux could prevent this. But seems like an uphill battle if my policies conflict with the distro’s. I’d also have to “absorb” their policies’ mental model first…
I tend to think things like .bashrc or .zshrc are bad ideas anyways. Not that you asked but I think the simpler solution is to have those files be owned by root and not writable by the user. You're probably not modifying them that often anyways.
> Linux people are very resistant to this, but the future is going to be sandboxed iOS style apps.
Linux people are NOT resistant to this. Atomic desktops are picking up momentum and people are screaming for it. Snaps, flatpaks, appimages, etc. are all moving in that direction.
As for plain development, sadly, the OS developers are simply ignoring the people asking. See:
I'm sure that will contribute to the illusion of security, but in reality the system is thoroughly backdoored on every level from the CPU on up, and everyone knows it.
There is no such thing as computer security, in general, at this point in history.
There's a subtlety that's missing here: if your threat model doesn't include the actors who can access those backdoors, then computer security isn't so bad these days.
That subtlety is important because it explains how the backdoors have snuck in — most people feel safe because they are not targeted, so there's no hue and cry.
The backdoors snuck in because literally everyone is being targeted.
Few people ever see the impact of that themselves or understand the chain of events that brought those impacts about.
And yet, many people perceive a difference between “getting hacked” and “not getting hacked” and believe that certain precautions materially affect whether or not they end up having to deal with a hacking event.
Are they wrong? Do gradations of vulnerability exist? Is there only one threat model, “you’re already screwed and nothing matters”?
I'm sure you're right; however, there is still a distinction between the state using my device against me and unaffiliated or foreign states using my device against me or more likely simply to generate cash for themselves.
It now seems to be best practice to simultaneously keep things updated (to avoid newly discovered vulnerabilities), but also not update them too much (to avoid supply chain attacks). Honestly not sure how I'm meant to action those at the same time.
In the early days, updates quite often made systems less stable, by a demonstrable margin. My dad once turned off all updates on his Windows machine, with the ensuing peril that you can imagine.
Sadly, it feels like Microsoft updates lately have trended back towards being unreliable and even user hostile. It's messed up if you update and can't boot your machine afterwards, but here we are. People are going to turn off automatic updates again.
The easiest way to action as a user seems like it would be to use local package managers that includes something like Dependabot's cooldown config. I'm not aware of any local package managers that do something like this?
You basically need to make a trade-off between 0days and supply chain attacks. Browsers, office suite, media players, archivers, and other programs that are connected to the internet and are handling complex file formats? Update regularly, or at least keep an eye out for CVEs. A text editor, or any other program that doesn't deal with risky data? You're probably fine with auto update turned off
>Using notepad++ (or whatever other program) in a manner that deals with internet content a lot - then updating is the thing.
Disagree. It's hard to screw up a text editor so much that you have buffer overflows 10 years after it's released, so it's probably safe. It's not impossible, but based on a quick search (though incomplete because google is filled with articles describing this incident) it doesn't look like there were any vulnerabilities that could be exploited by arbitrary input files. The most was some dubious vulnerability around being able to plant plugins.
I agree with you regarding particular exploits by arbitrary input files against Notepad++ in particular.
I was trying - poorly it seems - to make a more general point regarding exposure to the internet and across "whatever other program" too. Something like 7-zip, VLC, syncthing, whatever other open source tools you may like, and how you use it exposing you to possibility of attack.
IE you are interacting with "the wild west of the internet" then the balance of update/not-update shifts more towards update. But if not, then the balance shifts to not-update.
But you are correct that either way it depends on the program in particular.
Supply chain attacks have impact on more systems, so it's more likely that your system is one of it. Opening a poisoned textfile that contains a exploit that attacks your text editor and fits exactly to your version is a rare event compared to automatically contacting a server to ask for a executable to execute without asking you.
Unless there's an announcement of a zero day, update a month after each new release. Keeps you on a recent version while giving security systems and researchers time to detect threats.
Debian stable. If you need something to be on the bleeding edge install it from backports or build from source. But keep most of your system boring and stable. It has worked fine for me for years.
I don't think you understand Debian. There's a new release every 2 years. A few months before every release there's the so called package freeze on the testing branch. The version the packages are on at that point that's the version they will have for the next stable release. Between releases the only updates are security updates.
