Dark_Arc

Dark_Arc , 3 days ago

I would argue the top picture is also a big no no.

Dark_Arc , 2 days ago

I don't think it really takes a side ... just kind of points out that it's super weird that it's more socially acceptable in one direction than the other.

I do hope the author intended for what I said to be the point though.

Dark_Arc , 4 days ago

Seems interesting. I'm a bit concerned that they don't see encrypting direct traffic as an issue though https://github.com/rustdesk/rustdesk/wiki/FAQ#i-only-use-rustdesk-for-a-few-devices-on-my-local-network-with-no-internet-connectivity-can-i-still-use-rustdesk-with-direct-ip-access

Dark_Arc , 4 days ago

IMO, it shows security is not a priority for them. Just because you're on LAN it doesn't mean encryption is insignificant. There also isn't really "LAN" there are just networks, so this necessitates using some sort of server even in the case where you have an IPv6 or IPv4 address that would otherwise allow you to directly connect to your peer.

Dark_Arc , 10 days ago

Don't count standard notes out just yet!

They offer discounted plans upon request!

https://standardnotes.com/help/56/what-if-i-can-t-afford-the-price-of-extended

Dark_Arc , 10 days ago

Seems they're discontinued?

Dark_Arc , 12 days ago

This really is not a service issue. This is not a privacy issue.

YouTube as a service is ... actually a great service, it pays creators well, it's fast, it has decades of content, and it has tons of features.

It's monetized with ads, you either watch those ads or you pay them. Using a VPN to get a lower price on the subscription is not a service issue, that's abuse of regional pricing, and no company would accept that.

Dark_Arc , 11 days ago

Literally read about regional pricing and how important it is. It's incredibly ignorant to be against regional pricing.

The alternative to regional pricing is people just don't have access at all.

Dark_Arc , 11 days ago

I feel like the amount of ads and/or length is a little excess these days, though.

I do agree but their costs have also skyrocketed because the resolution and frame rate of videos has skyrocketed.

Linus Tech Tips did a video about this ... which agree with his conclusions or not, he paints a clear picture about how YouTube is more expensive to run than it used to be https://youtu.be/MDsJJRNXjYI

Google also isn't in the business of "running things at a loss in hopes of future profit" anymore ... so they need YouTube to be profitable. Maybe it's "too profitable", maybe they could cut down on the amount of advertising they use ... but you're absolutely right that they do test this stuff and find the threshold between "annoying but profitable" and "annoying but we're losing users."

More competition is always good ... but Google isn't stopping competition from showing up, just like Valve isn't stopping competition from showing up, they're just providing a better service that creators keep coming back to (because it's ultimately good for those same creators to get their content out there and monetize it).

Dark_Arc , 15 days ago

Hot take: GitLab is sluggish, buggy, crap. It is the "Mega Blocks" of source control management.

If you have source files that are more than a few hundred lines and you try to load them on the web interface, forget about it.

They can't even implement 2FA in such a way that it isn't a huge pain to interact with. There's been an open issue for over 7 years now to implement 2FA like it is everywhere else, where you can be signed in to more than one device at a time if you have 2FA enabled (https://gitlab.com/gitlab-org/gitlab/-/issues/16656).

Not to mention this was not a GitHub failure, this was a failure by the NYTimes to secure their developer's credentials. This "just in house/self host everything and magically get security" mentality that's so prevalent on Lemmy is also just wrong. Self hosting is not a security thing, especially when you're as large of a target as NYTimes. That one little misconfiguration in your self hosted GitLab instance ... the critical patch that's still sitting in your queue ... that might be the difference between a breach like this and protecting your data.

Dark_Arc , 15 days ago

This is "hack" like the kid that guessed your grandma's Facebook password is "ilovecats1953", "hacked" Facebook.

Dark_Arc , 15 days ago

Haven't used it first hand, but I think it's more promising.

Dark_Arc , 13 days ago

Yikes, thanks for sharing that one!

Dark_Arc , 16 days ago

I'm surprised, I was pretty sure anything with Battleye flat out rejected virtualization.

