• 0 Posts
  • 50 Comments
Joined 1Y ago
cake
Cake day: Jun 13, 2023

help-circle
rss

syncthing also relies on a web server for device discovery, it’s just that you’re probably using someone else’s server instead of hosting your own.

Correct me if I’m wrong, but I also think that Vaultwarden itself doesn’t have access to the unencrypted password database. In that sense it’s E2EE similar to KeePass, the only difference being that KeePass is a desktop app and Vaultwarden a web app.


Nothing, this is not about that.

This change gives you the guarantee that .internal domains will never be registered officially, so you can use them without the risk of your stuff breaking should ICANN ever decide to make whatever TLD you’re using an official TLD.

That scenario has happened in the past, for example for users of FR!TZBox routers which use fritz.box. .box became available for purchase and someone bought fritz.box, which broke browser UIs. This could’ve even been used maliciously, but thankfully it wasn’t.


Being in alpha and having breaking changes is fine, the question is how many. My impression is that Immich seems to introduce breaking changes far more frequently than what people might be used to from other projects.

And that does go back to professionalism: The better you plan ahead, the fewer breaking changes you have to impose on your users.


Minio now describes itself as “S3 & Kubernetes Native Object Storage for AI” - lol

Guess it’s time to look for alternatives if you’re not doing ML stuff


I wouldn’t call criticism of their strategic focus “shitting on” Nextcloud. It obviously still does a lot of things right or at least right enough to be useful and relevant to many people, or else we wouldn’t be discussing it. But it has its issues and many of them have been unadressed for a long time, so why shouldn’t people voice their displeasure with that?



Giving some real 1984 vibes

War is Peace

Freedom is Slavery

Ignorance is Strength


There are quite a few mature projects in 0.x that would cause a LOT of pain if they actually applied semver

Depending on how one defines the “initial development” phase, those projects are actually conforming to semver spec:

Major version zero (0.y.z) is for initial development. Anything MAY change at any time. The public API SHOULD NOT be considered stable.


It really speaks for itself how you were the only one here feeling the need to insult other people.


After looking at the site and trying to determine what to download to get Debian with non-free (I’m unfortunately working with an NVIDIA card)

FWIW, Debian 12 now includes non-free firmware in the installation media by default and will install whatever is necessary.

I agree that the Debian website has its weaknesses, but beyond finding the right installer (usually netinst ISO a.k.a small installation image on https://www.debian.org/distrib/) there isn’t much of a learning curve. I started out with Ubuntu too, but finally decided that enough was enough when snap started breaking my stuff on desktop.


I’m not arguing about the fines themselves, those can indeed be scaled by revenue. I also agree that many fines should be higher to prevent companies from merely seeing them as an operating cost.

However, my point is that company revenue can’t be used 1:1 to pay off fines. That doesn’t take into account that revenue also has to cover all other operating expenses and taxes. As an example, the article states that Meta would take roughly 5½ days to pay off its fines, but taking the 23.42% profit margin into account a more realistic answer is 23½ days.


Revenue is the wrong metric for this type of comparison. Last I heard even big tech didn’t have a profit margin of 100%.



+1 for own domain and some email hosting service. That also makes it pretty easy to switch providers because you can simply point your MX records etc. somewhere else - no need to change the actual email address.

I can also recommend mailbox.org as an alternative to mxroute, they’re even a little cheaper at $3/month (mxroute is $49/year at minimum).


It’s perfectly clear that Israel is committing genocide against the Palestinians and if you support that, I’m sorry but you’re absolutely evil.

This “you’re either for Palestine or a genocide supporter” mindset is half the reason this conflict still exists, the other half is the “you’re either for Israel or a terrorist supporter” mindset. I’m sure it feels great to have a one-dimensional world view, but not everyone is either for or against one side.

All I was asking for is a source for your claim that Israel is spreading misinformation and that said misinformation is allowed to proliferate. The one source you provided is inadequate because it doesn’t have any proof of Israeli lies, it just says that Israeli-provided proof is inconclusive. Let alone your claim that the alleged misinformation is not removed…

We’re done here, clearly there’s no good faith discussion to be had.


You evidently had enough time to post elsewhere, so it’s not unreasonable to think you might’ve read my reply already.

How is the WP article showing misinformation? It basically boils down to “Israel alleged something and provided some evidence, but we think it’s not conclusive”. It does not show that Israel knowingly lied about anything, which is what you’re insinuating.


What do you base that claim on? The article doesn’t mention it.

Edit: Your silence is also an answer. Ironic, talking about misinformation and spreading it yourself…


Definitely agree that Kotlin is so much better than Java + Lombok, but it’ll take a lot of time for all the existing Java projects or migrate to Kotlin or reach EOL. In the meantime, it’s hard to avoid the occasional Java project…


Lombok will shrink the 200 lines of getters and setters to one or two. It has its own pitfalls of course, but IMO it’s definitely worth it.