Do you mean I should worry about the fixed CVEs that are announced and fixed for every other distribution at the same time? Is that the supply-chain attack you're referring to?
The irony is that karma posts are so easy. Take something most of your audience already agrees with, triple down on some reductionist caricature of it, and smother it in pithy glibness. The shorter the better. Particularly effective if you set up a false dichotomy vis-a-vis the person you're replying to. It's a reflexive style of engagement for many, and HN is not immune to it.
I aim to avoid it these days, with varying degrees of success. I don't need fictitious internet points, I want to hear other people's genuine thoughts on a subject of interest. Or sometimes just to share something I thought was neat.
But since all social media are Pavlovian conditioning for points, you rarely get any fruitful exchange. And it seems to be getting rarer and rarer, sadly.
I wonder how one would structure social media to avoid it. HN is good, but the karma system is a double edged sword. Would it increase the quality of the discussion to retain the use of points for ranking posts, but hide point counts completely? Perhaps they could be represented by words: "Positive response", "negative response", but only past -3 and +3, with no changes in wording beyond that score?
Wrt my own posts I like the karma system as feedback for how well I'm getting my point across. Helps to understand what communication style resonates with people. I'd say the biggest flaw is not that it rewards snarky popular opinions, but that it overly rewards first movers on a topic.
I do think that pithy is good. The real world also rewards people who can convey an idea succinctly. ("Healthcare for all" for example is an effective rallying cry despite lack of implementation details.)
If it were an effective rallying cry, it would have worked at any point in the last forty years.
Politics is not assessed in terms of how the slogans sound, but what they achieve. Universal healthcare is further away today than it was in the '90s, and Democrats are less 'rallied' than ever.
Interestingly, the -fere in interfere comes from the Latin ferīre, meaning 'to hit', 'to strike', etc. My first guess would have been something like facere/fāre or -fer, but that quickly falls apart on reflection (to do across? between-bearer?).
Inter + ferire = to strike one another. Makes sense.
Bonus point: the aforementioned -fer ('bearer', like conifer or aquifer) is distantly related to ferīre, as it is to English to bear, Greek phérō ('to carry'), Slavic brat ('to take'), Sanskrit bhárati ('to carry'), etc. I suppose ferīre itself must be the result of semantic drift along the lines of 'to carry/bear' -> 'to bring forth [blows]' -> 'to strike/hit'.
> Inter + ferire = to strike one another. Makes sense.
I guess, but I don't really think of interfering as a mutual thing. I see interfere more like intervene or interpose, where the subject of the verb inserts himself between two other things. (As, in the example above, "my" neighbor places himself into the middle of the relationship between me and my television.)
If I'm interfering with you, it is not necessarily the case that you are also interfering with me. And it certainly couldn't be said that "we are interfering [end of sentence]" in the same way that it could be said "we are fighting".
The use of with to mark an indirect object does tend to suggest that the sense of the verb was more mutual at an earlier point, though.
Contrapoint to the naysayers: building infrastructure is good actually, and in this specific case, has had the added side benefit of unearthing these cool artifacts that would otherwise still be decaying in some peat bog.
British NIMBYs seem unusually strong, even in a world of NIMBYism. Best wishes to the British in defeating the Midsomer Historical Society of Bat-Loving Cranks, which apparently controls the deep state over there.
On behalf of the Midsomer Historical Society of Bat-Loving Cranks, i'd like to extend a cordial invitation to our Wickerman Festival this year. Perhaps on perusing our good works, you might be persuaded of their merits.
Sir, this is wimpy's - the confusion of naming cheap housing construction firm, the same as a very old burger chain in the UK which predates Wendy's or McDonald's in the UK by many decades being most apposite.
HS2 will be fantastic, transformative infrastructure… decades from now when (or if) it is actually completed.
The issue is that the project has been so badly mismanaged and costs have spiralled so far out of control that even the first small, incomplete section of it is now costing us 3X what the ENTIRE project was supposed to cost. It’s also at least 7 years behind schedule: when they started construction, stage 1 was supposed to open in 2026 - this year!!
Yes, NIMBYism is part of this, but catastrophic project management failure and a culture where contractors view the public purse as an limitless cash cow to be milked to the maximum extent possible have a lot to do with it too.
