That image strikes me as singularly unsuited as a metaphor for that message... I mean, a wall isn't useful until it is built as high as it needs to be and adding more height after that is rarely an improvement. If it's supposed to be a house it gets even worse, because that only serves as shelter once the roof is on... Not to mention I vastly prefer a house that was properly planned through before starting construction... Not all projects benefit from iteration...
To those concerned about #slack now using your chats, including trade secrets, NDA stuff, etc., to train their #llm: #WTF did you expect using a third party with full content access to discuss those things? That they'd be gentlemen and not read your mail? That they somehow wouldn't try to find a way to monetize that juicy data? I am flabbergasted that people working for corporations just as immoral could have been that naive...
@lpwaterhouse many startups use discord for the same reason as corporates use slack
tencent has a share in discord inc. and thus an access to all the data
everybody running a startup knows that
nobody cares
idk, maybe that's applicable for startups only
@bpavuk Judging by my timeline a lot of people seem to care now; I am confused as to how they either a) didn't see it coming at all (read: naive in face of overwhelming prior examples) or b) managed to actively "not care" until it was "too late" (Hint: It was "too late" the second you put data in, not when you learned that they are using it). "a)" I can imagine, like a character in a bad novel, though it's a tall order; "b)" on the other hand... My brain does not work like that. At all. Of course there is always c) The people now clamoring are not ones that did, in fact, choose (they might have still been forced to) to use slack in the first place, but are merely expressing their indignation by stylistically putting themselves in that position to increase emotional involvement. Those are... vacuous...
Re-organizing the #Homelab and currently stuck on #HardThingNo2, naming things. My #aspie brain thinks it'd make most practical sense to name things by function, e.g. workstation01, firewall01, cluster01node01, etc. (which adds the question of how many leading zeroes), would like to name things with geeky references e.g. FUCKUP, Ozma, 7of9, etc. (which runs into issues as soon as you try for a coherent theme of enough components...), and is worried that from a security perspective something memorable yet unrelated to its function might be wise, e.g. blue charybdis, amber cyclops, periwinkle gorgon (But then I'm not running a spy agency here... as far as you know :-P).
@lpwaterhouse I had a short phase where I used thrash metal bands for my machines. 😅
No particular reason for why I stopped, but my two remaining machines are now called monster and beast, with beast being my beefy desktop pc. 😁
@mforester For the longest time I used Star Trek characters, tpau is still chugging along just fine. And I used to work at a FAANG-level corp where the primary and secondary email server were called data (so far so good) and lore, so I guess I wasn't in the wrong crowd there :-P But that also taught me the value of systematic names; When you spin up dozens of machines elastically then naming them isn't only pointless, it actively hinders swift error localization, because your brain goes through that additional level of indirection. function-location-somewhatuniqueid is really helpful. But then so it is for an intruder, a host named auth-something or db-something is sure the get attention fast during a breach, which is why some security departments actively mandate something like IP-, MAC-, or GUID-only, which in turn is nightmare to debug yet again... None of which applies much to a homelab, except insofar as I want to play with "realistic" toys. sigh My brain us just stuck in the evaluation loop; It's a familiar feeling, though :-P If someone has a link to a reasonable "current best practice" document I'll take it, otherwise I'll just go with boring+functional again ;-)
Wish there was a decent "kickstarter* / #groupbuy for getting one of the many truly libre #riscv cores made by a #fab. Ideally one that is as much "general purpose cpu" as possible, though I can certainly do without out of order, speculative, and all the other fancy common sources of cpu vulnerabilities. It doesn't need to win speed records, just being really rock-solid would be awesome sigh
I'm thinking about setting up a #udev rule that triggers some actions when a given device is removed. For that I'd like a minimal #usb device/token, think "only vendorid and productid", no actual functionality (which could fail and cause issues, etc.). Does anyone have a source for something like that? It's obviously ridiculously niche and not at all cost-effective to manufacture...
@lpwaterhouse you can do this with any USB device you can imagine. Do it with a flash drive. Doesn’t matter if the flash is corrupt or dead, you’ll never access the flash anyway.
Considering to change my #backup solution from #duplicity to #restic (Not sure yet, I like having #pgp keys for encryption, but it's not like a long password stored in #PasswordStore wouldn't cut it). Since restic supports Windows I might try moving a couple relatives onto it; Makes helping them easier if I know the software. For them however, a #GUI is likely a MUST, but what I've found so far is not too encouraging: restatic (dead), npbackup ("metrics" and other assorted niggles), resticguigx (Electron), backrest (browser-based, which makes my skin crawl for security tooling)... Does anyone know other options I missed? Or has some compelling arguments for those I mentioned?
