Crowdstrike didn’t target anyone either. Yet, a mistake in code that privileged, resulted in massive outages. Intel ME runs at even higher privileges, in even more devices.

I am opposed to stuff like kernel level code, exactly for that reason. Mistakes can be just as harmful as malice, but both are parts of human nature. The software we design should protect us from ourselves, not expose us to more risk.

There is no such thing as a back door that “good guys” can access, but the bad guys cannot. Intel ME is exactly that, a permanent back door into basically every system. A hack of ME would take down basically all cyber infrastructure.

Cal state northridge?

Because forgejo’s ssh isn’t for a normal ssh service, but rather so that users can access git over ssh.

Now technically, a bastion should work, but it’s not really what people want when they are trying to set up git over ssh. Since git/ssh is a service, rather than an administrative tool, why shouldn’t it be configured within the other tools used for exposes services? (Reverse proxy/caddy).

And in addition to that, people most probably want git/ssh to be available publicly, which a bastion host doesn’t do.

So based on what you’ve said in the comments, I am guessing you are managing all your users with Nixos, in the Nixos config, and want to share these users to other services?

Yeah, I don’t even know sharing Unix users is possible. EDIT: It seems to be based on comments below.

But what I do know is possible, is for Unix/Linux to get it’s users from LDAP. Even sudo is able to read from LDAP, and use LDAP groups to authorize users as being able to sudo.

Setting these up on Nixos is trivial. You can use the users.ldap set of options on Nixos to configure authentication against an external LDAP user. Then, you can configure sudo

After all of that, you could declaratively configure an LDAP server using Nixos, including setting up users. For example, it looks like you can configure users and groups fro the kanidm ldap server

Or you could have a config file for the openldap server

RE: Manage auth at the reverse proxy: If you use Authentik as your LDAP server, it can reverse proxy services and auth users at that step. A common setup I’ve seen is to run another reverse proxy in front of authentik, and then just point that reverse proxy at authentik, and then use authentik to reverse proxy just the services you want behind a login page.

The solution to what you want is not to analyze the code projects automagically, but rather to run them in a container/virtual machine. Running them in an environment which restricts what they can access limits the harm an intentional — or accidental bug can do.

There is no way to automatically analyze code for malice, or bugs with 100% reliability.

Yeah, that’s what this uses. But copy’s x86 emulator on their site does not have any sort of networking, while anura seems to use some kind of http proxy to have the vm be fully networked.

You can even install packages and run graphical apps in anura. (Very, very, very slowly).

First things first: Check if any data was actually leaked/breached.

Many times, the data leaks news sites like to report in the most alarmist manner, don’t actually contain any new data, and are just aggregations of older breaches that already happened. Although still worth reporting, sadly, due to the way ads and clickbait works, they are incentivized to play it up and report it as the LARGEST DATA BREACH EVER 2024 CLICK ME IMMEDIATELY.

But yeah. My recommendation: Find high quality sources which either don’t report this stuff, or I like lemmy (and used to like reddit), because when stuff like that gets posted, it gets called out by users in the comments.

Google put an API into Chrome that sends extra system info but only to*.google.com domains. In every Chromium browser.

Only vivaldi caught this issue. Brave had this api enabled, most likely on accident.

But the problem is, that chromium is just such big and complex software, when combined with development being driven by Google, it’s just impossible for any significant changes or auditing to be done by third parties. Google is capable of exteriting control over Brave, simply by hiding changes like above, or by making massive changes like manifest v3, which are expensive for third parties to maintain.

Brave can maintain 1 big change to chromium, but for how long? What about 2, 3, etc.

My other big problem with brave is that I see them somewhat mimicking Google’s beginnings. Google started out with 3 things: an ad network, a browser, and a search engine.

Right now, Brave has those same three things. It feels very ominous to me, and I would rather not repeat the cycle of enshittification that drove me away from chrome and goolgle.

Disabling javascript increases security, and offers a little bit of privacy. Those are both separate from anonymity, but people conflate the three often.

For example, javascript can be made to do arbitrary websoccket or http connections to any ip/hostname your computer has access to — even local networks or localhost.

I use the browser extension Port authority to block it.

Of course, port scanning is used by ebay to scan users computers, and discord.

Disabling javascript prevents websites from tracking exactly what you do on each site, or what local ports you have open. This is definitely an increase in privacy, as it relates to hiding what you’re doing. However, you noted it comes at the cost of anonymity, as you become uniquely identifiable.

Anyway the centralized nature of Revolt Chat makes it no very appealing for me.

I agree with this. I will probably stick with either matrix or xmpp due, to their federated nature, and strong E2EE. Matrix is a better discord replacement, as it has more features, is more standardized, has a better web client, and has “spaces”, which are somewhat analogous to discord servers.

Xmpp however, is much more lightweight on both servers and clients than matrix, and it’s E2EE works more reliably (none of that "failed to decrypt nonsense), and makes a better E2EE messenger.

I attempted to find evidence to support this.

