I have more important things to do than to lobby the government to send a tax bill.

Why would the CEO be dumb enough to say this in an interview? If your business model is fucking people, your CEO has to have a cool head when asked if he’s fucking people!

Did we read the same article? DNS-01 challenges require updates to DNS. This means you need an API for your DNS. This means you now have to worry about DNS permissions in your application cert workflow. We’ve just massively increased blast radius! Or you could do it manually but that’s already failed.

All of this is straightforward with infrastructure-as-code. While I don’t struggle with that, I’ve watched devs and sysadmins both stare blankly at this kind of thing for days at a time.

If you’re using any work-related anything to post “anonymously” or talk to journalists, don’t. That Blind redirection is chilling yet it’s well within the capabilities of employers. The right way to talk to journalists like 404 is to find their anonymous contact details eg Signal using your own internet connection and your own device. Work computers can be monitored. Traffic on work computers or work VPNs can be monitored. Company email usage can be monitored. Company phone usage can be monitored. You don’t need to be incredibly private with a VPN over tor and anonymous services; you just need to not use company resources. Whether or not this should be legal is a different story; you just gotta know you have fuck all for privacy on company resources.

I’ve only heard of Blind in passing; that corp email makes it too close to Glassdoor for comfort and it’s very clearly not private with that requirement.

Mullenweg is an original WP dev along with Mike Little. He’s fucking batshit and completely in the wrong but he did create the FOSS.

AWS makes this impossible in a few places such as a fair number of ACM use-cases.

I think your cert-per-session idea is interesting. We’d need significant throughput and processing boosts to make that happen, probably at least on the order of 10X computing speeds and 10X transmission speeds across the board minimum. These operations are computationally intense and add data to the wire so, for example, a simple Lemmy server with hundreds of users slows to a crawl and a larger site eg Mastodon goes to dialup speeds or worse. You can test at home by trying to generate an x509 self-signed cert before connecting to a website every time.

I read the Wires article for the first time just now to try and understand this article. I don’t really think it attacks SimpleX at all. I think it states the fact that nazis have moved to the platform, the fact that SimpleX is a very private platform, the fact that SimpleX claims to prevent extremist content and growth, the fact that extremist content is being spread and growing, and the fact that SimpleX is unaware of claims. As someone who has been following this discourse for decades, this is the kind of thing that gets published. There is a balance between privacy and extremism. Privacy-focused individuals like myself will always focus on the privacy provided there are tools to combat the extremism (where applicable).

I feel like SimpleX is being defensive because their claims are not panning out. Their response calls out all of the things I feel were said in support of them while ignoring the actual critiques of their system. Not adding a backdoor? Great! That’s law and smart! Supporting groups of over a thousand posting extremist content?

We never designed groups to be usable for more than 50 users and we’ve been really surprised to see them growing to the current sizes despite limited usability and performance

SimpleX will remove such content if it is discovered. Much of the content that these terrorist groups have shared on Telegram—and are already resharing on SimpleX—has been deemed illegal in the UK, Canada, and Europe.

This is the stuff that needs response, not the privacy stuff Gilbert is arguably a fan of.

Anyone in tech who knowingly works for Google supports these things in the same way that anyone that works in tech who knowingly works for Meta support genocide and the erosion of the democratic process. I give the caveat “in tech” because there are some roles like content moderation or executive assistant where you really don’t have the luxury of a huge market working almost anywhere else that doesn’t support genocide and I don’t fault those faults for taking a job that has better benefits. My engineering peers? I judge them for it.

This is actually true. Essentially a big drug manufacturer took down a scientist through a serious harassment campaign and blew him the fuck up when he finally snapped. In no large part to this coordinated glowup, published literature in the US agrees with the chemical manufacturer while it’s been banned in the EU for 20 years. The EPA might disagree with me that it’s true; the EPA and others funded in no small part by Syngenta refuse to look at things by Dr Hayes because he lost his cool a few times. Unfortunately Alex Jones further eroded the credibility of Dr Hayes but, imo, only because Syngenta actively deplatformed his research. Also Jones said some crazy shit about it.

The Security Online article only cites Margitelli’s post on the matter. My assumption has been the article used the post as its single source. On one hand, watching MS fuck shit up for years, I want to believe Margitelli. On the other hand, researchers using weird tools and uninterested in reality are why curl is now a CNA.

I’m personally frustrated with Margitelli’s post because it’s all about abandoning responsible disclosure globally rather than naming and shaming (Canonical? Red Hat? Both? Others? If it affects all GNU/Linux I’d expect every single distro maintainer to be named and shamed). Responsible disclosure is our best solution to make sure innocent bystanders don’t get caught in the crossfire. When specific entities don’t abide by responsible disclosure we lambast those specific entities not the entire process built to keep users safe.