I thought Destiny used Battleye but I must be mistaken on one of these points.

Dark_Arc , 18 days ago

There seems to be an abundance of the false notion that large corporations are somehow above governments on Lemmy ... and that's simply not true, at least for corporations that want have legitimate business within the country.

EDIT: So as to say ... perhaps the commenter (at least in the moment) was a bit awestruck seeing laws apply to tech (which often seems to feel as though it's above the law in some way).

Dark_Arc , 19 days ago

Best for what requirements?

Lots of space? Ease of use? What devices? Web access? Etc

Dark_Arc , 18 days ago

Proton because I get it basically for free under my existing Proton plan and because of Proton's stellar reputation.

That's not to say the apps aren't a bit buggy or missing (Linux doesn't have one) though.

Dark_Arc , 18 days ago

If you're going to use Windows ... just use Windows firewall. There's no real reason that I can think of anyways to replace that one component with something FOSS.

Dark_Arc , 18 days ago

AFAIK, Windows firewall is perfectly fine, usable in commercial spaces, etc. You're probably going to be getting into more "hobbyist" firewalls even if you do find one ... and a firewall isn't something you particularly want that with. You want something that's well designed and well maintained.

(I say this as a guy that has run Linux on basically everything for ... over a decade)

Dark_Arc , 19 days ago

It's stuff like this that makes me distrust a lot of lifetime price guarantees and lockins. Take for instance pCloud (not to be confused with Proton Drive) and their purchasable lifetime cloud storage...

Dark_Arc , 20 days ago

A state wide mono-culture based on an unsolved cultural issue isn't "education" it's inherently heavy handed.

It also actively harms schools that may be trying to teach students how to use cell phones productively in their lives to help them solve problems rather than pretending as though they don't exist.

Dark_Arc , 20 days ago (edited 19 days ago)

Part of that is teaching people how to control their impulses and stay on task.

Your workspace isn't going to have you hang your phone up on the wall somewhere when you come into work and have someone tell you "now is the time to use your phone."

College isn't going to do it either.

We also could take some cues that maybe this isn't all as serious as we make it out to be. My high school back in the 2010s gave us a ton of busy work, insisted on making it effectively mandatory if you wanted a decent grade, didn't let people go to the bathroom without asking permission and using a sign out sheet, insisted every second of every lesson was crucial, and was very strict about not pulling out your cell phone basically ever (kids still snuck texts here and there).

I see more merits for small children, but in general I'm strongly in favor of radical changes to how we approach education ... because learning should be fun but is not for so many people ... and we forget so much of what we've been "taught" anyways.

Dark_Arc , 20 days ago

Ahh yes, hostile partial quoting to make my country seem unintelligent; welcome to my block list.

Dark_Arc , 21 days ago

I mean, in the Steve Jobs Apple it might have.

Steve originally pushed for web apps to dominate on the emerging open web standards.

Apple used to care about the customer more than they do now (IMO).

Dark_Arc , 24 days ago

That's a really silly take ... a Paywall is just an authorization mechanism.

That's like saying the source code of lemmy leaks and you expect your account to be compromised any second.

Dark_Arc , 24 days ago

Consider paying for the news...?

Dark_Arc , 24 days ago

I doubt this will affect much ... that's a lot more source code than I'd expect though, dang.

Presumably a lot of it is for internal operations (custom editing software or something of that ilk).

Dark_Arc , 24 days ago

I'm not sure what you're saying here ...

Dark_Arc , 24 days ago

Ahh, yes I agree on all points; thanks for the clarification!

Dark_Arc , 24 days ago

I was wondering if that's where you were going in part.

I think it's a bit of the phrasing; you stated an opinion that's vague to the point of tiptoeing towards the potentially loaded question: "who's independent media?"