I found one reddit post claiming this, but they themselves did not provide any evidence.

freedom of religion is a human right bruh i did not say anything but i believe in god the banned me and claimed i was being homophobic 1. i said nothing about it 2. stfu even if i was

​Not exactly the most compelling piece of evidence, and this was all I could find.

I still feel like there’s space for a MATLAB replacement…

GNU Octave?

https://en.wikipedia.org/wiki/GNU_Octave

using a language that is mostly compatible with MATLAB

Pip in a venv doesn’t get you non python tools.

Conda also has venvs, for seperate environments for stuff as well.

https://rclone.org/drive/

https://rclone.org/crypt/

No way to protect emails, google chats, or many other things AFAIK. Yeah, I hate it too.

Why is SSPL not considered FOSS while other restrictive licenses like AGPL and GPL v3 are?

So I have an answer for this. Basically all of the entities listed that relicensed their projects to the SSPL, also relicensed their projects using the dual licensing scheme, including one proprietary license. That’s important later.

The SSPL’s intent is probably that the deployment framework used to open source this software must be open sourced. I like this intent, and I would consider it Free/Libre Software, but it should be noted that another license, the open watcom license, which requires you to open source software if you simply deploy it, is not considered Free Software by the FSF. I don’t really understand this decision. I don’t count “must share source code used” as a restriction on usage cases. It seems that the FSF only cares about user freedom, whoever is using the software, and views being forced to open source code only used privately as a restriction.

Now, IANAL… but the SSPL’s lettering is problematic. What is part of the deployment system? If I deploy software on Windows, am I forced to open source windows? If I deploy it on a server with intel management engine, am I forced to open source that? Due to the way it is worded, the SSPL is unusable.

And a dual license, one proprietary and one unusable means only one license — proprietary. There’s actually a possibility that this is intentional, and that the intent of the SSPL was never to be usable, but rather so that these companies could pretend they are still Open Source while going fully proprietary.

But, for the sake of discussion, let’s assume the SSPL’s intent was benevolent but misguided, and that it’s intent was not to be unusable, but rather to force companies to open source deployment platforms.

Of course, the OSI went and wrote an article about how the SSPL is not an open source license but that’s all BS. All you need to do is take a look at who sponsors the OSI (Amazon, Google, other big SAAS providers) to realize that the OSI is just protecting their corporate interests, who are terrified of an SSPL license that actually works, so they seek to misrepresent the intent of the SSPL license as too restrictive for Open Source — which is false. Being forced to open source your deployment platform still allows you to use the code in any way you desire — you just have to open source your deployment platform.

Is there some hypothetical lesser version of SSPL that still captures the essence of it while still being more restrictive than AGPL that would prevent exploitation by SaaS providers?

AGPL. There’s also Open Watcom, but it’s not considered a Free Software license by the FSF, meaning software written under that wouldn’t be included in any major Linux distros.

I think in theory you could make an SSPL that works. But SSPL ain’t it.

Of course, there are problems with designing an SSPL that works, of course. Like, if you make it so that you don’t have to open source proprietary code by other vendors, then what if companies split themselves up and one company makes and “sells” the proprietary programs to another.

Fun fact: you don’t need to add the nixpkgs channel for the determinate systems installer, even when using channel commands or other things since it adds an option to your nix.conf to reference the nix flake for nixpkgs.

I don’t know how to update this flake though.

Zotero is a citation manager, with a firefox extension to save an article (but really, a tab) with one click.

It also has fulltext search. You can search snapshots of everything you save.

“But I can’t save all my tabs at once”

(There are some solutions, but nothIng official)

Save as you go. Computers simply don’t have enough ram for 2000 tabs.

Anyway, it also seems to be able to run javascript plugins, and I saw you have some experience with that.

It also has support for folders, so you can organize it a bit better than tabs work for that.

There’s also the needy users that create tickets for every prompt, dialog, message, delay… Pretty much anything that could happen at all ever, whether it affects their ability to do their work or not.‘’

This could be weaponized incompetence. “Oh I keep having issues with my computer that interfere with my work, so I can’t work and IT is incompetent and can’t help me, look at all these tickets and how long IT takes. I just can’t get any work done!”

However, freshtomato is another router firmware, that isn’t as feature rich or well supported as opwnwrt, but is focused on supporting broadcom chipsets.

https://www.freshtomato.org/

https://wiki.freshtomato.org/doku.php/hardware_compatibility

I flashed it to my netgear router with a broadcom chipset, it works wonderfully!

Putting something on GitHub is really inconsequential if you’re making your project open source since anyone can use it for anything anyway,

Except for people in China (blocked in China) or people on ipv6 only networks, since Github hasn’t bothered to support ipv6, cutting out those in countries where ipv4 addresses are scarce.

So yes, it does matter. Both gitlab and codeberg, the two big alternatives, both support ipv6 (idk about them being blocked in china). They also support github logins, so you dob’t even need to make an account.

And it’s not a black or white. Software freedom is a spectrum, not a binary. We should strive to use more open source, decentralized software, while recognizing that many parts are going to be out of our immediate control, like the backbone of the internet or little pieces like proprietary firmware.