DigitalDilemma

Why would I care enough to try and discredit you on any grounds than you’ve written here? I don’t know you, I don’t care about you other than what I’ve read in this thread where you come across as arrogant and the aggressor. Not quite the innocent party you’re trying to project.

Don’t worry about replying, I’m going to use Lemmy’s block user system. Not used it before, but I think it’s the best way to deal with someone I have a disagreement with and don’t want to talk with any further, rather than wasting others time with vexatious development requests.

EDIT: I’m gonna open an issue so Lemmy lets OPs edit and delete comments on their posts. The amount of argument on here is too bad for a standard centralized moderation model.

Not only do you insult a game that many people have a huge amount of love for, for the weakest reason possible - then you get all salty because people disagree with you.

And THEN, you complain to the developers that you should be able to delete other people’s content that you disagree with?

Seriously, get some perspective and stop being a douche. Please.

but the target audience was just presented factorio 2.0

I totally missed that this was a thing. Saw this and then bought the DLC yesterday at 7pm, figuring I’d get a couple of hours in before going to bed. (I get up early)

Yeah, rigt. 4am this morning and I was still playing. .

Factorio is amazing.

It’s fine, but not going to be the cheapest.

Cheap to buy: Any old PC desktop, really. Most will run linux and windows fine, depending on what you want. Anywhere from free to £100. If you have an old desktop or laptop already, use that to start with.

Cheap to run: Any mini PC. I run a Lenovo ThinkCentre M53 for low power duties. Cost £40 and runs silently at 10watts, idle. (I have a secondary, much beefier server for other stuff that runs at around 100w which lives in the garage)

But plenty of people do run mac minis as home servers, often on Linux. They’re fine - just do your homework on the CPU ability, how much ram you can add, and whether you’re okay with external disks if you can’t fit enough inside.

What’s really insane is that sometimes the second identical test actually works.

(This is as much an answer to some of the comments already raised, as to the article - which like most such personal pieces has pros and cons.)

As part of a previous job I used to host email for a small business - this was about 15 years ago. I ended up spending several hours to a day a week working on it; apologising to users, tracing and diagnosing missing sent email and the endless, ENDLESS arms war against incoming spam (phishing was much less of a problem then). The trust from the company in our email operation was very poor and you’d regularly hear someone apologising to a customer because we hadn’t contacted them, or answered their email. The truth is much was going astray and staff were relying more on the phone than email because they knew it worked. You might guess from this that I’m terrible at running an email system but I don’t think I am. I started moving email back in the late 80s when Fidonet was the thing, so I have some miles travelled. Tools have improved a bit since then, but so have those used by the bad guys.

I still consider one of the best things I did for that company was move our company email onto Gmail Business (which was free for us as a charity) Every single one of those problems went away immediately and suddenly I had a lot more time to do more important stuff. I would never self-host email again despite running several personal servers.

Plenty of people say they self-host just fine, and great for you if that’s so. But the truth is you won’t always know if your outbound mail silently gets dropped and you have a far higher chance of it arriving if it comes from a reputable source. There are a huge number of variables outside of your control. (ISP, your country, your region, your software, even the latency of your MX or DKIM responses factor into your reputation)

You take the decision on whether any perceieved risks of privacy through using a third party outweighs the deliverability and filtering issues of self hosting, but please don’t say it’s simple or reliable for everyone. If it’s simple for you, you’re either incredibly lucky or just not appreciating the problem.

You’re spot on, and even smaller ISPs routinely get blocked by larger hosters (anyone who doubts this, please look around for the many stories along the lines of “gmail silently drops my email”)

Residential IP blocks are scored much higher and given a negative trust from the start - not surprising since that’s where much of the world’s spam comes from through compromised computers, routers etc.

Well, that’s this afternoon planned then.

I think you’ll find some ISPs will be reluctant to let go of CGNAT - they’re doing quite nicely by charging extra for ‘commercial’ services where it’s not in the way.

Fortunately, many of us know about cloudflare tunnelling and other services, so NAT really isn’t a problem to self hosters and even SMEs any more.

The way I help, as a Sysadmin, is primarily by using foss software in my job and feeding back with bug reports, issues and so on. I’ve raised several hundred issues on Github this way, and try to do them concisely, accurately and with as much relevant information as I can.

That’s really neat, and in the Debian main repos.

micro looks very impressive. I’m too invested in vi to move away from that, but it’s great to see alternatives, especially those focused on being easy to use (like jed)

Only weird thing from the cap I saw was that you need to edit a json file to change keybindings - doesn’t that go against the ‘easy to use’ edict, or is that something that’s planned to be changed?

Fair point.

If the distro team is compromised, then that leaves all their users open too. I’d hope that didn’t happen, but you’re right, it’s possible.

I think bus factor would be a lot easier to cope with than a slowly progressing, semi-abandoned project and a White Knight saviour.

In a complete loss of a sole maintainer, then it should be possible to fork and continue a project. That does require a number of things, not least a reliable person who understands the codebase and is willing to undertake it. Then the distros need to approve and change potentially thousands of packages that rely upon the project as a dependency.

Maybe, before a library or any software gets accepted into a distro, that distro does more due diligence to ensure it’s a sustainable project and meets requirements like a solid ownership?

The inherited debt from existing projects would be massive, and perhaps this is largely covered already - I’ve never tried to get a distro to accept my software.

Nothing I’ve seen would completely avoid risk. Blackmail upon an existing developer is not impossible to imagine. Even in this case, perhaps the new developer in xz started with pure intentions and they got personally compromised later? (I don’t seriously think that is the case here though - this feels very much state sponsored and very well planned)

It’s good we’re asking these questions. None of them are new, but the importance is ever increasing.

software developers are criticizing Microsoft and GitHub for taking down some of the affected code repositories

Surely it’s sensible of Github to take down malicious code? It’s not just honest, hardworking people trying to make sense of this that have eyes, it’s others looking for inspiration from what appears to be a sophisticated and very dangerous supply chain attack.

I like the energy, but this doesn’t qualify as “lesser known”

I respectfully disagree.

I had redcare via Age Concern for my mum before she went into a home with dementia - it was a few years ago and it was all that was available.

Nowadays, the panic alarms are, I believe, entirely self contained using a sim card and mobile connectivity and include location information - so they are not reliant on local power or internet connection. That locational information could be life saving - one time my mother got very confused, left her flat and was wandering around outside in freezing conditions. Luckily someone heard her calling out and took her home, but she could easily have died that night and was so confused that she didn’t think to use her dongle which was still around her neck, and it is doubtful it would have been in range of her base station anyway. A modern system can also include geofencing and even positional data (if someone falls down), takes it off, or battery runs low and automatically alert. Just like redcare, the modern systems are manned 24/7 just the same.

Sometimes old school is not best.

obfuscation should be done for FUN by PROGRAMMERS to SCARE python programmers. It should NOT be a MANDATORY feature of a language.

Many/most password managers do TOTP in their browser extensions already - at least on paid tiers. (Bitwarden, Lastpass for sure).

It’s the only way a team can effectively use TOTP, which still offers a lot of protection.