Who else can survive for years on eating their own foot-skin? :-P

Great pick!

So many quotes from Casablanca are part of our everyday culture… and AFAIK it is the first movie ever to feature a flashback in a flashback. Combined with the awesome cast of actors this is a masterpiece. :-)

One is not enough, and a lot of great movies where already named, still, some great movies are missing:

• Heat (Michael Mann) Every single time I see it, it is brilliant and I discover something new
• Jin Roh (The original animation movie), awesome atmosphere and only after the 2nd viewing one can really appreciate it
• Near Dark (1987) Why the hell did nobody ever produce something like this ever again?
• Miami Vice (Michael Mann), ‘Style over substance’, in a great way, although I have the shaky camera
• Seven Samurai
• Casablanca
• Strange Days
• Point Break
• XXX (Nobody understood that it was a parody back in the days :-P)
• What we do in the shadows
• Brazil
• Rocky
• Eternal Sunshine …
• The city of lost children
• Leon the professional
• Dolls
• The Killer (The original of course)
• The last unicorn
• Dark City
• The thing
• The Lost Boys
• Spirited Away
• Donnie Darko
• Rashomon
• Brother (2000)
• Parasite
• Hatsukoi (First Love)

… from the top of my mind. :-P

Ah, the usual propaganda from the fucking content mafia and the lobbyists they bought:

“The takedown of Fmovies is a testament to the power of collaboration in protecting the intellectual property rights of creators around the world,” Knapp says.

“Strengthening intellectual property rights is an important element of the U.S.-Vietnam Comprehensive Partnership,” Knapper said

I’ll happily repeat again and again and again:

• If pirate sites offer a better user experience than your paid offerings, you don’t deserve payments at all
• The money goes mostly to some rich fucks, fucking shareholders, lawyers and bought politicians and and not to the artists/creators of the movies (with some exceptions for the really big names)
• I will very happily pay a service which is not shitty, not region locked, doesn’t annoy me with advertisement and is reasonably priced. The illegal sites are demonstrating that it is possible to sustain such an offer on advertisement alone. Don’t give me fucking bullshit that it is not possible for companies like Netflix while most of the subscription fees are going to shareholders and higher management instead into creating new content

Seriously, fuck all the politicians and governments which act against the benefit of most of their population to conspire with the content mafia.

FreeCiv is a classic and still fun. rogue and nethack are good, too.

there is no android phone that I am passionate about,

Not what you asked for:

A phone is a tool which should enable you to do stuff. Be passionate about friends, hobbies, art, not a piece of plastic.

Being forced to use iOS (work phone) and Android (Samsung, also work), both suck IMHO but Android sucks less.

My next Android will be a Pixel, as others suggested custom roms are the way to go, but even vanilla Android is more functional/open/practical for my needs than iOS.

I would never buy Apples shit with my own money: Dumped down, locked down and in the end you are renting a device from Apple to pay fees for their Appstore and Cloud offerings and vendor lock in. No thanks.

• Another vote for “Slay the Spire”, have bought it for all platforms and wasted too much of my time
• Horizon Chase Turbo is a very good arcade racer
• Danmaku Unlimited 2 and Danmaku Unlimited 3 for bullet hell shmups

Not arcade style, but Final Fantasy I-VI pixel remasters are IMHO great on phones.

Because we are men/gals of culture! :-P Hadouken! ;-)

Nice, I love Yakuza, really very special in the world of gaming! :-)

• Street Fighter 2 Turbo (Arcade)
• Chrono Trigger (SNES)
• Contra (NES)
• Dark Souls
• Warcrat 3 TFT (non remaster)
• OpenXCom with X-COM data
• XCom
• Slay the Spire
• OlliOlli
• Mark of the Ninja
• Yakuza0
• Horizon Chase Turbo

(No order, might be not exactly 10 :-P)

Nah, didn’t mind the meme!

I totally accept that Eclipse doesn’t work for and life is too short to waste it on tooling.

In that sense, good luck with your current & future setups and happy coding! :-)

Eclipse has its share of problems (and outdated UI and workflows), still I’ll happily use it over IntelliJ w/o hesitation.

Funnily enough, a lot of other (Java)Senior developers who tried both are fine with Eclipse, too.

Besides the astroturfing from IDEA which is really annoying, Eclipse integrates far better with standard build tools and is our last descend Open Source IDE (Netbeans effectively being a zombie at this time).

IDEA is already pushing/forcing their own solutions/build tools/etc. to up sell their shit, once Eclipse is gone, there will be no alternative and IDEA/IntelliJ will start the entshittifaction…

People really forgot what a shit show were the 90s, paying lots of money for commercial IDEs.

Golangs web server is production grade and used in production. (Of course everyone uses some high performance proxy like NGINX for serving static pages, that’s another story.)

Technically you are right that java has no production web server, which I don’t like, OTOH Java has standard APIs WebServers and Spring is the defacto standard for web applications. (I totally would not mind to move Spring into the OpenJDK.)

My point is simple: Instead of having Rust edtion 2020, 2021 etc. and tweaking the syntax ad infinitum, I’d rather have a community which invests in a good/broad standard library and good tooling.

The only platform widely used in production w/o a big standard library is Node.js/JavaScript, mostly for historical reasons and look at the problems that Node.js has for a decade now because of the missing standard library.

Easily, just look at the standard libraries of Java/Python and Golang! :-P

To get one thing out of the way: Each standard library has dark corners with bad APIs and outdated modules. IMHO it is a tradeoff, and from my experience even a bad standard library works better than everyone reinvents their small module. If you want to compare it to human languages: Having no standard library is like agreeing on the English grammar, but everyone mostly makes up their own words, which makes communication challenging.

