Or don't allow characters other than ASCII characters in file names

No.. these days people put Emojis in their web page titles or filenames, And as a filesystem it is your job to let the user save the file using the Name they wish to use. Thus I would say prohibiting specific characters is unacceptable.

My suggestion would be to prohibit case-insensitive filesystems.

There could be an optional case-insensitive search API offered to applications instead.
And an optional mounting option for the files APIs to reject any creation or renaming of a file that would result in two different files to having names that are case-insensitively the same with an error to create or error to rename/move.

Allowing you to have a protected case-insensitive search option, but the practice of silently treating two different filenames as the same would not be used

Trump's loyalists can flood them with lawsuits.

Loyalists might want to, but you can't sue a company over their 501c3 status. You must have standing in order to file a lawsuit. And the public face of Wikimedia is Wikipedia which is a publication that gets 1st amendment protections, so..

If you are bitten by a dog, do you file a complaint against the dog, or against its owner

Both.

At first you call 911 or animal control's emergency numbers to report the dog bite and identify the animal, so that they can get police and responders out to seize and subdue or capture the animal. They will either exterminate the animal or take them into custody.

There is a government proceeding against the property, and the government will likely formally forfeit and euthanize the animal.

So at first your initial complaint is against the dog, but the owner will be identified, and your civil lawsuit is against the dog's owner, since they are the ones strictly liable for the dog's actions in civil court.

In 1930's Germany, you could say anything you want about the Führer, as long as it was pleasant.

Even then could still say anything no matter what, so long as you did it quick, but there might be consequences. If you took too much time saying unpleasant things, there would be a chance of being cut off abruptly.

Communist China or Sovient russia had more successfully working "checks and balances" than the current US goverment has against the executive branch right now.

It's not about rational solutions to better moderation, but intimidation to encourage Wikipedia staff to promote MAGA

What intimidation? The US Attorney has no power or authority to decide whether Wikipedia meets the requirement for a 501c3 or not.

Their only power is to attempt to investigate and charge them with an offense if they believe Wikipedia has fraudulently claimed 501c status. Which is an extremely tall order, and unlikely to get anywhere.

The requirement for 501c3 status is about the Organization's purpose and use of funds for activities, and their organization's activities either meet the requirements or not; It's not a question of whatever the Attorney general feels an appropriate outcome from their work would be.

There is no argument that Wikipedia's resources aren't spent on a charitable purpose as defined in 501c3. It doesn't matter whether you love the outcome of their work or believe they are woefully incompetent. Because it does not matter. Success in your endeavor or meeting some quality standard (such as successfully preventing all unwanted conduct by your volunteers or within your venue) is not a requirement for 501c3 status. As a charity you can be a complete failure that never helped what you set out to do at all whatsoever, and you're still a valid 501c3, so long as you are organized for a charitable purpose and spend your funding in pursuit of that purpose.

They are not. No investors or ledners will be able to justify financing the capital necessary to construct extra manufacturing infrastructure or jobs in America. The environment is far too unstable, and the risk is too extreme. The only way this will happen right now is if the US government itself starts paying out hundreds of trillions of dollars to finance business development in the US.

and I think Ubuntu might have io_uring disabled by default, too.
Eh?

Linux s1 6.8.0-57-generic #59-Ubuntu SMP PREEMPT_DYNAMIC Sat Mar 15 17:40:59 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
root@s1:~# lsb_release -sd
No LSB modules are available.
Ubuntu 24.04.2 LTS
root@s1:~# grep URING/boot/config-$(uname -r)
CONFIG_IO_URING=y
root@s1:~# sysctl -a|egrep uring
kernel.apparmor_restrict_unprivileged_io_uring = 0
kernel.io_uring_disabled = 0
kernel.io_uring_group = -1

This has been known since at least 2023. Android doesn't allow apps to use io_uring
Yeah, about that... Android uses their SELinux policy to restrict access to io_uring, so that only trusted system apps can use it. It sounds like some of these system apps do actually benefit from uring and require it. So maybe SELinux is a bad example to be using here, since it doesn't really "break" SELinux. SELinux cannot monitor what uring is doing with granularity. It is up to the admin to choose a proper policy for their SELinux setup. The negligence many people run into is just adding complicated security software and leaving Default system policies that came with your system or apps in place.

ChromeOS has io_uring disabled completely

Google disabled uring in ChromeOS not because of a vulnerability, but because it is Very useful for attackers after exploitation; Most of the attacks would use uring after already compromising the system, and they have not found a means to sandbox uring to mitigate damage following successful attack.

