Did we read the same article? DNS-01 challenges require updates to DNS. This means you need an API for your DNS. This means you now have to worry about DNS permissions in your application cert workflow. We’ve just massively increased blast radius! Or you could do it manually but that’s already failed.

All of this is straightforward with infrastructure-as-code. While I don’t struggle with that, I’ve watched devs and sysadmins both stare blankly at this kind of thing for days at a time.

While I’m all for opening up codebases after release and seeking contributions from constituents, the landing page has some terrible ideas.

Similar applications don't have to be programmed from scratch every time.

Unless there are very solid guidelines that offer a lot of flexibility to do the opposite and code things from scratch every now and then, you get very pervasive legacy antipatterns. I have struggled to effect positive software change as an SRE at massive enterprises because of this idea. Conway’s Law does a good job describing how this stratifies code. I have also spent more than year trying to get disparate acquisitions on the same tech stack with ballooning requirements as everyone tries to get their interests in. I left that one without any real movement.

Major projects can share expertise and costs.

This goes against lean principles that see the best outcomes and exponentially increases the waterfall slog most government projects are. The more stakeholders the more scope creep. Your platform team can be shared; you don’t want your stream-aligned teams to get stuck in this mire. They need to be delivering the minimum viable solution for their project.

Assuming the software is just released with an open license and the public can contribute, hell yeah. I have contributed to so many projects that I actively use in my day job and there’s plenty of shitty government software I'd love to poke at. The two things I called out require a serious amount of executive buy-in for developer tools and experience which turns into a project itself. In the private world most companies chicken out when they realize they’ve got serious cost centers just making development easier, even if their product is serious software development. I worked for a major US consultancy that talked this big game and dropped everyone the second they were on the bench. In the public sector? Fuck. It’s hard enough to get people to understand attack surfaces much less the improvements a smooth DevX with a great pipeline can provide.

If you’re using any work-related anything to post “anonymously” or talk to journalists, don’t. That Blind redirection is chilling yet it’s well within the capabilities of employers. The right way to talk to journalists like 404 is to find their anonymous contact details eg Signal using your own internet connection and your own device. Work computers can be monitored. Traffic on work computers or work VPNs can be monitored. Company email usage can be monitored. Company phone usage can be monitored. You don’t need to be incredibly private with a VPN over tor and anonymous services; you just need to not use company resources. Whether or not this should be legal is a different story; you just gotta know you have fuck all for privacy on company resources.

I’ve only heard of Blind in passing; that corp email makes it too close to Glassdoor for comfort and it’s very clearly not private with that requirement.

Mullenweg is an original WP dev along with Mike Little. He’s fucking batshit and completely in the wrong but he did create the FOSS.

AWS makes this impossible in a few places such as a fair number of ACM use-cases.

I think your cert-per-session idea is interesting. We’d need significant throughput and processing boosts to make that happen, probably at least on the order of 10X computing speeds and 10X transmission speeds across the board minimum. These operations are computationally intense and add data to the wire so, for example, a simple Lemmy server with hundreds of users slows to a crawl and a larger site eg Mastodon goes to dialup speeds or worse. You can test at home by trying to generate an x509 self-signed cert before connecting to a website every time.

I read the Wires article for the first time just now to try and understand this article. I don’t really think it attacks SimpleX at all. I think it states the fact that nazis have moved to the platform, the fact that SimpleX is a very private platform, the fact that SimpleX claims to prevent extremist content and growth, the fact that extremist content is being spread and growing, and the fact that SimpleX is unaware of claims. As someone who has been following this discourse for decades, this is the kind of thing that gets published. There is a balance between privacy and extremism. Privacy-focused individuals like myself will always focus on the privacy provided there are tools to combat the extremism (where applicable).

I feel like SimpleX is being defensive because their claims are not panning out. Their response calls out all of the things I feel were said in support of them while ignoring the actual critiques of their system. Not adding a backdoor? Great! That’s law and smart! Supporting groups of over a thousand posting extremist content?

We never designed groups to be usable for more than 50 users and we’ve been really surprised to see them growing to the current sizes despite limited usability and performance

SimpleX will remove such content if it is discovered. Much of the content that these terrorist groups have shared on Telegram—and are already resharing on SimpleX—has been deemed illegal in the UK, Canada, and Europe.

This is the stuff that needs response, not the privacy stuff Gilbert is arguably a fan of.

Unhinged was not an option for my introduction. Survey ruined.

I catch a lot of shit for my distaste of GPL. I don’t think I should be able to tell you what you can and can’t do with my source code. I’ve released it into the wild. If I put caveats on it it’s not really free.