It's not uncommon in the conservative media sphere to see a similar (typically series) of leading ambiguous questions. They're never genuine, it's always in the style of:

You know what the best operating system is? I'll tell you what the best operating system is, it's Linux. Do you know why Linux is the best operating system? It's because it's got penguins and penguins are great! Do you know why penguins are great? I mean, can you think of a more iconic bird? That's why, that is why ... and Big Microsoft is out to destroy your hopes and dreams aren't they? Yes, yes they absolutely are, with their soulless Windows operating system that's manufactured by the flying spaghetti monster. Now obviously folks, only use Linux if you support freedom not the unholy flying spaghetti monster. The flying spaghetti monster will destroy America. It's its one true mission. Support freedom, support penguins, stop the flying spaghetti monster.

I think it's made a bunch of if antsy lol

Dark_Arc , 24 days ago

I strongly disagree, email is a train wreck for secure communication.

Proton has done a pretty good job of making an implementation that's actually secure but PGP email has fundamental flaws like the subject line and recipient being clear text on the message, user error/key management complexity, and it's also just a high-friction means of communication vs "texting" or "IRC"-like approaches.

Dark_Arc , 26 days ago

My hot take: hostile reads are in pore taste. It's unique to the internet, and we need less of that.

Dark_Arc , 29 days ago

I don't particularly care about code size as a user or as a programmer.

Hard drive space is the cheapest thing you've got on a computer.

You could always run gentoo and use -Os ... that can make things a lot smaller but also slower.

Dark_Arc , 28 days ago (edited 28 days ago)

It's an invented problem. A program takes what a program takes. Everyone cares way more about the code being legible, the code being fast enough, and the code not using a ton of memory (and even that last one is kind of shrugged off depending on context).

Applications taking 3mb take 3mb because they do next to nothing or they do it with a bunch of shared libraries ... which is a whole other dependency management mess and wasting a few mb on a drive.

There's also a huge difference between being wasteful of something that pollutes the planet in mass and is not renewable like gasoline (which is the only reason you'd be upset about that now) and wasting a few mb on a drive.

The equivalent of your complaint 3mb vs 200mb is like complaining about a person taking a trip to the grocery store... It's insignificant and often necessary.

You can say that program does way more than you need, but ... nobody is catering to "only what you specifically need" and using the larger program almost certainly covers your needs.

Furthermore, like I already said making things smaller often makes them slower... Since CPU is more expensive to improve, of course things are bigger, that's what more people care about. Some video games take that to an extreme with uncompressed files and 250GB install footprints ... but 200mb?

Dark_Arc , 28 days ago

And then you look at real life and notice that code everywhere is slow, bloated and inefficient.

That's not true in practice. I mean, that code does exist. However, the vast majority of code is reasonably performant.

Not everyone is an expert at optimization and that's fine ... we'd have a lot less software in general if only the best of the best were allowed to author it.

It would be great if more things went back to native (or at least not "I need an entire web browser for my app to function") that to me is wasteful... But a few hundred MBs for a program as large, complicated, and feature rich as LibreOffice is not.

Terrible analogy. A better equivalent is someone renting a garage to store stuff inside and now, because they have so much space, there’s that urge to fill it, whether it makes sense to or not.

No, that's ... just wrong. It's not like people are just writing code and leaving it there to do nothing except increase code size or are actively trying to fill the drive.

It’s usually the other way around. As a rule of thumb, less code = smaller size = faster execution. In theory, 1k lines of code will require less computation, less processing, than 10k.

That's not inherently true, though it is a common misconception/oversimplification. When you do things like code inlining, you increase code size (because you're taking that functions code and having your compiler copy it around to a bunch of places) but the increased locality speeds things up. There's a reason -Os and -O3 are not the same option.

Now sure, if you execute fewer instructions that's better than executing more localized code (though even that can be wrong given process cache and relative instruction speed). Lots of programs have added features that you might not use, but that doesn't really "hurt you", that's not the source of your program or your computer's slowness, it's just some bytes on the drive.

We're a long way from the Unix style "everything is a small program that gets piped into other programs to do interesting things" days. That paradigm just doesn't work for GUI software. Nobody does that because ... normal folks would rather have one office program than have to go shop for 275 programs so that they can have separate programs to edit the document, print the document, convert the document to pdf, update calculations in their spreadsheet, run macros, etc (which if you use all/most of them would likely be more expensive in terms of disk space anyways).

