Things that mindbreak me

GnuPG

• Cannot customize gpg-agent socket location for GPG (since 2.1.13).
  • It is not customizable to protect me from myself.
    • I might set the location that is writable by other users;
    • A malicious user may create a fake agent listening where I expect to connect to;
    • I would end up sending them my passphrase.
  • It results in unresolved issues such as this.

Podman/Docker

• (Podman) Why does starting rootless containers require systemd lingering? (I don’t claim to understand how systemd and user logins/sessions work. Very possibly there is a valid reason for this - but I don’t know it.)
• How to deal with permissions for bind mounts to unprivileged containers? (Alternatively: why isn’t it standard to run as root inside containers?)
  • This guy gets it.
• Why does Podman (and seemingly Docker) add firewall rules behind my back?
  • I have this problem.
    • User says publishing a port (with -p passed to Podman) directly creates firewall rules which expose the port to the public, regardless of existing firewall rules.
    • Developer, as far as I can tell, effectively interprets the converse of the question - as if the user is asking Podman to open up firewall ports - and says they won’t do that.
    • User responds with “no… but that’s exactly what I’m trying to say that you are currently doing”.
    • No reply.
  • Same Docker behaviour?

Btrfs

• btrfs subvolume get-default prints ERROR: Could not search B-tree: Operation not permitted, which isn’t necessarily crazy, but searching this message returns 2 results (as of 2022 November 27) (I normally use Duck Duck Go, but showing the Google search here for completeness).
• A user can rm -rf a (non-readonly) subvolume that he/she owns (and has write permissions on the containing directory), but cannot btrfs subvolume delete it.

Samba

• Cannot connect to anonymous share (i.e. without password) for “security purposes”.
  • You might connect and upload sensitive data or download a virus, as if that’s not exactly what is possible on all of the internet.
• Cannot verify the identity of a server you are connecting to (and will send a password to) without Kerberos.
  • I want to verify the identity of a server before connecting.

Golang

These are notes I made from last time I had to touch Go, and admittedly I was far from experienced in Go. I do hope to document these gripes better (perhaps understanding why they are the way they are), but I don’t particularly enjoy looking into/using Go, so these items are here as a copy of the quick notes I made before.

• make only for slices, channels, and maps.
• slices can go from modifying an underlying array to modifying a new array.
• no const pointers, structs.
• no “implements”.
• import versioning.
• no method or operator overloading https://golang.org/doc/faq#overloading.
• no circular imports (as in, conceptually, the compiler should be able to read all declarations upfront).
• no optional type or pattern matching (ignored “decades of programming language theory”).
• no asserts.
• no generics (finally added).