Bottom line is the UK is not good at building large infrastructure projects, and the bigger they are, the worse it gets. Complete rethink/reboot required.
Or, instead, keep building, so the UK actually gets experience with large scale projects? Establish an anti-corruption body that retrospectively investigates every pound spent on HS2, and places lifetime public-contract bans on contractors found to have acted dishonestly? If the graft is as extreme and obvious as you say, surely this is no hard task.
If the UK has no experience building things, there's only one way to get some, and it's not to stop building for ten years while the government 'rethinks and reboots' (i.e. pays McKinsey for expensive reports exculpating McKinsey for any cost overruns). Ten years during which all the people who were actually involved move on to other roles, often private sector, often overseas. That's how you throw away all the experience accrued during this construction.
Sometimes the perfect is the enemy of the good. In twenty years, when the HS2 is zipping around, bringing down the cost of logistics, making groceries cheaper, lowering house prices as people can live further out, no one will even remember how it was built.
You will never get better by simply saying lets stop it, cancel the project and 'rethink'. Your not going to find a route that is much better. Your not going to magically find much supplier for your trains and equipment.
Also the short section that they are working on is by far the most expensive per kilometer compared to the northern parts. So the cost was always going to be pre-loaded in the early part.
Its also the case that this 3x number is not correct when you adjust for inflation. Covid and other stuff has increased because of inflation specially in that sector.
Another issue in the UK rail industry is simply that building and investing is so incredibly inconsistent that there isn't the pipeline for training people. And the constant political battle about HS2 also makes companies hesitant to do the needed investments.
But bottom line is this, unless you simply continue to work on HS2 and other infrastructure projects (like desperately needed electrification) you simply will never get better at infrastructure. And there are many things to learn and to get better at, on every level from parliament down to individual construction worker.
Unfortunately so far the 'reflection' that the UK has done on the issue with HS2 have been extremely disappointing and they have learned very little. But still even so, just by doing it the people and organization have gotten better and are moving increasingly faster.
Not doing the next parts of HS2 is hilariously stupid as the larger benefits only happen once the whole thing is complete. The UK has spend likely 50-60% of the total cost and only gets about 20% of the benefits.
UK is so densely populated that something like this affects a LOT of people. Also people's "back yards" are tiny enough as it is. Small changes have a big impact and people living in such cramped spaces are living in constant fear of that.
If you happen to come across any part of HS2 in some random village you've never heard of it's quite incredible the impact it's having on the locals. Locals who live miles away from the nearest station and therefore unable to use the line, by the way.
We also have very little wildlife left and we don't really want to live in concrete jungles.
Suffice to say, it's not difficult to see why it's like this in the UK if you actually come and see.
>> If you happen to come across any part of HS2 in some random village you've never heard of it's quite incredible the impact it's having on the locals. Locals who live miles away from the nearest station and therefore unable to use the line, by the way.
Because people inherently misunderstand the benefit of HS2, and how could they not if it's constantly being misrepresented by our media and politicians.
UK has one of the highest proportion of freight transported by road in Europe. That is fundamentally because our rail infrastructure is overloaded and unable to take any more freight. All non-perishable stuff that in other countries just goes on rail, in the UK is moved by trucks on our roads. Which as you can imagine, is causing tens of billions of pounds worth of damage to our roads, which we - taxpayers - pay for. All of these locals that live miles away from the train station are already affected by the lack of rail infrastructure - because every time they drive somewhere they have to contend with massive potholes and insane amount of heavy cargo traffic anywhere they go. If HS2 is ever finished, it will reduce congestion and our roads and reduce the wear and tear which again, is costing us billions in upkeep every year.
But according to our media, it's all about saving london commuters 2 minutes on a train from Birmingham, so every Dick and Harry is against it, because like you said - they live miles from the nearest station, why would they care?
It's not even about freight! HS2 will increase passenger capacity. The existing trains are completely full at peak time and run at the maximum frequency. Building a whole new line will allow a lot more people to travel. The demand is clearly there despite the price, because it's also pretty congested to drive anywhere inside the M25.
If we wanted to address the freight situation it would be along the route of the A428/A14 from Folkstone (where much of the freight is landed) to the Midlands. That road already has a cheery sign on it pointing out how high the accident rate is.
