Back before ClusterFlutter (which was just a lot of Java object type-casting, large multi-dimentional arrays, and overflow math) botting was pretty easy to write yourself with very little JVM knowledge.
Bans were (and still are) pretty hard to come by as long as you pay for a membership.
> a basic level of device security across all iMessage threads I have
Is that really true though? Jailbroken phones, iMessage may still work. Any device security gets thrown out the window.
You also can't expect everyone to have an Apple device for security, which we've seen time and time again SS7 being weak - So is the requirement to remove SS7, for everyone to jump on the Apple train?
I see Beeper as doing Apple a service, not so much a competing platform, but a gateway to the iMessage ecosystem - 'Hey, this would be pretty cool to use without this app and have it native' vs the 'Only Apple devices can use this.'
> More and more of the internet is now moving behind Cloudflare
This is a big double-standard here on HN. Everyone hates Google for making decisions on behalf of the internet as a whole; yet Cloudflare has done the exact same thing with a different OSI layer.
I'm not very trusting of Google, but I certainly dont trust Cloudflare any more-so, because they keep things much closer to the chest.
For the overflow, Jagex with RuneScape did it in Java. They also did stupid Object arrays 7 or so levels deep, doing casts on casts in between. The bytecode itself made the actual runtime slow to a crawl (anywhere from 5 to 10x slowdown.) This was circa 2014.
Spit-balling; when will they put GSM chips in them? The cost of a data-plan could easily be reached with estimated figures for ads and selling usage data.
For maven, to push artifacts via the correct mvn deploy:deploy-file requires a S3 wagon (transport layer) software to actually make the S3 calls. For bigger orgs, having everyone use a wagon is a non-starter.
All I'm seeing this does is give the proper http endpoints so you dont need the wagon. Is it worth ~2x the price, no, but it's better than the other enterprise-y solutions.
Samesite won't break it if you set it none. Eg samesite=none Google failed to set it before the official rollout.
Reason is that sso effectively uses an iframe or popup to a 3rd party auth provider (Google, Microsoft, Auth0...) Provider saves a cookie with that state (from something like accounts.google.com) and usually reads it back from first party context.
If samesite is not set to none, supporting browsers are not allowed to write cookies on the auth domain from the firstparty context, and so the firstparty scripts don't think it ever happened, even though it did. First party scripts can't read it and so sso failed.
It should be noted that SameSite was broken with Google Sign-in because Google themselves never set the None attribute before they reverted the rollout in April. [0]
We've seen the GDP number manipulated during this crisis, Gov propping the economy up with lots of self-debt that we cant pay back.
We've seen that other developed counties in the world bawk at us. Example being the American woman who killed a guy in the UK by driving on the wrong side; and the US said she had diplomatic immunity, when she did not. [0]
Crime stats... Crime isnt crime if it isnt punished or even taken to the courts proper. A sitting president was impeached, but not removed from office. He was charged with high-crimes. If you need a statistic, just look at how stacked the government is from a 2-party system.
> See what's happening on your devices with in-depth Analytics and real-time Logs.
> Protect your kids and control what they can access online.
Their pricing page is also extremely troubling.
> We may adjust this later on based on actual costs at scale, but it will follow this logic.
What the hell is this Mozilla... This is not a company you should be dealing with. They tell you up front that they log and monitor... They also aren't at scale, and have to learn lessons the hard way with outages.
Where on earth is a transparency report for NextDNS? They were started in March, and I would think that Mozilla would check their requirements before giving the 'lets add them.'
Proxmox is good with the large exception of high speed interconnects.
If I have Mellanox IB cards in my servers, proxmox fails to handle ipoib without a lot of legwork. Compare that to something like oVirt; that supports it out of the box.
There is very little incentive for me to recommend a proxmox subscription to any of my clients because having >= 40 gbit interconnects is far better than using lags on single gbit. High traffic internal applications, (and migration!) benefit so much from those interconnects.
> crusading against DoH favor a different centralized DNS standard, DoT
I think that there are 2 camps against DoH. 1. Default centralization to specific points. EG firefox using cloudflare first and foremost, nobody else. 2. DoH adding complexity. DoT was (practically) superseeded with DoH anyway, if for nothing more than adoption.
> criticism against DoH that says it's wrong for browsers to co-opt DNS resolution at all, and that they should use the system's resolver. This is nonsense.
So... your argument is that I can't trust the OS to 'do the right thing' but I should trust the browser, because they know best? If you can't trust the OS, then how could I possibly trust a browser running on the said, untrusted OS?
Honestly asking how you came to that conclusion because the train of trust is broken on the OS level, so anything above is moot.
> DoH simply don't believe DNS lookups should be private
Problem with DoH is that it is private up to the endpoint. Nobody can listen on the request, but nobody is preventing the endpoint from telling everyone else that 'Joe Smith visited Youtube at {timestamp} Once the endpoint has the request, they have your info and can just as easily sell that to telcos.
End-to-End encryption and privacy is only as good as the people on the other side. Can't trust Alice with your message, then don't send it.
> modernizes the DNS protocol
If by modernize you mean convolutes. If I have a resolver on my network serving qwer.localnet. Browser asks cloudflare, returns nxdomain, then my system resolver asks for it; that is far more latency and is far from the modern proper solution for speed and privacy. Cloudflare now knows that I have a local domain, qwer.localnet.
Discovered this Fun fact last night; the systemd resolver since V242, used cloudflare as a fallback DNS. [0] The fallback has been Google and quad9.
In theory (haven't tested it,) this means that even if I give 0 DNS servers on a DHCP request, and I ignore any DNS requests to the gateway (if I wanted a machine totally unable to resolve) I can't do that because a distro choice to use the systemd resolver.
All ISPs have privacy policies. 99% of all privacy policies are either copy/pasted from elsewhere or written in legalese so that company can do whatever they want. 'Internal business use' is a nice fodder for 'Selling data to increase this general ledger account for later business use.'
An audit is almost always under bad pretenses. If I spend $$$ on an audit company, the company itself has bias.
The difference between third-party audits and government issued audits (think food safety) is that the government has nothing to gain by a positive, or negative result.
Bans were (and still are) pretty hard to come by as long as you pay for a membership.