Oh, so we run mesh networks across the ocean? Very interesting. I’m sure we’ll be able to just use a metal with fake value that has nothing to do with fiat currency to buy all the equipment we’d need to power all that. Is there a big Monero group out there with the coins to pay all those local installers? They’d probably need to define some standards for what a network would look like and how they connect and how the local installers how and who gets paid what and how the networks interact. Standards? Regulations? I’m sure there’s a word for some sort of governing body that does all that.

Wait, you want to use a private currency pegged to the value of gold which is pegged to government currency? That kinda sounds like government currency with extra steps.

So instead using something we sort of agree has some value we should instead reject the government while using utilities it controls and regulates to access the internet it controls and regulates to use a currency susceptible to a 51% attack that could easily be executed by not just one but many governments? That’s a really novel idea. Do you have plans to run fiber across the oceans paying for everything with Monero so we can break free of these oppressive regimes?

It is in the recycle bin if you didn’t know. Nothing is lost; just moved. That has scared some folks

This issue has nothing to do with SaaS and everything to do with regular software updates (which are not limited to SaaS). Change the package to “LibreOffice Writer” and the delivery to “pacman -Syu” and suddenly the same bug has the potential to hit me. Hell, I have (well, had) floppies fresh from the store that introduced bugs into existing software back when I was a kid. Bugs will always exist and there isn’t enough regression testing in the world to ensure they don’t happen in the future.

All of your SaaS points are correct they just don’t apply here. We should be mad about the lack of testing in this instance.

Anyone in tech who knowingly works for Google supports these things in the same way that anyone that works in tech who knowingly works for Meta support genocide and the erosion of the democratic process. I give the caveat “in tech” because there are some roles like content moderation or executive assistant where you really don’t have the luxury of a huge market working almost anywhere else that doesn’t support genocide and I don’t fault those faults for taking a job that has better benefits. My engineering peers? I judge them for it.

There’s really nothing preventing that now. Used to be you just forwarded X (mobaXterm is great); looks like there’s an MS offering now.

As for Linux-exclusive games, there are some (eg this publisher) but really only because no one has bothered to make a Windows port. tbh you could probably get them running on macOS without much trouble because the toolchain’s all the same.

Damn this is a really weird way to learn a childhood basketball star died. RIP he was pretty rad IIRC.

This is actually true. Essentially a big drug manufacturer took down a scientist through a serious harassment campaign and blew him the fuck up when he finally snapped. In no large part to this coordinated glowup, published literature in the US agrees with the chemical manufacturer while it’s been banned in the EU for 20 years. The EPA might disagree with me that it’s true; the EPA and others funded in no small part by Syngenta refuse to look at things by Dr Hayes because he lost his cool a few times. Unfortunately Alex Jones further eroded the credibility of Dr Hayes but, imo, only because Syngenta actively deplatformed his research. Also Jones said some crazy shit about it.

You have answered nothing and read way more into the word “so” than was actually there. It’s pretty clear you’re just here to be mad so have fun with that!

So only art in museums is culturally significant? Made by artists who are dead? What about buildings? Religious places? Graveyards? Note that these are things I called out in my first comment so I’m not trying to move the goalposts here. You highlighted the Taliban destroying cultural places so, by your definition, we must include those and since we can’t displace any new ones must be added.

I completely disagree that the footprint of the world’s art museums is minuscule. Museums today already have problems with storage. In order to meet your definition for art, museums must continue to expand their collections. As the number of people grows, the number of artists grows, increasing the supply of art. How do you define “great artist” without proportionally increasing the number? As fields specialize, so too do the “great artists” that define mediums.

What about books? Records? Movies? How do we decide what to keep here?

• What defines “irreplaceable art” and why do we have a legal or moral obligation to protect it? Why does this allow for the private ownership of art?
• How much of the earth’s resources are we willing to dedicate to “culturally significant, irreplaceable things” such as buildings, artwork, graveyards, and civilizations? Who gets to decide what from modern times needs to be available in ten thousand years?

I come from a hoarding home where everything was important. My approach to preservation is colored through this lens. At some point we either exist solely to preserve artifacts created before us or we learn to let go. Not every Van Gogh or Picasso in a museum’s collection will be put on display and many museums struggle to maintain their hidden collections full of what curators would honestly call junk art of interest to only the most specialized of scholar. Assuming we only keep the “best” samples (that’s another debatable topic) there will be a point when we simply cannot collect any more art or culturally relevant things any more, similar to the eventual trade off between graves and arable land.

Hoarding aside, why are you not arguing to prosecute oil as hard as these folks? The number of indigenous cultural sites across the world destroyed by drilling astronomically outweighs the number of paintings with soup on them. Sure, we can prosecute both, but I don’t see you saying that either.

That’s fair! You can create an issue now with a branch in your repo as a proof of concept. Don’t wait to figure it out!

I am really curious tho and poking around myself.