• 0 Posts
  • 361 Comments
Joined 1 year ago
cake
Cake day: July 23rd, 2023

help-circle
  • And as long as you don’t need simple access to most features such as volumes. The podman implementation on not Linux leaves quite a bit to be desired for anyone trying to do more than just run a binary wrapped in a container. I’m not throwing shade because it’s FOSS and anything is better than Docker. Only Docker will work for a production-capable dev environment on not Linux unless podman’s development has exponentially increased in the last year since I tried to move a shop to podman on not Linux.




  • I think it’s a terrible decision because of this. The whole point of hubs is to get players together and interacting. Putting AH and mail around hubs requires many players together. Giving folks a mount means the hubs stop being hubs and contributes to the continued decay of the multiplayer aspect.

    Take this with a grain of salt. When I last played hubs still mattered. If that isn’t currently the case this is just old fart complaints.





  • Did we read the same article? DNS-01 challenges require updates to DNS. This means you need an API for your DNS. This means you now have to worry about DNS permissions in your application cert workflow. We’ve just massively increased blast radius! Or you could do it manually but that’s already failed.

    All of this is straightforward with infrastructure-as-code. While I don’t struggle with that, I’ve watched devs and sysadmins both stare blankly at this kind of thing for days at a time.


  • thesmokingman@programming.devtoTechnology@lemmy.world*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    20
    arrow-down
    2
    ·
    1 month ago

    If you’re using any work-related anything to post “anonymously” or talk to journalists, don’t. That Blind redirection is chilling yet it’s well within the capabilities of employers. The right way to talk to journalists like 404 is to find their anonymous contact details eg Signal using your own internet connection and your own device. Work computers can be monitored. Traffic on work computers or work VPNs can be monitored. Company email usage can be monitored. Company phone usage can be monitored. You don’t need to be incredibly private with a VPN over tor and anonymous services; you just need to not use company resources. Whether or not this should be legal is a different story; you just gotta know you have fuck all for privacy on company resources.

    I’ve only heard of Blind in passing; that corp email makes it too close to Glassdoor for comfort and it’s very clearly not private with that requirement.



  • AWS makes this impossible in a few places such as a fair number of ACM use-cases.

    I think your cert-per-session idea is interesting. We’d need significant throughput and processing boosts to make that happen, probably at least on the order of 10X computing speeds and 10X transmission speeds across the board minimum. These operations are computationally intense and add data to the wire so, for example, a simple Lemmy server with hundreds of users slows to a crawl and a larger site eg Mastodon goes to dialup speeds or worse. You can test at home by trying to generate an x509 self-signed cert before connecting to a website every time.


  • I read the Wires article for the first time just now to try and understand this article. I don’t really think it attacks SimpleX at all. I think it states the fact that nazis have moved to the platform, the fact that SimpleX is a very private platform, the fact that SimpleX claims to prevent extremist content and growth, the fact that extremist content is being spread and growing, and the fact that SimpleX is unaware of claims. As someone who has been following this discourse for decades, this is the kind of thing that gets published. There is a balance between privacy and extremism. Privacy-focused individuals like myself will always focus on the privacy provided there are tools to combat the extremism (where applicable).

    I feel like SimpleX is being defensive because their claims are not panning out. Their response calls out all of the things I feel were said in support of them while ignoring the actual critiques of their system. Not adding a backdoor? Great! That’s law and smart! Supporting groups of over a thousand posting extremist content?

    We never designed groups to be usable for more than 50 users and we’ve been really surprised to see them growing to the current sizes despite limited usability and performance

    SimpleX will remove such content if it is discovered. Much of the content that these terrorist groups have shared on Telegram—and are already resharing on SimpleX—has been deemed illegal in the UK, Canada, and Europe.

    This is the stuff that needs response, not the privacy stuff Gilbert is arguably a fan of.



  • Oh, so we run mesh networks across the ocean? Very interesting. I’m sure we’ll be able to just use a metal with fake value that has nothing to do with fiat currency to buy all the equipment we’d need to power all that. Is there a big Monero group out there with the coins to pay all those local installers? They’d probably need to define some standards for what a network would look like and how they connect and how the local installers how and who gets paid what and how the networks interact. Standards? Regulations? I’m sure there’s a word for some sort of governing body that does all that.


  • Wait, you want to use a private currency pegged to the value of gold which is pegged to government currency? That kinda sounds like government currency with extra steps.

    So instead using something we sort of agree has some value we should instead reject the government while using utilities it controls and regulates to access the internet it controls and regulates to use a currency susceptible to a 51% attack that could easily be executed by not just one but many governments? That’s a really novel idea. Do you have plans to run fiber across the oceans paying for everything with Monero so we can break free of these oppressive regimes?


  • Anyone in tech who knowingly works for Google supports these things in the same way that anyone that works in tech who knowingly works for Meta support genocide and the erosion of the democratic process. I give the caveat “in tech” because there are some roles like content moderation or executive assistant where you really don’t have the luxury of a huge market working almost anywhere else that doesn’t support genocide and I don’t fault those faults for taking a job that has better benefits. My engineering peers? I judge them for it.





  • The Security Online article only cites Margitelli’s post on the matter. My assumption has been the article used the post as its single source. On one hand, watching MS fuck shit up for years, I want to believe Margitelli. On the other hand, researchers using weird tools and uninterested in reality are why curl is now a CNA.

    I’m personally frustrated with Margitelli’s post because it’s all about abandoning responsible disclosure globally rather than naming and shaming (Canonical? Red Hat? Both? Others? If it affects all GNU/Linux I’d expect every single distro maintainer to be named and shamed). Responsible disclosure is our best solution to make sure innocent bystanders don’t get caught in the crossfire. When specific entities don’t abide by responsible disclosure we lambast those specific entities not the entire process built to keep users safe.