Does this also delay delivery of security fixes? Is there an override mechanism for a log4j type event?

It delays everything. You can manually override some packages, but the community can't push through it.

RPM (YUM? DNF? RHEL?) lets me subscribe to security updates separately from updates. Does that concept exist in language distribution?

I don't know how it would. Hackers would just claim everything is a security update.

Unless maybe you give special permission to some trusted company to designate certain releases of packages they don't own are security patches... But that sounds untenable.

It would have to be handled by the repository owner(e.g. PyPI) similar to how quarantines are done.

In the office I have dual 24" monitors. At home I have a single 38" ultrawide. In desktop mode I almost never have one app taking up my full screen. In portable mode yeah, all full screen. The only exception is IDEs which get their own spaces and are basically self-contained tiling window managers anyway.

Does it also exclude researchers?

Only if they keep refusing to pay bug bounties!

TechCrunch misrepresented Apple's statement.

Yep. It's business as usual for that rag.

I don't see any bears around here. Bear patrol must be working like a charm.

Completely off topic. I went solo hiking in Azerbaijan in August of 2022, heading towards some hilltop castle thing I saw on Google Maps. Along the way I met some locals who invited me to join them. We got to the castle around midday and I was preparing to walk back to my car alone, and they all strongly advised against it. They said it was dangerous and invited me to go camping with them, which was pretty fun as they gave me my own tent, food, etc. While at the campground, one guy pulled out his phone to show me pictures of the local wildlife, including a big ol' brown bear. I was too stupid to think about what might eat me out in the woods alone, as I lacked the instinct to check for man-eating predators having grown up in an area where I didn't need to worry about such things.

Anyway, now I think about bears before solo hiking.

Careful, at some companies that kind of talk leads to discontinuing catered lunch.

I would not be working at one of those companies in the first place.

Monitors are a personal choice. My monitor doesn’t force anyone else to install yet another a chat app to talk to me. The choice of chat app has to be made centrally, or at least at an organizational level.

You get teams for free with office but how do you justify that logic when free office suites are available? You can’t justify your decision on functionality because that could also be used to justify the cost of Slack. If you’re actually considering cost vs functionality then it’s no longer a no-brainer.

At this point Apple isn't even Apple. Product ate the world. I don't remember the last time someone came to me with a customer problem to solve. It's all warring fiefdoms.

Perhaps AI is taking off because it is the only thing actually listening to customer problems.

Great point. Just last week I used AI to build a minimal replacement for a SaaS tool I’ve used in the past that has obnoxious feature gating/price tiers. My version isn’t nearly a complete replica, but it has the base functionality I want without having to feel like someone spent hundreds of hours perfecting price tiers with artificial limitations that annoy me just enough to upgrade.

Getting a tool that did exactly what I wanted with no fuss was delightful.

Monkey's paw curls: listening to customers, except literally and 24/7.

Best insight I’ve seen today, thanks for this!

Someone called it a number of years ago once each kind of brand new apple device couldn't plug into each other without a dongle.

It's like...like a game...of thrones...

Probably? But if you are then you’re certainly not using OpenBSD.