NAS. Most things sit in downloads indefinitely, and I’ll randomly decide the folder is gross and unmanageable and put things into appropriate folders. Usually Documents gets the most sub-categories, with various significant life docs sorted by category and year. Pictures gets random art I made in a folder, pictures, memes and funny shit, etc also get their own folders.

Media downloads go straight to the NAS where they’re organized by Format/Category/Series/Name. As in Video/Movies/John wick/John wick 1. TV gets a season level in there.

Check engine light? That’s fine, if it goes wrong it’s just him. The high beams are dangerous, inconsiderate and just a dick move, but also something that could be done by mistake.

Flagrantly violating traffic control signs is dangerous to him, anyone in his vehicle, other drivers, and random passerbys. That’s a pretty big no-no, and worth reporting in the harshest terms on its own.

Would you have wanted previous riders to have reported that behavior before you got in the car? If you knew they were going to drive like that would you still have picked them as a driver?
If not, why would you let someone else be in the same situation you would take steps to avoid?

The notion of getting a special edition white one, then swapping the shell to a custom black is funny.

It’s actually because icecream has a defined air and fat content, and if you leave those guidelines you stop being icecream.

Changed with ice cream in general? No. But there are things that have been possible to add to ice cream for a while that do what you describe. It could be that you’re just starting to notice, you shifted brands, or the brand you liked shifted formulations.

Many people dislike the things that get added to ice cream, and so there are definitely brands out there that don’t include those things.
In my opinion the worst of the additives is not nearly as bad as a lot of people would make them out to be.

In the broadest sense possible ice cream is sugar, fat, water and thickener where the fat has been cooled to a solid and allowed to just start to re-form into a lump, the ice hasn’t been allowed to form crystals big enough to notice, and the thickener and sugars glue the fat and ice together such that they trap miniature air bubbles.
Some people insist that the fat and thickener have to come from cow milk in the form of milk fat and milk proteins, but that’s a bit pedantic for my tastes.

The easiest way to cheap out on ice cream is to add a lot more air. Since we sell it based on volume, if we churn more air into it we get more ice cream to sell for the same quantity of ingredients, and the only effect is that the ice cream is lighter, softer and fluffier.
There’s a legal maximum to how much air you can mix in though.

The next hurdle you run into is that milk proteins are actually kinda shit at keeping those air bubbles trapped. Adding things like guar gum or carrageenan will make it much gloopier and hold those air bubbles better.
This makes the ice cream last longer in a warehouse without the bubbles getting out and leaving your ice cream as a brick.

Next is rampant ice crystal spread, which can turn the ice cream into a brick in the warehouse. This can be slowed down using something called methylcellulose. It’s basically processed plant fiber ground into a powder. It’s also used in pills as the inert binder, and as a dietary fiber source.
It’s popular because is known to be safe and inert, it’s very cheap, it prevents ice crystal formation, and it has the fun quirk of getting thicker as it warms, for the added property of keeping your ice cream fluffy and areated as it warms up on your drive home.

Finally, you can tweak the fat blend. This one isn’t as common because milk fat is already insanely cheap since we subsidize the hell out of the dairy industry.
Changing the blend to use fats that are solid at higher temperatures does have utility for things you expect to be eaten slower, at higher temperatures, or if you want parents to not be mad that your ice cream makes kids extra sticky.

By far the biggest way that I’ve cream will save costs is by putting as much air in it as possible. It lets them sell you less in the same size box for the same price.
It’s a case where shrinkflation means making things bigger, which is fun.

The brands that didn’t take that route invariably rebranded as “premium” ice creams, so they can charge more for the same thing without raising consumer ire.

Someone near him has recorded it on their phone if he has, and is just walking around numbly aware that they have the Nixon tapes sitting in their pocket.

They’re using tap to pay, and having the stark reminder that they just bought a sandwich with something that could change the election be on the news for 30 minutes because no one expects him not to drop a hard N in casual conversation so it’s not as noteworthy as a woman politician laughing in public.

No, the president doesn’t have that power.

https://crsreports.congress.gov/product/pdf/LSB/LSB10655

https://norml.org/news/2021/11/11/crs-report-president-lacks-constitutional-authority-to-end-cannabis-prohibition-by-executive-order/?noamp=mobile

The president does not have the authority to unilaterally change drug classifications, only to nominate a DEA director who will engage in the defined process for changing the schedule of the the substance.

https://www.justice.gov/opa/pr/justice-department-submits-proposed-regulation-reschedule-marijuana

Which is what’s happened.

The president doesn’t have the power to change the law.

I wasn’t mocking your argument, I was agreeing with you and clarifying that my feeling was about who I’m most “irritated” with, not about responsibility or legal culpability.

My example was for simplicity, not mockery.
The power going out is the power companies fault, so I’m most mad at them. The store didn’t have a generator because they trusted the power company, so my cake got ruined. I’m still mad at them but less so because they weren’t the cause of the problem, even though they could have done more to prevent this from impacting me.
Culpability wise, I can only make demands of the store and hope that enough other people do so that they in turn demand answers from the power company.