This is why we have things like SELinux to give more fine-grained control over what things running as root can do.

Except when SELinux is not very fine-grained, because SELinux is not necessarily aware of every application and kernel addon. Since SELinux is an extension and not a core part of Linux.. It's kind of the job of a Sysadmin who has installed and chosen to use the SELinux kernel extensions and addon software to make certain that SELinux is aware and compatible of every component of your particular kernel and has suitable policies defined.

Redhat has come to mind as the only distribution that provides SE Linux as available by default, and a huge issue with Redhat is Every 3rd party piece of software you'd actually need to put on your system to use it in the real world tells you to turn off SELinux as a required install step. And even if you don't the admin retains the burden of defining a whole detailed systemwide MAC policy, whereas few bother to do so.

Consider a mail delivery agent. It needs to run as root because it has to be able to change uid/gid to the user that it's delivering mail for to access their mailbox

Except a mail delivery agent doesn't need root at all. SELinux is not necessary. And this software is not designed to require SELinux to be secure or avoid such situations, in the first place. Generally you would design this service to run between dedicated users for example a postfix:mail user and a nobody:nogroup user.

Changing UIDs does not require root access anyways; the privileged portion of your service IF you have one: only requires certain features which can be sectioned using the uid, euid, gid, egid, suid, and sgid, filesystem ACLs, and POSIX Capabilities list of the process.

You can have a single process running as postfix:mail whose sole purpose in life is to Open a user's mailbox file and transfer control over a writable descriptor to that open file using sendmsg() over to the separate MDA process which runs as nobody:nogroup.

You can also have the Mailbox files grant group ownership to the mail group allowing the system mail daemon to write the mailbox file where the MDA program runs as a member of the 'mail' group, and the mail group is granted through Ext3 filesystem ACLs group write access to user mailboxes.

Choose a secure MDA, and the only time a part of it has to run as root is while your system is running its init unit during system boot.

It's also enabled in Ubuntu 24.04.2 LTS' kernel 6.8.0-57-generic.

Also.. Linux "Security" is Not 3rd party antimalware programs that monitor syscalls.

No Linux security has been defeated by the existence of the rootkit. Security was defeated when an intruder gained root.

Security is the kernel's permissions and access control models. Things like non-root processes not having access to execute privileged operations.

It sounds like the only thing that has been bypassed are EDR programs; tools such as Crowdstrike, Palo Alto Cortex, Microsoft Defender, Carbonblack, SeintnelOne which are not Linux security but Enterprise tools which attempt to monitor Linux systems.

Well in that case they could just use A-Z AND 0-9 in all character positions.
There is no need to designate a pattern of "3 letters then 3 numbers"

You can encode 31 bits of data in that which provides 2 billion unique character combinations instead of 17 million unique sequences.
.
This also allows a much sparser allocation of valid numbers across the available sequence space, so you can make it much harder for some random fraudster to guess random license plate numbers constructing fake plates and happen to choose a valid assigned number by luck alone.

two somethings attached to your car that can be used to report back

Automatic plate readers already have their own law, see 1798.90.51 restricting their use by both public and private agencies that is even more-restrictive than the cookie laws.

A company might not want to use license plate readers or unauthorized scanning of RFID tokens, because the penalties are even harsher than indiscretions over cookies.

Besides, don't you know? On the internet, analogies must be based on automobiles

In your communication with an overseas company: you have a personal assistant whose name is Chrome or Firefox who takes your car overseas and back to make direct contact on your behalf with an overseas business.

In the course of business: the company mails back a Decal with a request to stick it to the bumper of your car; which your assistant automatically does, because it is consistent with your personal assistant company's policy.

Then every place your car goes can be reported back by different businesses and data about where you are driving gathered based on the code different businesses spotted on your car.

What's the point? This is not a pre-internet world. This is a more complicated world where Californians can send their information to other countries over various services, and nobody has to physically go anywhere. This is Also Interstate and Foreign commerce which is Not subject to the regulation of any state due to the US Constitution's dormant commerce clause.

The company doesn't enter a Californian's home or take data. It's more like the Californian packages their information up in a box (TCP Packet) and voluntarily connects to the outside server and mails out their information overseas. Generally once you mail documents out and the destination is outside your country; the original country no longer has any power over what the recipient does with them.

The Californian chose to run a web browser on their computer. The remote website deposited a bit of data in a message header, and the client's web browser by design sent data (the identifier) on subsequent page requests.

I would suggest adding @, $. #, %, and &. As possible numbers.

This would expand the space that consists of 3 numbers from 1000 to 3375; a 340% increase in the number of available sequences.