Hear, hear!
Upvote this please.

I recently stumbled over https://ente.io/ . It can even be self-hosted, because it's open source. It looks promising, though I haven't had time to try the self-hosting yet.

Of course not.
The ancient and still trusted solution is to:
- Create a new user account for that, give the password to that account to the user in question.
- Create a shell script that performs the actions without introducing security issues.
- Put that script as the login shell for that user.
Q.E.D.

Sudo is for whimps.
Trying to rewrite it to be memory safe is like mandating safety goggles for chainsaw operators.
Will it make it safer to use it? Sure, slightly.
Was it safe to begin with? Not really, handling chainsaws is hazardous to begin with.

I've installed Debian Mate desktop on my parent's PC around 2008. No issues since then. All maintenance (if any) was remote. They reboot their PC not more often than once every hundred days or so.

/etc/apt/preferences is your friend. Using a carefully weighted preferences file, I manage to keep dozens of Debian desktops smoothly upgraded and updated for the past 15 years. Never had to reinstall. For all packages you can mix-and-match which ones you pick from oldstable, stable, testing or unstable. The system will graciously adapt and allow all versions and dependencies to peacefully coexist.
My /etc/apt/preferences is attached:

Package: *
Pin: release a=stable
Pin-Priority: 700

Package: *
Pin: release a=testing
Pin-Priority: 650

Package: *
Pin: release a=unstable
Pin-Priority: 600

I'm very happy with Debian on desktops (for the past 15 years).
For all servers I migrated to Devuan, perfect for avoiding systemd.

The kids use Snapchat mostly, for this, these days.

Asperger's sufferers, by definition, are exceedingly rational, actually.

True indeed.

However, in the mainframe days this could have been a common thing, because the data had been shelved on tapes, and is therefore inaccessible quickly by sheer latency to mount and read all the tapes.
Mainframe setups are slowly disappearing though.

True. However, in most organisations I find that they have not siloed at all. It's a very rare practice.

I always find it highly ironic that organisations always seem to claim that the amount of data copied/leaked is limited to ... (fill in any random limited scope).
The problem with data is that when it is copied, it does not easily leave a trail like with a normal house burglary where you can simply count the number of items missing from your known inventory.

So basically, unless you have an independent firewall that logs ALL outgoing traffic in unencrypted form, it is impossible to say anything definitive about the (limited) extent of some data breach.

Quite. I always considered sudo a security risk.
Sane admins either use su, or write a setuid program in C.
I have no sudo installed on my systems.

It's like complaining that the biggest problem with books is that you can read them and/or (god forbid) copy them.

Since the dawn of times, the single thing that protects against this "biggest weakness" is the ability to inspect the copy/fork, and then, by using your brain, decide if the copy/fork is any good (inspect the commits).

In general, the best solution to show authority, is to selfhost the git repository on your own domain/url/server, and not use something like Github.

Finally a clear analysis.

Search for "crossing english channel" "world record", and you should find Rob and Morgan Wylie.