Dark_Arc , 1 month ago

Here's the problem, people don't vote down ticket, and they only vote every 4 years instead of every 2 years.

The president is more of a cheerleader than a person of substantial power. That's not to say the office of the president isn't individually powerful, but you need strong margins in the house and the senate to actually get stuff done.

We kind of had that for 2 years when Obama and we got the affordable care act... Even then the margins weren't that great; I don't think Obama was the problem so much as they couldn't find the support to do something bigger in Congress.

Even with those thin margins Democrats come across the aisle regularly to actually get governance done (e.g. fund fixing infrastructure). They're not even close, we've got one party that actually governs, and another that prints money for the rich, attacks people based on their bedroom preferences, and doesn't give a shit about the environment.

Dark_Arc , 1 month ago

I think it's interesting folks take this as talking about Biden.

Biden has a platform, Biden and the Democrats have accomplishments ... what does Trump and the last decade of Republican congressional dominance have?

"DEMOCRATS ARE DESTROYING THIS COUNTRY!!"
"HEALTHCARE IS A MESS!! I'VE GOT A BRILLIANT PLAN I DIDN'T PASS OR EVEN PROPOSE IN CONGRESS LAST TIME. WE'RE GOING TO GET IT DONE THIS TIME. IT WILL BE SO MUCH BETTER THAN WHAT THE DEMOCRATS CAME UP WITH. NO I'M NOT SHARING IT NOW, YOU MUST BE SURPRISED." "I MADE MY RICH FRIENDS MONEY!!"

Dark_Arc , 1 month ago (edited 1 month ago)

You’re literally using tactics developed by fascists in your argument here.

[citation needed]

Somehow, the president is little more than a “powerless cheerleader” if we’re talking about Dems but “the end of democracy” if talking about Trump/Republicans. Both can’t be true.

They're over simplifying the problem. Trump is a cheerleader for fascism inside of the United States, a vote for Trump is a vote for every Republican in congress to be emboldened to do Trump like things (and even if they don't agree with them, fear their own removal).

There's certainly a different aspect for international issues and relations as well. However, ultimately, congress has all the power in this country. If Democrats had solid super majorities in the house and senate, or there was a super majority that was willing to side with Democrats to protect from Trump, there would be very little reason to worry.

In fact, we wouldn't even be having this discussion because congress would have held Trump accountable and convicted him during the impeachment hearings preventing him from holding office.

Obama and the Dems chose this over any sane single-payer option to allegedly “appease Republicans”

[Citation needed] see the majorities at the time, they could not get single payer past the majority of the Democrats in congress let alone Republicans. There was not a sufficiently progressive majority.

In another attempt to appease Republicans, they allowed them to steal Obamas SCOTUS appointment while also allowing Trump to steal what should have been Biden’s SCOTUS appointment

They "allowed" that to happen? What could they have done?

They didn't have control of congress.

I'd go on but I don't have time to say "they didn't have control of congress" all day. If you want something done in this country, you need congress (either via super majority) or via a slim majority and an aligned president (and even then in the latter case, results may very due to personal votes/perspectives of representatives).

Dark_Arc , 1 month ago

Yeah... Probably eventually knowing them, sadly not yet

Dark_Arc , 1 month ago

Yeah, it's actually ... a bit creepy.

Federated voting in general seems like it could use some rethinking to enable private voting but also to protect against vote manipulation. Right now the fediverse is arguably incredibly vulnerable to vote manipulation campaigns.

Dark_Arc , 1 month ago

One possible answer is to allow anyone to see votes categorized by instance, so you know where they're originating from.

Small/single user instances could be aggregated together/anonymized or maybe that's just the price you pay for having a single user instance.

Dark_Arc , 1 month ago

Something with 1-click installs like TrueNAS can help quite a bit. It's still something that requires active involvement from the operator to do well though. If you're self hosting, it's like DIY construction, if something falls down ... you can't sue your contractor/nobody's going to make you whole again except yourself.

