Not the person you originally asked, but the main reason is probably that referring to it as gnu/Linux is 1) already deeply associated with the Richard Stallman meme, to the point that referring to it in that way automatically comes across as either a joke or just a person being intentionally contrarian, and 2) just really weird sounding. In the minds of most people, there is no real reason to refer to it as GNU/Linux, because the actual operating system that does the things the operating system is expected to do - as in provide an API for syscalls, memory management, etc - is just “Linux.” That it’s routinely built alongside a set of core utilities designed and maintained by GNU is largely pointless. It’d be like referring to a hamburger as Buns/Hamburger or Buns+Hamburger. It’s just…weird.

If he wants to name it after something he loves, he could name it ApartheidOS, EmeraldMineOS, ApartheidEmeraldMineOS, etc. The possibilities are endless.

Realistically, he would call it ElonOS, hire a bunch of shitty systems programmers to cobble together a bullshit operating system mostly comprised of code stolen from other open source projects, insist that it be written in python because “python is critical to AI,” talk about how the OS integrates with AI seamlessly while having no actual AI in it at all, sell it with a tiered subscription that locked basic functionality, like being able to use the file system, behind a paywall, and then quickly abandon the project and fire everyone involved, having made no real money from the venture but still referring to it as a “triumph of engineering.”

A lot of people forget how overwhelmingly, insanely popular Musk was with way too online nerds. He was reddit’s golden child for years. Part of this is that whenever Disney started releasing the Marvel movies, beginning with Iron Man, Musk was front and center as the core inspiration for Tony Stark (yes, I’m serious, the director and Robert Downey Jr. basically went on record as saying as much) and he fucking milked that shit. It’s also important to understand that for a time he was seen as a forward looking entrepreneur whose business was “going to help save the planet by making electric cars so popular that every car manufacturer would switch to electric vehicle production to keep up.” If Musk was a genius at one thing, it was manipulating public perception of himself and his enterprises. It took years of him being a thin-skinned weirdo and massive corporate tool to undo the amount of positive sentiment he’d built for himself and Tesla.

It’s also how we got snap packages and apartheid, and I’m not even sure which of those is worse. (yes, I’m joking)

things in your things that you don’t want, didn’t ask for and are struggling to extract.

We have a word for these. It’s called “parasites.”

I read that as “should be trivial,” not “shouldn’t.” In my defense, I don’t have my glasses on right now. 🤓

In Linux you have to do sudo systemctl disable snapd, which produces a warning about snapd.socket. New users sometimes get a little freaked out about disabling stuff in systemd, especially after they find out what systemd is and does and how important it is. They’re afraid of bricking their installation and you have to be like “no, that won’t happen. Yes, I’m sure it won’t happen. No, you don’t need to reboot. Just replace disable with stop in those commands again and it won’t run anymore. Yes, I’m sure it’ll be fine.” So the commands are trivial, but the psychological toll of doing stuff via the command line that you perceive as dangerous, for truly novice Linux users, isn’t to be underestimated.

Linux is really just the kernel the OS runs on. What people dislike are some of the stupid choices a distribution’s maintainers make. Like, Ubuntu used to be a great entry-level operating system for people who wanted to get into Linux but didn’t want to ditch all the things they understood from Windows or MacOS. It provided a level of comfort and ease of use. Which is great, and something the Linux community needs. But then Canonical started injecting snap package bloatware with everything and it’s just a mess. You have as little control over snap updates as you do Windows updates unless you completely disable the service, which is hardly trivial for a new user.

Me, a Linux expert: “Cool. Do you, bro.”

Oh boy a semantic argument

It turns out the language you use can be semantically ambiguous or misleading if you phrase it incorrectly. Today you learned.

And any web dev who remotely understands the point of CSP and why it was created, should instantly have alarm bells going off at the concept of triggering arbitrary ajax via html attributes.

Oh, did you finally manage to fucking Google how HTMX works so you could fish for more reasons to say it’s unsafe? What you’re describing is not a particular concern to HTMX. If an attacker can inject HTML into your page (for example, through an XSS vulnerability), they could potentially set up HTMX attributes to make requests to any endpoint, including endpoints designed to collect sensitive information. But, and this is very important, this is not a unique issue to HTMX; it’s a general security concern related to XSS vulnerabilities and improper CSP configurations.

Do you know what the correct cure for that is?

PROPER CSP CONFIGURATION.

“HTMX doesn’t bypass CSP! It just (proceeds to describe the exact mechanism by which it bypasses CSP)”

Do you genuinely not understand that CSP works on the browser API level? It doesn’t check to see if your JavaScript contains reference to disallowed endpoints and then prevents it from running. I don’t know how you “think” CSP operates, but what happens is this: The browser exposes an API to allow JavaScript to make HTTP requests - specifically XMLHttpRequest and fetch(). What CSP does is tell the browser “Hey, if you get an API request via XMLHttpRequest or fetch to a disallowed endpoint, don’t fucking issue it.” That’s it. HTMX does not magically bypass the underlying CSP mechanism, because those directives operate on a level beyond HTMX’s (or any JS library’s) influence BY DESIGN. You cannot bypass if it if’s properly configured. Two very serious questions: what part of this is confusing to you? And, have you ever tested this yourself in any capacity to even see if what you’re claiming is even true? Because I have tested it and CSP will block ANY HTMX issued request that is not allowed by CSP’s connect-src directive, assuming that’s set.

