Just because he is an idiot who never worked a day in his life and so doesn’t know that your productivity goes down significantly without relaxation that doesn’t mean that anyone should listen to that drivel.

But that is boring, that might actually solve the problem and doesn’t have any hype keywords to get anyone to overvalue your company and buy it.

I guess the local sales organizations couldn’t let online stores have take over the entire dystopian market.

Don’t be silly. Porn sites could permanently scar kids for life when they see a nipple, obviously they need much better protection than something benign like shipping explosives to their house /s

Because it is currently the most advanced way to pretend you are doing age verification when really you aren’t that is available on the market.

I hate AI as much as the next AI-sceptic but that argument is just nonsense. We have plenty of machinery and other company owned assets already that could injure a human being without a direct human intervention causing the injury. Every telephone pole rotting through and falling on someone would legally be a similar situation.

“Don’t be evil”…

Honestly, recommendation engines are literally the most primitive shit, especially the ones by large companies.

Audible keeps recommending part 3 or 4 of series where i haven’t heard part 1 or 2 or tells me there is a new title in my “favorite series”, i.e.g the one where I just stopped listing half-way through a book to instead listen to something else.

Amazon also still hasn’t fixed that simple thing where it keeps recommending you a second e.g. washing machine because you recently bought one.

Google recommendations were literally better 10 years ago than they are now though I suppose AI is partially to blame for that one but even before that it “helpfully corrected” searches frequently away from what I was actually looking for just because the term was similar to a more popular one.

I don’t doubt that they feed it all kinds of tracking data but the actual algorithm that does anything with that data is literally about as primitive as the “chosen by fair dice roll” XKCD.

Considering they are not even capable of removing video recommendations for videos you literally just finished watching on Youtube I doubt it.

The rationale is that it’s better for them if they use their software without payment instead of using a software from another vendor without payment.

More importantly it is better for the company if they use their software without payment instead of developing some sort of competitor (open source or proprietary).

There might not have been those kinds of bugs in sysvinit itself but the shitty quality init scripts it encouraged people to write certainly had thousands of security issues.

To be fair USB sticks and SD cards seem to fail when you stare at them a bit too intensely. I think it has been at least a decade since I bought a USB stick for OS installations that lasted for more than three installs (each a few months apart at least since the need does not arise that often).

With all the UI changes on every version in the last few years that simply isn’t true. Windows is becoming harder and harder to use even if you know what you are doing, much less if you don’t know half the computer related terminology.

You people don’t seem to grasp that I am already not running any commands on the server as root that do not require root. This is all about administrative tasks.

The difference is that the people involved there are adults and there is no equivalent to the parent responsible for their behaviour so a technical solution makes more sense there.

The vast majority of commands when debugging actual issues on the system or performing administrative tasks do require root. Out of the others some give you incomplete results when called as a regular user and 90% of the rest shouldn’t be run on the server in the first place if you can avoid it but directly on your client computer (e.g. looking up documentation).

I was aware of the login UID for auditd logging as a difference but as you say, that is only really helpful if the logs are shipped somewhere else or tampering with them is otherwise prevented for admin users. It is not quite the same but the auth.log entries sshd produces on login also contain the key fingerprint used to login these days so on a more limited scale you can at least tell who logged in when from those (or whose key but that is no different than whose account for the sudo approach).

you should consider doing it right from the start.

Do you have any advice on how to use the sudo approach without having a huge slow down in every automated process that requires ssh user@host calls for manual password entry? I am aware of Ansible but I am honestly very sceptical of Python tools since they tend to break easily and often from my past experiences and I would like to avoid using additional ones for critical tasks. Plus Ansible in particular seemed to be very late with their Python 3 transition, as I recall I uninstalled it when it was one of the last tools left that did not work with Python 3.

Any reduction in root access is beneficial.

Such as having fewer users who are allowed to use sudo to become root and whose compromise can thus lead to a root compromise?

That is only really true of you use sudo with a zero second password caching timeout.

I am asking why it is considered to be more secure for the use case where you aren’t limiting access to a few commands because it is access meant for all kinds of admin tasks, not just one specific one (as in access for the people who need to fix unexpected problems among other things).