Felixstowe, not Folkestone? The latter is where the channel tunnel is, which does account for a lot of freight but you probably meant the container port at Felixstowe. I used to drive on the A14 daily and you could tell when a ship had recently arrived by the number of containers on the roads. The road also suffered badly from "tram tracks" due to large numbers of heavy good vehicles. Crazy when you realise a lorry can take one container while a single train can take a hundred or more.
A problem with this argument is that it actually doesn't help most people on the HS2 route. If you live in a village on the outskirts of Aylesbury say, it's not much good to you personally that there's more local services on the WCML, because it's a 40-50 minute drive to the nearest WCML station; your local line will see no improvement. Freeing up space on the M1 has no impact either for the same reason.
It would of perhaps been an easier sell if we could of built it much closer to the WCML and told people, look this is to get rid of those horrible fast trains that wizz though your local station at 125mph.We'll use the space for more services so your commute to London from say Leighton buzzard is faster and less busy.
Knocking down half the towns that the WCML runs through to build more tracks carrying trains that aren't going to stop there would be neither easier nor cheaper than HS2.
Do you think the people who designed HS2 have not considered these aspects?
You analysis is very narrow and only considered the benefits to a certain set of people.
HS2 actually follows reasonably closely to the old GCML. And for the same reason, its the best route to build a fast rail-line along.
I think your proposal complete ignores the additional cost of such a route change. And the cost alone, aside from anything else would make it unreasonable.
Many things go into selecting a route and in most cases where I think they made the wrong choice its usually because of cost concerns, like not building the needed tunnels into cities.
The reason HS2 route cost so much money is because so much is tunneled. Why is so much tunnelled? Because rich people live there and won't accept a blot on the landscape, partially because they don't see a personal benefit.
If you can remove the tunnels it doesn't really matter that the route is slightly longer or has slowly less optimal geometry.
That not totally true. Yes, HS2 spend additional billions on tunneling. But even without that you don't magically solve all the issues and in some places where they do tunneling its actually not completely stupid. Tunneling accounts for a few billions, not many 10s of billions.
And you don't get magically rid of all issues with people complaining, because guess what, other people live on that other imaginary route that lives in your head, and they would demand tunnels too.
And its really the politicians fault, a few people who don't like the look of the train should not have the power to stop it, specially not in a place as centralized as England.
The reason you can't run as many other trains on WCML and other lines is because high-speed non-stop trains take so much capacity. Once you remove them, you can run many more local/regional trains with more stops and higher frequency.
The whole way HS2 is designed is to maximally reduce the amount of fast trains going north south on the existing network. Leading to a massive capacity upgrade on the existing lines. You can still run some express lines but likely much more lines that stop at more station, making it fast for you to go to next HS2 stop and from there to the further distance destination.
HS2 connection to Leeds was designed to help the ECML, the whole HS2 system was designed by experts to help with WCML and ECML.
Of course now that the former car brained fucking moron of a prime minister in his last attempt to safe himself canceled most of HS2 all those benefits are gone. And labor is to cowardly and ignorant to bring it back.
Yes, most people cannot think beyond first-order effects, but this can be equally applied to HS2 proponents. There are other solutions to cut the amount of cargo traffic, but most of them involve just consuming less stuff.
Building more and more infrastructure is not sustainable. It's been shown time and time again that more infrastructure only leads to more usage of said infrastructure. The number of lorries on the road will not decrease, we'll just start carting around even more stuff than before.
> because every time they drive somewhere they have to contend with massive potholes and insane amount of heavy cargo traffic anywhere they go
I don't buy that. The potholes are in residential and country roads. No amount of railways is going to do anything about that. The cargo traffic which could go via rail is on the motorways.
I'm all for more rail and less roads. But to stop the road usage we need to tax it more heavily, especially for heavier vehicles, and not just lorries. So far I haven't seen any evidence of replacing roads with rail, it's just more, more, more.
Consuming less is simply not a solution that anybody would ever agree to. Anything that you cut out would just be replaced with other consumption. Maybe consumtion can be slightly more local, but the idea that most consumption can be replaced with something that is local a pipedream. And even if you did that, to produce all that stuff locally the inputs for that production would still need to be transported.