There's also the networking side of things. I just wrote up some thoughts on that as well... https://alexandrite.app/social.packetloss.gg/comment/1821545

Things like ZeroTier/TailScale/Nebula can make this monumentally more approachable and safer. It's still far from for everyone though.

Dark_Arc , 1 month ago

The thing about something like TailScale or ZeroTier or Nebula is that it's dynamic. These all behave similar to a multiplayer game ... a use case every residential firewall should "just get."

The ports that are "opened" can change regularly, they're not some standard port that can just be checked to see if it's open (typically).

Compare that to the average novice opening port 51822 for wireguard or 22 for SSH and you start to see the difference. With those ports, you've got a pretty good idea what's on the other side and it might even be willing to talk to you and give you error messages or TCP ACK packets to confirm it's there (e.g. SSH).

This advice is as you can probably imagine more relevant to things like OpenVPN that are notoriously hard to correctly configure or application protocols like SSH or HTTP.

With these mesh VPNs you also don't have to worry about your home dynamic IP changing and breaking your connection at inopportune times... And that's a huge benefit (IMO). It's also very easy to tie in new devices to the network.

A lot of it is about outsourcing labor to programs that know how to set up a VPN and make management of it easy. That ties into security because ... a LOT of security issues boil down to misconfiguration.

Dark_Arc , 1 month ago

The company Tailscale is a giant target and has a much higher risk in getting compromised than my VPN or even accessible services.

One must be careful about this mindset. A bunch of smart lightbulbs that are individually operated aren't a particularly appealing target either. However, in aggregate... If someone can write a script that abuses security flaws in them or their default configuration ... even though you're not part of a big centralized target, you are part of a class that can be targeted automatically at scale.

Self hosting only yields better security when you are willing to take steps to adequately secure your self hosted services and implement a disaster recovery strategy.

Dark_Arc , 1 month ago

Yes, WireGuard was designed to fix a lot of these issues. It does change the equation quite a bit. I agree with you on that (I kind of hinted at it but didn't spell that out I suppose).

That said, WireGuard AFAIK still only works well with static IPs/becomes a PITA once dynamic IPs are in play. I think some of that is mitigated if the device being connected to has a static IP (even if the device being connected from doesn't). However, that doesn't cover a lot of self hosting use cases.

Tailscale/ZeroTier/Nebula etc do transfer some control (Nebula can actually be used with fully internal control and ZeroTier can also be used that way as well though you're going to have to put more work in with ZeroTier ... I don't know about TailScale's offering here).

Though doing things yourself also (in most cases) means transferring some level of control to a cloud/traditional server hosting provider anyways (e.g, AWS, DigitalOcean, NFO, etc).

Using something like ZeroTier can cutout a cloud provider/VPS entirely in favor of a professionally managed SAS for a lot of folks.

A lot of this just depends on who you trust -- yourself or the team running the service(s) you're relying on -- more and how much time you have to practically devote to maintenance. There's not a "one size fits all answer" but ... I think most people are better off doing SAS to form an internal mesh network and running whatever services they're interested in running inside of that network. It's a nice tradeoff.

You can still setup device firewalls, SSH key-only authorization, fail2ban, and things of that ilk as a precaution in case their networks do get compromised. These are all things you should do if you're self hosting ... but hobbyist/novices will probably stumble through them/get it wrong, which IMO is more okay in the SAS case because you've got a professional security team keeping an eye on things.

Dark_Arc , 1 month ago

Comparing floats for equality is generally a bad idea anyways.

Floats should really only be used for approximate math. You need something like Java's BigDecimal or BigInteger to handle floating point math with precision.

Looks like this is the equivalent for Python:

https://docs.python.org/3/library/decimal.html

Dark_Arc , 1 month ago

It could become independent with sufficient funding. I think that's part of the idea.

Though, being able to use other indexes is likely still helpful.

Dark_Arc , 1 month ago

Oh christ...