Things that mindbreak me
GnuPG
- Cannot customize
gpg-agent
socket location for GPG (since 2.1.13).- It is not customizable to protect me from myself.
- I might set the location that is writable by other users;
- A malicious user may create a fake agent listening where I expect to connect to;
- I would end up sending them my passphrase.
- It results in unresolved issues such as this.
- It is not customizable to protect me from myself.
Podman/Docker
- (Podman) Why does starting rootless containers require systemd lingering? (I don’t claim to understand how systemd and user logins/sessions work. Very possibly there is a valid reason for this - but I don’t know it.)
- How to deal with permissions for bind mounts to unprivileged containers? (Alternatively: why isn’t it standard to run as root inside containers?)
- Why does Podman (and seemingly Docker) add firewall rules behind my back?
- I have this problem.
- User says publishing a port (with
-p
passed to Podman) directly creates firewall rules which expose the port to the public, regardless of existing firewall rules. - Developer, as far as I can tell, effectively interprets the converse of the question - as if the user is asking Podman to open up firewall ports - and says they won’t do that.
- User responds with “no… but that’s exactly what I’m trying to say that you are currently doing”.
- No reply.
- User says publishing a port (with
- Same Docker behaviour?
- I have this problem.
Btrfs
btrfs subvolume get-default
printsERROR: Could not search B-tree: Operation not permitted
, which isn’t necessarily crazy, but searching this message returns 2 results (as of 2022 November 27) (I normally use Duck Duck Go, but showing the Google search here for completeness).- A user can
rm -rf
a (non-readonly) subvolume that he/she owns (and has write permissions on the containing directory), but cannotbtrfs subvolume delete
it.
Samba
- Cannot connect to anonymous share (i.e. without password) for “security purposes”.
- Cannot verify the identity of a server you are connecting to (and will send a password to) without Kerberos.
Golang
These are notes I made from last time I had to touch Go, and admittedly I was far from experienced in Go. I do hope to document these gripes better (perhaps understanding why they are the way they are), but I don’t particularly enjoy looking into/using Go, so these items are here as a copy of the quick notes I made before.
make
only for slices, channels, and maps.- slices can go from modifying an underlying array to modifying a new array.
- no const pointers, structs.
- no “implements”.
- import versioning.
- no method or operator overloading https://golang.org/doc/faq#overloading.
- no circular imports (as in, conceptually, the compiler should be able to read all declarations upfront).
- no optional type or pattern matching (ignored “decades of programming language theory”).
- no asserts.
no generics(finally added).