What happens in that case is that competitors copy your hardware and throw the open source firmware on it to undercut you. Consumers don't know how to differentiate your products without marketing/segmentation and OEMs mostly care about the BOM cost. It doesn't matter much that your competitors are 2-6 months behind because they're still killing the long tail sales that sustain a company.

Note that I'm still pro-open source, but I've seen this cycle play out in the real world enough times to understand why manufacturers are paranoid about releasing anything that might help a competitor, even if it benefits their customers.

Indeed. A friend who is more plugged into such things me told me 4-5 years ago they laid off most of the senior Intel network driver team. Basically the only edge they had. I can’t imagine things are any better these days.

Inertia is a hell of a thing, but you are starting to see the cracks form. I just don’t know if there is an alternative.

When? The Intel X710 series of network cards was released in 2014, and it wasn't until ~2018 that it became actually usable (end of 2018? I don't recall really, but when I stumbled upon it it had already been a public problem for more than a year, and it took a few more months for patches to come).

I'm talking things like full OS crashes while doing absolutely nothing, no traffic whatsoever or even better, silently starting to drop all network traffic (relatively silently, just an error message in the logs, but otherwise no indication, the interface still shows up as fine and up in the OS). It was all a driver issue (although both Intel drivers didn't work, so not only) that was later fixed.

After that, it was rock solid. But the fact that there was a high class network card sold for lots of money, on hardware compatibility lists at various vendors, which didn't work at all for pretty much everyone for more than a few years is disgusting.

A few attempts with chstgpt managed it: "Hardware companies writing software is like watching a train wreck in slow motion. Software companies? They just crash at regular speed."

Yes, I'm assuming that's exactly why OpenWrt is mentioned but it's very misleading.

The OpenWrt folks generally have good enough taste not to ship any drivers or userspace junk from vendor SDKs, though they do have a fair-sized set of backport patches on top of the (somewhat elderly) mainline kernels they do ship.

I'm running up-to-date mainline on my routers, not OpenWrt kernels. The mt76 support in 6.11 (and previously in 6.9 and 6.10) is complete enough that I don't need to carry any patches at all over what's in Linus' tree.

Sure, it's annoying and pedantic to nitpick someone's helpful answers and snippets. But sometimes the goal is to foster a better understanding, and reduce superstition and cargo-culting.

"sync<CR>sync<CR>sync<CR>reboot<CR>" became an idiom for various reasons. Then it became "sync; sync; sync; reboot" and deemed equivalent, which was missing the point that physically pressing "enter" introduced some human-length pauses into the process. Then "reboot(8)" incorporated those syncs, and "shutdown(8)" provided more flexibility, but the idiom persisted.

And to this day, the tier-1 support script says to clear your cookies and cache, try a different browser, factory reset your phone, disable firewall, disable AV, reboot your router, bypass your switch and plug in one device directly, wait 15 minutes and try again, and we've abandoned all attempts to understand, diagnose, or find root causes when the underlying systems are too diverse and complex to understand or keep your tech's expertise up-to-date.

'sudo su' is pure absurd but then how name naming it a "golf" ?? :)))

So maybe Perl is not so write-only after all ? ;)

I am not sure how passwords are relevant to the pointless chaining of two distinct commands, rather than invoking a straightforward "sudo -s".

People writing "sudo su" are simply imitating a common StackExchange idiom without knowing why.

"su" requires passwords unless invoked by root. "sudo" may be configured to permit/deny specific commands. So if you write that, then you're saying 'become root via the sudoers(5) config and then fork, exec, become root again via the setuid binary "su", in order to run an interactive shell.'

It's a poor habit to be promoting, because it assumes things about the configuration and suggests that "su" is equal to other particular "sudo" maintenance commands, when the point is simply to drop into a root shell, which is a facility provided directly by "sudo", if you'd only read the manual page and learn its options.

Nothing will stop you from invoking "sudo -s" without a password, without another fork/exec, without another suid utility carrying a significantly different authentication model.

I think you happened to miss the point about regulatory requirements that make this difficult/impossible to accomplish for the radio vendor. I think the proliferation of SDR is the only hope to change the broader regulatory culture but until that happens you're not going to see a shift.

I think it's also rich calling GPL compliance faux open source. There really is no true Scotsman.

I would agree. I would also say that when the secondary article contains a lot of value added above, the original, such as is the case here, the secondary source is better because it is easy to follow its link to the original if that's what you'd like to see.

I definitely agree with the guideline around favoring original sources, but this seems like a good time to deviate.

The point of the person you're replying to is that JVM software has far fewer vulnerabilities than it would have otherwise.

The number of CVEs reveals that there is a lot of Java software and that there's a strong culture of importing dependencies. But we also care about the nature of them, the normalized relative frequency of very serious flaws like RCE exploits.

A CVE list says nothing. I made my own language which has no CVEs, that obviously doesn't mean it's secure. The relevant metric is "CVEs per unit of functionality".

This is a nonsense statement unless you note the Java runtime. Java is a language. The runtime is the software that runs the Java code. There's more than one runtime.