@lpwaterhouse The reason why I did this switch is that Duplicity does not support large backups. The ticket is open for over a decade and still not solved.
@ascherbaum Yeah. My main issue is that duplicity feels very hacky in an "old unix grognard" kind of way (Not that I ain't one of those, but still). Been hearing good things about restic for a while now (out of the CCC universe), but looking at things like https://github.com/restic/restic/issues/187 (asymmetric encryption) being open since 2015, with quotes like "restic currently requires delete privileges for normal backup operation" (in 2021) make me somewhat hesitant... Especially given the claim that it "does backups right". The biggest draw for me really is not having to fiddle with some arcane Windows-only solution when asked for help...
I am currently designing a small toy-language and was considering making all strings proper #Unicode objects and all source files utf-8. Lo and behold, Unicode has recently published some guidance: #TR55http://www.unicode.org/reports/tr55/ I am, however, rather deeply concerned about the general strong preference for #blocklists over #allowlist, e.g. as recommended for identifiers. I get wanting to allow people to use their own language and script wherever possible, and therefore recommending switching from e.g. requiring type names to start with an upper-case character to blocking an initial lower-case character, thereby allowing the use of unicameral (without upper and lower case) scripts. But I have this deep gut-feeling that while the TR certainly solves some existing #vulnerability classes, it also opens up a huge amount of new ones with this general attitude. I haven't yet gone through the TR with a fine-toothed comb to allay that fear, but I'd appreciate input from anyone that has thoughts on the matter.
I fully embrace my childish side (hey, I'm an #aspie / #geek, not doing so would be inhumane#jokingbutonlyhalf), which tends to express itself, among other things, in really enjoying having plushies of programming languages, that I actually use, etc. on my desk at work (Think #ElePHPant and #rust's #Ferris). One day I'll manage to score an #AntsyBull somewhere. But I cannot, for the life of me, find some proper floofy #Python sneks anywhere!
Time to turn of social media for a bit; I'm at the "I need to smite all these annoying hoomans with my burning divine wrath" stage of my very limited social capacity. No need for a meltdown today. Gonna build me a blanket fort with my favourite plushies in it and read a good book, probably the ActivityPub spec or so...
Reminder of the dangers of meeting your role models (As is unusually possible in the fediverse): I ended up in a rather hostile exchange with someone whom I had known, from a podcast, as a person of calm and integrity. I am genuinely sorry that happened; I had merely wanted to give an honest answer. Maybe I failed miserably (Quite possible, I am an Aspie). Maybe they were reacting to multiple people and I was just the straw that broke the camels back. Maybe my expectations were just wrong...
I have given it a lot of thought and I conclude that I mistook an invitation for conflict (or, possibly, echo-chamber self-affirmation, as the other side of the coin) for a genuine question. Answering it honestly was an obvious walk into a common rhetoric trap that could only go one way. That is something I always struggle with. To recognize when a question is bait (what's worse: I presume it's rarely a conscious decision, making it harder to predict), not genuine. Not sure I'll ever learn...
sigh I run @GrapheneOS, which, regrettably, means #Pixel hardware. My aging 4 is having serious hardware issues, so I've been meaning to replace it with an 8 this October... Until I saw the leaked price increase in Europe... I kind of understand ridiculous prices for (coughfoldingcough) novelty features, but for an essentially ordinary phone? With only a camera I could do without entirely? I hope a lot of people opt for the 7 instead, and don't reward that pricing.
I grew up with the myth that Germany was really good at engineering. That its products, while complex, were utterly reliable. Not swiss clockwork, but not brute overengineering either, just very competently done. Now, a large part of that is just that, a myth, but seeing government planes with failure after failure (not to mention all those infrastructure failures, like internet speed or electric cars), while getting swamped in "Germany can X / Who if not here?" (sic) ads is... surreal.
Oh dear, seems #HashiCorp has decided to finally execute the inevitable bait and switch. The #BSL (#BusinessSourceLicense) is a piece of decidedly not-#FLOSS garbage (albeit one with a converts-to-FLOSS sunset clause built in), that I've been eying wearily ever since #MariaDB created it (though not applying it to anything I actually use; that is still #GPL). The only HashiCorp thing I use is #Terraform; Here's to hoping someone forks the last free version ASAP.
Dear @fsf / GNU, while I fully expect you to disagree with Libreboot / @libreleah regarding the inclusion of microcode updates (I specifically use hardware needing none), I find what I've heard (https://libreboot.org/news/gnuboot.html) about the behaviour of GNU Boot utterly appalling. It is decidedly hostile and very "corporation". I strongly urge you to look into the leadership of GNU Boot. I cannot in good conscience continue membership in an org that tolerates that.