CSP works on the browser API level - all HTMX does is what you could do yourself with any AJAX: send an HTTP request to an endpoint. If the CSP disallows that endpoint, it will fail.

Removed by mod

Just to be clear, are you talking about some kind of templating library that literally transpiles all the htmx logic and instead packs it into individual ajax logic in js files “per element”, such that you don’t need to serve htmx client side and instead you pre-transpile all the ajax logic out to separate files?

My brother in Christ, what the fuck are you talking about “transpiling HTMX” and “serving HTMX client side?” You don’t “serve” HTMX and there’s nothing to “transpile into JavaScript.” It is JavaScript. That’s like saying you “serve React client side” and “transpile JavaScript into more JavaScript.” Jesus, I feel like I’m taking crazy pills.

Cause the very start of my statements was that if we had something like that then HTMX would be fine, as a templating lib that transpiled out to html+js.

Oh, okay, so you don’t actually know what HTMX is or how it works, then? Because HTMX (https://htmx.org/) is a JavaScript library. Like, literally just a JavaScript library. It’s like…4000 lines of JavaScript. In fact you can read the source code for it here: https://github.com/bigskysoftware/htmx/blob/master/src/htmx.js. For some…insane reason you seem to think HTMX is its own language. It’s not. It’s…just a JavaScript library. There is no other language called HTMX. There is no other mechanism or tool called HTMX. No implementation or protocol or ANYTHING else. It’s just a small JavaScript library.

invoke arbitrary logic with html attributes

Once again, HTMX enhances HTML with various attributes declaratively. It utilizes custom data attributes in HTML (like hx-get, hx-post) to specify how elements on the page should behave - essentially, how and where to fetch data or submit forms without a full page reload. This is a form of declarative programming that tells the htmx.js library (which is just doing fucking AJAX) what to do when certain events occur (e.g., a click or a form submission). The actions (like the actual requesting of data from an endpoint) are performed by the code in htmx.js.

This is a fancy way of saying “if you stick an hx-get attribute on a button, then you can just say where you want a GET request to go to and what element you want updated with the HTML returned from it and htmx.js will parse that out on page load and set an event listener for the button click to know when to initiate an AJAX request to the defined endpoint.” If you had an hx-get attribute in an element in a page and that page didn’t have the htmx.js library loaded it would do literally nothing.

And, once again, HTMX, being a JavaScript library, operates under the same security constraints as any JavaScript executed in the browser. This means that:

1. HTMX’s scripts themselves must be loaded from sources allowed by the script-src CSP directive.
2. Any dynamic requests to load content or submit data initiated by HTMX are subject to CSP’s connect-src directive.

HTMX enables arbitrary invocation of ANY api endpoint with cookies included, through html attributes, which inherently can’t be covered by Content Security Policy

I want you to please explain how HTMX bypasses the Content Security Policy connect-src directive, or any -src directive, for that matter, assuming it is specified (which it should be). Because I’m genuinely curious why the HTMX dev team would include a section on CSP in their docs if it did literally nothing, as you say.

Actually, as an even more basic question…you do know that HTMX is literally just an AJAX library, right? It doesn’t actually “do” anything via HTML attributes. The additional HTMX attributes, like hx-get, hx-post, etc. just tells HTMX where and how to make the API requests. These requests are executed by the browser’s native fetch or XMLHttpRequest APIs, depending on compatibility and implementation. Therefore, HTMX is subject to the same security constraints and policies as any other JavaScript-based operation that makes HTTP requests. Which also, by definition, means that it adheres to the Content Security Policy directives configured for that website.

In other words, an HTML button element with hx-get=“https://www.some-endpoint.com/” on it would eventually translate into

const xhr = new XMLHttpRequest();
xhr.open("GET", "https://www.some-endpoint.com/");
xhr.send();

on click.

You do understand that, right?

Because :wq to me means “Issue command write, followed by command quit.” “Issue command x” to me means nothing in the context of vim, and ctrl + x on most systems is reserved for cutting, so it just “feels” wrong.

“You must hate your job because you think putting stickers on laptops is tacky!”

Touch grass.

I don’t talk about the specific details of my employment on the internet with strangers. Especially with those who are fishing for a fight in which I have little interest.

Extensively. Nobody has stickers on their laptops. Maybe that’s some “fresh out of college” shit.

I’ve never been in a corporate environment where stickers on laptops that weren’t branded for the company itself was considered acceptable or professional.