Oh, I think we’re talking different orders of magnitude here. I’m in the <1TB range, probably around 100GB. At that size, the cost is negligible.


I do an automated nightly backup via restic to Backblaze B2. Every month, I manually run a script to copy the latest backup from B2 to two local HDDs that I keep offline. Every half a year I recover the latest backup on my PC to make sure everything works in case I need it. For peace of mind, my automated backup includes a health check through healthchecks.io, so if anything goes wrong, I get a notification.

It’s pretty low-maintenance and gives a high degree of resilience:

  • A ransomware attack won’t affect my local HDDs, so at most I’ll lose a month’s worth of data.
  • A house fire or server failure won’t affect B2, so at most I’ll lose a day’s worth of data.

 

restic has been very solid, includes encryption out of the box, and I like the simplicity of it. Easily automated with cron etc. Backblaze B2 is one of the cheapest cloud storage providers I could find, an alternative might be Wasabi if you have >1TB of data.


drive failure

Perhaps unintended but very much relevant singular. Unless you’re doing RAID 6 or the like, a simultaneous failure of two drives still means data loss. It’s also worth noting that drives of the same model and batch tend to fail after similar amounts of time.


Everyone seems more interested in nitpicking

Actually, not everyone in that thread is nitpicking. There’s one comment that’s just a helpful hint.

But yes, nitpicking is fun. I’ll see myself out.


Once again, you’re going off on an unrelated tangent. If you don’t want to listen, I can’t help you. We’re done here.


Funny how you claim to know so much about security but can’t even seem to comprehend my comment. I know root shell exploits exist, that’s why I wrote that it takes additional time to get root access, not that it’s impossible. And that’s still a security improvement because it’s an additional hurdle for the adversary.


I think you’re interpreting too much. Security is about layers and making it harder for attackers, and that’s exactly what using a non-root user does.

In that scenario, the attacker needs to find and exploit another vulnerability to gain root access, which takes time - time which the attacker might not be willing to spend and time which you can use to respond.


No problem. One more tip though: If you ever censor your public IP, don’t just censor the last two digits. Otherwise it will be easily brute-forced.


My preferred option is to have the VPS inside a VPC that blocks all external traffic by default. Then I can open up specific ports for specific IP ranges.

The reason I prefer this over a firewall configuration on the VPS itself is that the latter seems far more error-prone to me. For example, I’ve had problems in the past with ufw and Docker where container ports were still reachable even though access was denied via ufw.


If an attacker already has access to a system, they can use hitherto closed ports to communicate with C2 servers or attack other devices. In that case, a firewall that only allows known-good traffic will prevent further damage.


Most people will switch smartphones anyway

That’s the best case scenario, worst case scenario however you sell to someone who otherwise wouldn’t have switched. In that case, it’s still one more new phone. And who is guaranteeing that other people will actually use their Fairphone for its whole lifetime?

Better we get then hooked on fairphone then.

True, but I feel like selling your used Fairphone isn’t the solution to this.


There’s always the option to get a headphone jack adapter for USB-C. I haven’t used one personally yet, but I’ve heard it to be a viable alternative.


In general though the best thing is to just stick with your current phone if you can. Every new phone still consumes resources to produce and probably replaces some other phone which then has to be recycled or might even end up in a landfill.



Publishing everything on a blockchain means that everybody who’s running a node has access to a copy

I’m not sure that’s the case, although the article is rather vague. It says:

[…] the user must register with a node of their choice using their public key. Once registered, users can create channels and invite others to join. Each channel has a separate ledger hosted by the nodes. […] The data in the ledgers are encrypted, and the secret key is managed by the users of the channel.

IIUC, nodes will not have access to private keys, neither those from users nor those from channels. Users could use their keys to exchange the channel’s private key without the node getting to know it. I don’t quite understand how user’s would exchange their public keys without the node being able to play MITM, though…

Edit: Removed an irrelevant sentence from the quote



Honestly, I prefer an overly long name over some cryptic naming scheme that looks like minified JS. At least you can be sure of the variable’s purpose and don’t have to guess, which is far better for readability.


Just because you like Brave the search engine doesn’t mean you have to use Brave the browser. The two have no inherent connection.

Edit: While we’re on the subject of money, I’d be more worried about that Peter Thiel money Brave took. That man openly claims freedom and democracy to be incompatible and supports efforts to create independent libertarian societies on international waters and in space.


The fact that these allegations come in quick succession is rather logical, I’d say. It’s much harder to come out against someone who is a generally beloved public figure, so when the allegations finally start, many people see their chance to have their voice be taken seriously.


Also, it’s just a normal security measure. If pirating is illegal in your country it will always be better to encrypt the incriminating material in case of a search warrant.


Tbf, a lot of applications and tools provide installation scripts in lieu of more elaborate manual setup. Doesn’t make it safer, but if you want to install something, you have to trust the source with shell access at some point anyway.