I believe it's 1% for access to the "entire post-open ecosystem", rather than 1% per project which would be unreasonable. So you could use one or thousands of projects under the Post-open banner, but still pay 1%.

It will take years to develop the post-open ecosystem to be something worth spending that much on.

This really got me, thank you!

I for one am frequently so close to my very good friends that my nose is pressed against theirs, my eyes only able to see theirs, the world not existing around us, while discussing in a platonic way how their day is going.

That works until all* games come with root level anti cheat. It was the same with micro transactions which people still defend despite being utter shit.

• Realistically this will never be 100% but it will be enough of the mass market AAA games like CoD etc to mean that if you functionally want to play a game made in the last X number of years you will need to accept this or stop playing games altogether. I think most people will continue to play games. Most people will continue to install root level anti cheat, knowingly or otherwise, and all of them will get fucked by an exploit of that software. They may never even know about it.

Helldivers 2 does the same thing. If this continues it will be extremely advisable to move any non-gaming use-cases to a different computer as you have no idea what the "anti-cheat" is doing with that level of authority over your computer.

Literally just bought what I believe to be last generation's X13 on ebay for half the price of the new one. It's been great so far, especially with the power efficiency of Ryzen CPUs. My one complaint is the soldered RAM, which judging by the new lineup is getting phased out, thankfully.

My specific point here was about how this friend doesn't trust the results AND still goes to Google/others to verify, so he's effectively doubled his workload for every search.

I've had this argument with friends a lot recently.

Them: it's so cool that I can just ask chatgpt to summarise something and I can get a concise answer rather than googling a lot for the same thing.

Me: But it gets things wrong all the time.

Them: Oh I know so I Google it anyway.

Doesn't make sense to me.

I've been programming for too long, my brain just autocorrected the typo so initially didn't get the joke...

Again, this existed before AI. Typo squatting, supply chain attacks, automated package uploads, CI pipeline infection, they're all known attack vectors. That's not to say this isn't a concern, just that it's a known risk and the addition of "AI" doesn't, to my eyes, increase that risk. If your SSH keys don't require a password, you have taken the decision to make those keys less secure but more convenient to use. That's pretty much always the tradeoff in security.

The risk here is slightly overblown or misrepresented. Just because a fork exists doesn't mean that anyone has even read it, let alone run it on their system. For this to be a real threat they would have to publish packages with identical or similar names (ie typo-squatting) to public package repositories which this article didn't have any information on but which is a known problem long before AI. The level of obfuscation and number of repos affected is impressive but ultimately unlikely to have widespread impact to anyone besides GitHub.

My take (having neither but building a NAS in the background of other jobs) is that if you don't need the rack, don't buy the rack. If you already have a NAS and you really want to play with the power that a rack would give you, go for the rack. If you don't need it don't buy it, simple as.