I'm Not sure that I agree that it is automatically safer to prefer apt or dnf, and I'm definitely sure that it is not safer to prefer npm.
Safety is about managing risk. One element of managing risk is evaluating trust. I'm thinking that there are much fewer people I have to trust by copying the curl | bash install method from homebrew's secure website.
But at any rate, I completely agree that piping a curl'd script directly to the shell should be considered unsafe, even if it's from a trusted source. It's quite easy to do additional checks to reduce your risk significantly for this type of attack. You could read the contents of your clipboard with a hex editor and check for non-ascii characters. But wait? How do I install the hex editor? Don't I need a hex editor to check the install method of the hex editor? AAAAH! It's turtles all the way down!!!!
Sure, the decision to "offload" some components is understandable, and sometimes preferred (crypto libs, etc). We're not all masters of every field.
But if you do it 200+ times I'll question what you're even trying to do.
You don't; you import 3-4 libraries that do what you need, each of them imports 10-30 libraries they need, next thing you know, you've got 100 dependencies.
I don't really see the big deal--for as long as I've been using Linux, which is over 20 years now, installing many packages requires pulling in dozens of other packages, themselves perhaps composed of multiple libraries... The problem is they come from cargo and not a distro? I get the problem with the language repos being more prone to supply chain attack than distro repos, but i don't really get the impression it was ever normal to build complete apps without dependencies.
The issue is HOW MANY. This simple utility is in the 100-200 range, Zed editor is in 2000+ range. C/C++ software you find in distros is not only stabilized by the unstable/testing queue, which language repos don't have and don't plan to have, but also has 5-10x less dependencies on average.
This is my attempt to answer your question about "what kind of algorithm can you implement to detect something dangerous". Disclaimer though, I agree that the proposed regulation is way too broad and will have unintended consequences as written.
If you look at how Apple detects contraband imagery, they hash every image that gets uploaded into the photos app. Those hashes are transmitted to servers that compare them to hashes of known contraband.
A similar system could theoretically be used for STL files. So it isn't about detecting exact shapes, it's about preventing printing of STL files that are already known to be dangerous. This would make it harder to illegally manufacture parts for weapons because it would make it much harder to share designs. If you didn't have the knowledge or skill to design a reliable FCU, you would have to find a design someone with that knowledge and skill created - which the printer could theoretically detect with a cryptographic signature.
As the original author of the post pointed out though, this could and would be bypassed by actual criminals. As with most things like this, it's probably impossible to prevent entirely, only to make it more difficult.
> If you look at how Apple detects contraband imagery, they hash every image that gets uploaded into the photos app. Those hashes are transmitted to servers that compare them to hashes of known contraband.
You're spelling out a specific process in detail--which is the only reason I'm picking on details. Do you have anything documenting what you're describing?
From what I remember, Apple's system was proposed, but never shipped. They proposed hashing your photos locally and comparing them to a local database of known CSAM images. Only when there was was a match, they would transmit the photos for manual confirmation. This describes Apple's proposal [1].
I believe what did ship is an algorithm to detect novel nude imagery and gives some sort of warning for kids sending or receiving that data. None of that involves checks against Apple's server.
I do think other existing photo services will scan only photos you've uploaded to their cloud.
I'm happy to make corrections. To my knowledge, what you're describing hasn't been done so far.
Aah okay - I remember it being proposed, but perhaps I wrongly assumed it had shipped. I do wonder sometimes if Apple is doing anything that we aren't privy to with photos that end up in iCloud.
Its fair not to trust Apple or any company, but Google and a lot of companies were scanning the cloud versions without the negative press Apple got. My understanding is Apple proposed scanning on-device because images were encrypted in the cloud. Uploading and have manual review process seems like a big ongoing cost.
Personally, I dont think Apple is doing anything with photos it stores in the cloud.
Like the first article says, technically they could, because they store the encryption key for user-convenience. Turning on Advanced Data Protection should take away their ability to decrypt photos. But there are a whole bunch of caveats if you're talking about all cloud their data and that has changed over the years.
Ok that works for STL files, but printers don’t print STL files they print g code. G code is generated by slicers, and depending on your printer and settings the g code will be different.
Is this law obligating printer manufactures to lock down their printer to slicers that can do the STL naughty check?
what part of the dangerous part is the actually dangerous part?
its a framing trap to think you have to print or cnc the whole thing in one job.
split it up into many smaller jobs, each one not looking dangerous, rezero start the next section as if its a new job, spiff it all up with a session of crank and curse finishing, and the blockade is meaningless.
Thank you for this comment! I knew it was something like this. I've been using it in the VSCode terminal, but you're right, the ANSI terminal just doesn't work. I wasn't quite sure why!
Living without it isn't hard IMO. It's more of a convenience. Most of the servers I ever login to only have one non-root user anyway. When I need root, I switch to root.
Interesting - The petroyuan was not on my radar at all.
https://ipr.blogs.ie.edu/2025/06/27/geopolitics-of-oil-how-c...: This article explores case studies such as Russia, Iran, and Venezuela, illustrating how the petroyuan has been implemented to bypass sanctions and reduce dependence on US financial systems.
Good read though. Thinking about C as not just a language but also a protocol is a different perspective that is useful for the mental model.
reply