My examples of missing items from the Rust standard library (correct me, if I am wrong, not a Rust user for many reasons):

• Cross platform GUI library (see SWING/Tk)
• Enough bits to create a server
• Full set of data structures and algorithms
• Full set of serialization format processing XML/JSON/YAML/CVS/INI files
• HTTP(S) server for production with support for letsencrypt etc.

Things I don’t know about if they are provided by a Rust standard library:

• Go like communication channels
• High level parallelism constructs (like Tokyo etc.)

My point is, to provide good enough defaults in a standard library which everybody knows/are well documented and taught. If someone has special needs, they always can come up with a library. Further, if something in the standard library gets obsolete, it can easily be deprecated.

Digital, unless I really want the book and it is only analog.

The analog form factor of books is IMHO much nicer, and I understand everyone who doesn’t like digital books.

Stil, for me going digital beats analog:

• Having books always in my pocket, I never wonder what to do if I have to wait somewhere
• Going for work/leisure travel, always fully stocked with interesting reading material
• Learning from books and making notes? Digital makes it far easier
• I mostly read English books for learning and in my country one has to pay a heavy surcharge for English books

I also have to say, Amazon really earned all the critic it gets, but their Kindle apps and physical devices are awesome. It is easy to buy DRM free books and read/sync them with Amazon kindle infrastructure (send to device etc.).

THIS.

I do not get why people don’t learn from Node/NPM: If your language has no exhaustive standard library the community ends up reinventing the wheel and each real world program has hundreds of dependencies (or thousands).

Instead of throwing new features at Rust the maintainers should focus on growing a trusted standard library and improve tooling, but that is less fun I assume.

Perhaps I don’t understand your point. If I understand your point in the sense that there are also issues with firewalls and that one always has attack vectors against usable systems, I fully agree with your remark. My point is simply, as a rule of thump a firewall usually mitigates a lot of attack vectors (see my remark about LIMIT for ssh ports elsewhere). Especially for client systems having a firewall which blocks all incoming traffic by default is IMHO high payoff for almost no effort.

I think I get you and the ‘theory vs. practice’ point you make is very valid. ;-) I mean, in theory my OS has software w/o bugs, is always up-to-date and 0-days do not exist. (Might even be true in practice for a default OpenBSD installation regarding remote vulnerabilities. :-P)

Who migitates for timing attacks? I don’t think this is included in the default setup of any of the commonly used firewalls.

fail2ban absolutely mitigates a subset of timing attacks in its default setup. ;-)

LIMIT is a high level concept which can easily applied for ufw, don’t know about default setups of commonly used firewalls.

If someone exposes something like SSH or anything else w/o fail2ban/LIMIT IMHO that is grossly incompetent.

You are totally right, of course firewalls have bugs/errors/miss configurations… BUT … if you are using a Linux firewall, good chances are, that the firewall has been reviewed/attacked/pen tested more often and thoroughly than almost all other services reachable from the internet. So, if I have to choose between a potential attacker first hitting a well tested and maintained firewall software or a MySQL server, which got no love from Orcacle and lives in my distribution as an outdated package, I’ll put my money on the firewall every single time. ;-)

You’re right. If you don’t open up ports on the machines, you don’t need a firewall to drop the packages to ports that are closed and will drop the packets anyways.

Sorry, hard disagree.

I assume you are assuming: 1.) You know about all open ports at all times, which is usually not the case 2.) There are no bugs/errors in the network stacks or services with open ports (e.g. you assume a port is only available to localhost) 3.) That there are no timing attacks which can easily be mitigated by a firewall 4.) That software one uses does not trigger/start other services transitively which then open ports you are not even aware of w/o constant port scanning

I agree with your point, that a server is a more controlled environment. Even then, as you pointed out, you want to rate limit bad login attempts via firewall/fail2ban etc. for the simple reason, that even a fully updated ssh server might use a weak key (because of errors/bugs in software/hardware during key generation) and to prevent timing attacks etc.

In summary: IMHO it is bad advice to tell people they don’t need a firewall, because it is demonstrably wrong and just confuses people like OP.

Seriously, unless you are extremely specialized and know exactly what you are doing, IMHO the answer is: Always (and even being extremely specialized, I would still enable a firewall. :-P)

Operating systems nowadays are extremely complex with a lot of moving parts. There are security relevant bugs in your network stack and in all applications that you are running. There might be open ports on your computer you did not even think about, and unless you are monitoring 24/7 your local open ports, you don’t know what is open.

First of all, you can never trust other devices on a network. There is no way to know, if they are compromised. You can also never trust the software running on your own computer - just look at CVEs, even without malicious intentions your software is not secure and never will be.

As soon as you are part of a network, your computer is exposed, doesn’t matter if desktop/laptop, and especially for attacking Linux there is a lot of drive by attacks happening 24/7.

Your needs for firewalls mostly depend on your threat model, but just disabling accepting incoming requests is trivial and increases your security by a great margin. Further, setting a rate limit for failed connection attempts for open ports like SSH if you use this services, is another big improvement for security. (… and of course disabling password authentication, YADA YADA)

That said, obviously security has to be seen in context, the only snake oil that I know of are virus scanners, but that’s another story.

People, which claim you don’t need a firewall make at least one of the following wrong assumptions:

• Your software is secure - demonstrably wrong, as proven by CVEs
• You know exactly what is running/reachable on your computer - this might be correct for very small specialized embedded systems, even for them one still must always assume security relevant bugs in software/hardware/drivers

Security is a game, and no usable system can be absolutely secure. With firewalls, you can (hopefully) increase the price for successful attacks, and that is important.