There are actually a fair number of certifications, including ones from government agencies, relating to software development, deployment, and related practices. That so many organizations didn’t have the ones relating to protection from supply chain issues is distressing, to say nothing of it slipping through quality control in the first place.

Please, if you think we’re in a place in this thread where I’d be mocking you, re-read it with the understanding that I agree with you entirely on legal and structural issues, and at most just have a different opinion about where the balance of "fuck you"s go. I think I put more scorn towards the vendor because doing the thing is worse than failing to prevent the thing. Also, I work at a parallel company and so I’m more familiar with exactly how much you have to be fucking up for this to happen because I spent the last three days dealing with the more minor controls that prevent this from happening. Everyone has outages because you can’t prevent 100% of errors, but it’s on the vendor to build to the spec of their most sensitive customer and ensure that outages don’t keep a doctor from patient records.

Can’t fault you for feeling that way. I definitely don’t think anyone should be exempt from responsibility, I meant blame in the more emotional “ugh, you jerk” sense.

If someone can’t fulfill their responsibilities because someone they depended on failed them, they’re still responsible for that failure to me, but I’m not blaming them if that makes any sense.

Power outage or not, the store owes me an ice cream cake and they need to make things even between us, but I’m not upset with them for the power outage.

I’d love to know how you plan to do user mode packet filtering. Keep in mind that on Linux, the designated API is inherently kernel mode. https://netfilter.org/

This isn’t one of the cases where we’re talking about Linux being superior to windows. Any OS will be fucked if you give it a mangled kernel module. In this case, it’s just that only one got one.

Your perception that anything that touches the kernel is an intrinsic security risk is unfounded.

I mean, sure. But typically operating systems don’t expose that type of information to user space, instead providing a kernel interface with user mode configuration.

It’s why they use the same basic approach on mac and Linux.

The kernel is responsible for managing hardware and general low-level system operations. Anything that wants to do those things needs to get itself into kernel mode one way or another.

The typical way you do this is called a “driver” and no one thinks about them as being kernel code. Things like graphics cards and the like.

Things that want to do actions like monitor network traffic or filesystem activity system wide or in a lower level capacity than the normal tools provide also need to be kernel level.
In a security context, that specifically would include things that want to monitor raw packets rather than the parsed content that assumes the packet is well formed in a way that a malicious one might not be.

Cloudstrike does the same thing on Linux, and the typical tools for network management or advanced security are also either compiled in or loadable kernel modules.
It’s easy to forget that ip/ebtables and selinux and friends are kernel level software frequently distributed as kernel modules, in the case of the firewalls, or compiled in with a special framework and not just user mode software.

Also, it’s less about “their” drivers and more about what a kernel module can do.
Saying “there’s no way to know” doesn’t fit, because we do know that a malformed kernel module can destabilize a linux or mac system.

“Malformed file” isn’t a programming defect or something you can fix by having a better API.

Security operations being one of the things that is often best done at the kernel level because of the need to monitor network and file operations in a way you can’t in user mode.

That’s totally fair. :)

I work at a different company in the same security space as cloudstrike, and we spend a lot of time considering stuff like “if this goes sideways, we need to make sure the hospitals can still get patient information”.

I’m a little more generous giving the downstream entities slack for trusting that their expensive upstream security vendor isn’t shipping them something entirely fucking broken.
Like, I can’t even imagine the procedureal fuck up that results in a bsod getting shipped like that. Even if you have auto updates enabled for our stuff, we’re still slow rolling it and making sure we see things being normal before we make it available to more customers. That’s after our testing and internal deployments.

I can’t put too much blame on our customers for trusting us when we spend a huge amount of energy convincing them we can be trusted to literally protect all their infrastructure and data.

you cannot pull a Boeing and let people die

You say that, but have you considered the savings?

Nope, because they only shipped a corrupted windows kernel module.

It’s dumb luck that whatever process resulted in them shipping a broken build didn’t impact the other platforms.

Typically auto-applying updates to your security software is considered a good IT practice.

Ideally you’d like, stagger the updates and cancel the rollout when things stopped coming back online, but who actually does it completely correctly?

Yeah, it’s a crowd strike issue. The software is essentially a kernel module, and a borked kernel module will have a lot of opportunities to ruin stuff, regardless of the OS.

Ideally, you want your failure mode to be configurable, since things like hospitals would often rather a failure with the security system keep the medical record access available. :/. If they’re to the point of touching system files, you’re pretty close to “game over” for most security contexts unfortunately. Some fun things you can do with hardware encryption modules for some cases, but at that point you’re limiting damage more than preventing a breach.

Architecture wise, the windows hybrid kernel model is potentially more stable in the face of the “bad kernel module” sort of thing since a driver or module can fail without taking out the rest of the system. In practice… Not usually since your video card shiting the bed is gonna ruin your day regardless.

Sure, but they weren’t patching a windows vulnerability, windows software, or a security issue, they were updating their software.

I’m all for blaming Microsoft for shit, but “third party software update causes boot problem” isn’t exactly anything they caused or did.

You also missed that the same software is deployed on Mac and Linux hosts.

Hell, they specifically call out their redhat partnership: https://www.crowdstrike.com/partners/falcon-for-red-hat/