It could also be manipulated by someone who reports the dark patterns are inaccurate. If it were run by a single org or person, it could get sold to a company interested in gaming the ratings or used to bash things the owner doesn’t like. I’m not entirely sure what your point is. Every way to set this up is subject to bad actors. There are some checks and balances present in the website. Why are they inadequate and why should we not trust this site? Are you, perhaps, an industry dark pattern plant trying to get us to avoid something that could deter dark pattern usage?

The most frustrating thing about this article is that it completely ignores that good movies targeted at kids still have to be good. Personal complaints aside, the new Mario movie was reasonably good for adults and great for kids. Pixar keeps churning out things that are fantastic on many levels. Bluey is an amazing show that can resonate with kids and parents. I don’t for a minute buy the elitist bullshit of “well you’re not a kid so you can’t comment.” Muppet Treasure Island holds the fuck up as an adult so this writer can fuck right off.

It’s okay for background noise. It is infuriating to watch. It’s not even slightly funny at a bad movie level of funny. It’s just bad.

The reason to use mono over dotnet is political. This is stirring up some really old shit; I expect a continuation of that shit now. Mono is currently MIT as is dotnet core. Who knows what direction each project will go now? MS has a history of fucking with licenses and Wine uses copyleft setups.

Microsoft has had dotnet-core for awhile. If you are running production dotnet loads (eg a C# app), you’ve probably been using those Linux containers for awhile. This doesn’t surprise me; they usually aren’t interested in maintaining an open version of software they have more restrictive licenses for. Enterprises will continue to use dotnet-core and Microsoft will probably do something to shoot mono in the foot in a few years.

Let’s assume you’re arguing in good faith here so we can understand why land deeds and URLs are completely different.

Deeds are managed by a central authority. There is an agreed-upon way(s) to view and search those deeds. There is a single authority to update or remove deeds. The items the deed refers to also are controlled by a single authority and changing them has a single process.

URLs are registered (loosely) with a central authority but the similarities end there. I can impersonate a URL on a network (even up to large chunks of the internet if I’m able to confuse DNS in a large enough attack). So just because you’ve bought the domain referenced in the blockchain and set up some name servers doesn’t mean any consumer of the blockchain or even the internet is guaranteed to hit your instance of the domain. All a URL is is a reference to something so let’s assume for a minute we can have a global reference. What’s behind it? Again, completely uncontrolled. For now it could be your NFT; what happens if I am your hosting provider and destroy your instance? Move your hardware? What’s to prevent you, the owner of the assumed global reference, to change what that uniform resource locator is actually locating?

Land deeds and URLs are not analogous. Land and the content served at a URL are not analogous. Let’s look at NFTs quickly to see if we can actually do something about this!

Since we have a single-write, read-only database, why not store the full thing in the DB? Well, first you have to agree on a representation. It has to be unchanging so we can’t use a URL. It can’t ever duplicate so realistically hashing is out (unless our hash provides a bijection which is just a fancy way of saying use the fucking object itself). Assuming we’re only talking about digital artifacts (attempting to digitize a physical asset is a form of hashing meaning we get collisions so you can’t prove ownership), we’re now in an arms race for you to register all of your assets and their serialization methods before I brute force everything. Oh and this needs to live everywhere so it can be public so you need peta-many petabyte drives. But wait! Now we’re burning the sun in power just to show you have ownership of 10 and I have ownership of 01. Fuck me that’s dumb.

That’s not how that works.

There is literally no way to opt out of Google’s data collection if you are going to use their products. Using another frontend shifts the data profile but it still exists and provides value to them. It’s reasonable to say it’s a bad thing. It’s unreasonable to say there are no other ways. I grew up in a public library and I can still get most of the information I need from a public library without Google products (things I can’t get usually come through inter-library loan or direct connections with subject matter experts at, say, a maker space). This seems to be less of “I’m against invasive corporations” and more of a “I don’t like the solutions available to avoid invasive corporations.”

If you care about that you don’t use YouTube at all or support creators that do. Even using 3rd party apps or services feeds into that. This feels like a serious non sequitur on any thread about any Google product.

I pay for YouTube Family. I consume a lot of YouTube and I want to support the creators I watch. At its current price point, YouTube Family is reasonable. Several households in my family get ad-free YouTube for what is a reasonably low price point for each household.

If the price goes up much (eg if I were paying the single price of $11 per household), the creators I really enjoy continue to get pushed out or change content because of shitty ad rules, or they pull the whole “must be in the same household” bullshit I would drop it in a heartbeat just like I’ve dropped most streaming providers. Streaming has become cable and YouTube has been shooting itself in the foot by forcibly changing content for advertisers. I come to the platform for content, not advertisers.

I live in the US. I don’t really get any protections.

Edit: found the Reddit thread I used to fix it back in the day; it was a very well-known issue