The only way to reduce consumption is people getting poorer or people increasing their savings. And that's just future consumption.
Building more and more infrastructure is actually sustainable. And arguably we are not even building more and more as things like rail infrastructure is less now then it was in many places.
> It's been shown time and time again that more infrastructure only leads to more usage of said infrastructure.
And that is actually good if the infrastructure usage does not have massive negative externalizes, like ... trains. It actually reduces externalizes because it takes away from car and air traffic.
> The number of lorries on the road will not decrease, we'll just start carting around even more stuff than before.
Switzerland is prove that you can reduce the amount of lorries. But even if you don't, it will at least reduce the growth. And it makes it so you don't have to invest in highway expansion.
You might be against that anyway, but most people would demand it if existing highways are always full of lorries.
> But to stop the road usage we need to tax it more heavily, especially for heavier vehicles, and not just lorries. So far I haven't seen any evidence of replacing roads with rail, it's just more, more, more.
If you tax heavy transport without providing an alternative you simply drive up cost of living and make peoples live worse.
But you are right, taxing lorries and putting that into a fund that helps rail expansion is exactly what Switzerland did.
Isn't the problem that the requirements for line were "gold plated"? If they'd put in another standard rail line instead, it would have increased capacity, taken up much less space, would have been much cheaper, would have caused less disruption and would have had a clearer business case.
What's the good of a perfect railway line if it never gets built? What happened to the capacity argument? There is likely a good optimum between the cheapest and most expensive possible for capacity and speed. We could all fly around in supersonic aircraft, but there's a reason we don't.
It's getting built! Large sections of it are nearly finished!
Quite a lot of the cost is the NIMBY appeasement mentioned upthread. Something like a quarter of the line will be in tunnels. Making a slower line wouldn't make that any cheaper.
Connections to HS1/Europe, and to Leeds, Golborne, East Midlands, Manchester and finally even Crewe have all been cancelled so now extra expenditures will focus instead on Euston Station. That's not the large section people were interested in riding. Perhaps Old Oak Common should instead have been tunnelled the same distance through to Waterloo International (whose international platforms are now deleted).
The international platforms are not deleted! They were brought back into use from 2018-2019 to serve the Windsor Lines, which includes the service to Reading - platforms 20-24. That somewhat reduces the congestion at Waterloo; the station throat limits adding more services.
The extension to Euston was supposed to have 11 platforms. Even the reduced scope now being implemented is 6 platforms, I believe. All 11 were required to handle the eastern leg of HS2 [providing bypass capacity for the East Coast Main Line out of King's Cross and the Midland Main Line out of St Pancras], and services to Scotland and Manchester [bypassing the West Coast Main Line from Euston's classic platforms].
steam is great technology - it is still used in power plants today. The only reason diesel replaced it was labor cost which made up for the loss in fuel efficiency.
The high speed lets you build the Y shape to serve London to both north east and north west, as well as cross country journeys from Birmingham to the north east with the minimum amount of new track. With more standard rail lines you'd need to build a lot more. Plus there's many other benefits to high speed.
If you’re building a new rail line you might as well make it high speed. The problem is that a political decision was made to tunnel through the Cotswolds to minimise local impact because a lot of rich and influential people live there.
No this is just a typical media nonsense that is spread by idiots who don't know anything.
> If they'd put in another standard rail line instead
That would be crazy. In order to be a viable line to go from Midlands to London and reduce capacity, it would have to be at the very, very minimum as fast as that line goes today. So you are going to build a high-speed line of some sort anyway.
And that means maybe you can be a bit more adaptive to the terrain, but that also leads to more distance and thus more kilometers of line that has to be build.
A huge amount of the cost is simply buying the land, building the tunnels and bridges, putting up the electricity wires and so on. All that you would have to do anyway.
So basically at the very minimum you would need to build a 200km/h line, and nobody serious would even consider that. A 250km/h is the only reasonable 'lets safe money choice'. Going to a 300-350km/h line is going to be more expensive, but likely only by a few %, maybe 10%. But you would lose a huge amount of the benefit, as tons of study show time is a massive important to use.
So if you actually take into account future income from the line, building it to a lower standard would have been insanely stupid.
> taken up much less space
This is just straight up factually wrong. If you want to save money by changing alignment, you need more space, not less.
> would have been much cheaper
As I pointed out, much is simply wrong here.
> would have caused less disruption
Building would have more disruption and overall there would be more disruption in general.
> would have had a clearer business case
The business case, would be much much worse.
The people making that argument somehow think that you could build some rural 160km/h rail line and still get 90% of the benefit. Yet somehow no country who analysis this beliefs this and pretty much every single rail expert in the world doesn't agree with it either.
So the question you have to ask yourself do you want to believe the designer of HS2, most experts in rail technology or a bunch of anti-infrastructure activists?
What nonsense. As if there was a desperate need for land in rural Britain. Southern England is densely populated compared to countries, but its still incredibly rural.
In most places it barley effects people at all and when it does 99% of the time its a minimal visual impact.
> therefore unable to use the line, by the way.
This is a complete misunderstanding on the system effects of these lines. The point is that all other train lines can be used much more efficiently because the high-speed trains don't have to use those lines anymore. Making it much easier to run more rural trains.
And it will also reduce car use on these routes, meaning the much, much worse highways will be used less.
So in actual fact, the new lines are massively positive in terms of overall impact for rural areas.
And I say this living in a country with some of the most dense rail networks in the world.
> We also have very little wildlife left and we don't really want to live in concrete jungles.
Another bunch of nonsense. Rail lines are very small and highly efficient. If you didn't build rail lines, you would almost certainty have to extend highways and those are infinity worse for wildlife.
Railways and specially high-speed rail have the best impact vs effect calculation of almost anything you can build.
"People like you" shows that you're no better than the "NIMBYs" you so hate. Just complete refusal to accept that anyone might be different from you or have problems that aren't yours.
Except it isn't, its designed to get people between city centers much faster, making living in cities much more attractive. Often the highest density areas are around train stations.
It was never about "building infrastructure", though, which is why they used Compulsory Purchase to force farmers to sell their land for pennies. Because obviously "undeveloped" land without any sort of planning consent is worth very little.
Now those bits of land, which have been put through the planning system and can now be built on, are not being used for HS2. So, they're being sold back to the farmers, right?
No, they're being sold for thousands of times the purchase price to property developers run by the people who donate the most to the government.
It's a land grab, same as the "inheritance tax on farms" thing.
Yes, because a demolished house is a brownfield site which automatically has outline planning consent and you can build just about anything you like on it. It's worth a fortune.
A farmer's field without planning consent is bought from the farmer priced as a worthless patch of mud, but taxed as though it already had a couple of dozen £500k rabbit hutch houses built on it.
> A farmer's field without planning consent is bought from the farmer priced as a worthless patch of mud, but taxed as though it already had a couple of dozen £500k rabbit hutch houses built on it.
Farm land isn't taxed - it's exempt from business rates
The over 60s in the UK are probably the most privileged demographic in the history of the nation.
Just last October the government reduced tax free savings allowances on the Cash ISA for everyone...except he over 60s.
The over 60s have iron-clad "triple locked" state pensions that are _guaranteed_ to grow unsustainably (faster than tax revenue) at the cost of the working tax payer.
We need infrastructure and productivity growth, so the over 60s can take their gold plated compulsory buyouts and go do one.
>>though, which is why they used Compulsory Purchase to force farmers to sell their land for pennies. Because obviously "undeveloped" land without any sort of planning consent is worth very little.
Did you ever look into any of it? Because it's 100000% nonsense. One of the reasons why HS2 is over budget so much is because farmers are being paid absolutely through the nose for smallest chunks of land taken for it. Compulsory purchase has to pay the market rate, and in most cases it pays well above that.
>>No, they're being sold for thousands of times the purchase price to property developers run by the people who donate the most to the government.
I'd love to see an example of any piece of land being sold for "thousands of times the purchase price", it would be quite incredible. And the land goes back to auction, anyone can bid on it so not sure how exactly is it sold to "people who donate the most" - care to explain? Or better yet, give an example?
>>It's a land grab, same as the "inheritance tax on farms" thing.
Yes, nothing to do with people like the Percy family owning half of Northumerland for the last 700 years and never paying any inheritance tax on it because they farm on some of it. Nuh huh.
You can try to remap KDE keybindings but it won't affect Gnome applications, games, etc.
Personally, I found the most reliable thing to be a keyboard-level swap of Ctrl and the Cmd key. That way, whenever you're asked for Ctrl, which is all the time, you can always safely hit Cmd with no need for extra configuration. You can then remap various things in KDE Shortcuts to be more Mac like, like Cmd+Q, Cmd+Tab, Cmd+`, etc. (The only thing lacking is the Ctrl v. Cmd separation in a terminal, so I manually remapped all the Ctrl sequences in my terminal emulator to Win sequences, which matches my hardware Ctrl key. So, like on a Mac, Cmd+C works to copy, Ctrl+C is the escape code.)
This works for a Mac keyboard. For a Windows keyboard, you'd have to shuffle Alt -> Ctrl, Win -> Alt, and Ctrl -> Win. There are settings for this in xkb. (KDE surfaces these in its Keyboard settings panel.)
Keyboard layouts/shortcuts are a huge pain point with Linux. xkb is geriatric, and acts as such. Compose keys are flaky and inconsistent across applications. Virtually all Linux software is going to default to some idiosyncratic take on Windows shortcuts, often without much by way of customisability. (And those Windows shortcuts weren't very good to begin with.)
That works until you get into a terminal and want to copy/paste/send signals without having to remember special keybinds that only apply when you're in the terminal.
X should have never copied the IBM/MS binds. What a tragic mistake
> That works until you get into a terminal and want to copy/paste/send signals without having to remember special keybinds that only apply when you're in the terminal.
I don't really understand what you mean by this. When a GUI app wants Ctrl, I hit Cmd. In a terminal emulator, I hit Ctrl for control sequences and Cmd for system shortcuts like copy and paste. This reflects how things work on a Mac. There's nothing special to remember.
> X should have never copied the IBM/MS binds. What a tragic mistake
What is the point of this article? What does it actually say, other than 'AI good, criticisms of AI bad'? What am I supposed to have learnt from reading this, other than that the author likes AI?
There is no point to the article. It's not even written by a human, and really calling it an article implies a level of intent that is not there. It's a random collection of words that were probabilistically likely to follow given an initial condition and a seed for variation.
TLDR is that a guy bought Mac Minis to replace Google's Cloud Transcribe with a local whisper.cpp model and that saved him thousands of dollars a month, and he is using Claude Code for DevOps, etc.
I think vim's greatest problem is discoverability. It's a big enough problem that after six or so months working full time in neovim I went back to a GUI editor. I just about barely remember the most common commands, but I do not remember (at all) anything I only need occasionally. I also know myself well enough to know I will never remember this sort of thing well. I have a terrible memory for procedural / administrative / ritualistic knowledge.
I'm on Sublime right now. I like it a lot less than vim, but it's far less cryptic. If I need to tile four documents and move text around, I can do so trivially by dragging, without needing a PhD in vim esoterica that I would immediately forget the next day.
I 100% agree, but I also think you can get very far with just taking a weekend to read the user manual (:h user-manual). It won't solve the remembering problem, but it will make looking up help when you need it much easier. For example, you would know that most window operations start with <C-w>, so when you need to tile windows you could start with looking up `:h ctrl_w`.
There is also a very popular plugin for neovim that shows a popup with possible keybinds and descriptions whenever you begin any keybind: https://github.com/folke/which-key.nvim
HN is great for technical discussions, but is below average for political or macroeconomic discussions. A HN comment thread on those topics is essentially indistinguishable from a NYT comments section, which I mean as an unfavourable comparison.
Turns out that being good at SQL does not make one good at the subtle social art / science of power and governance. If anything, the correlation is inverse. This shouldn't be surprising.
This reflects a very common pronunciation of syllable-final Ls in English, called a vocalised L, but I've never seen it reflected in spelling in such a way. Very cool!
I'm extremely curious - did you go for that spelling as an intentional stylistic variation, or was it a typo reflecting your usual pronunciation?
Linux people are very resistant to this, but the future is going to be sandboxed iOS style apps. Not because OS vendors want to control what apps do, but because users do. If the FOSS community continues to ignore proper security sandboxing and distribution of end user applications, then it will just end up entirely centralised in one of the big tech companies, as it already is on iOS and macOS by Apple.
reply