HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Cu3PO42

2,254 karmajoined 9 jaar geleden

comments

Cu3PO42
·gisteren·discuss
I loved garnix and I’m sad to see the service shut down. That said, open sourcing the platform is the best way to do it I can imagine. I wish the team success at Shopify.
Cu3PO42
·11 dagen geleden·discuss
Sonnet 5 is not currently available in the EU region on Bedrock, whereas previous models were and still are. I wonder if this is only due to early stages of the rollout or if this is due to recent US restrictions.

Unfortunately that means I won't be using it at work for now.
Cu3PO42
·2 maanden geleden·discuss
They switched to a weekly release cycle, presumably to compete with the perceived iteration speed of the many VS Code forks.
Cu3PO42
·2 maanden geleden·discuss
While it is certainly inspired by Arc, it doesn't share any code. Arc is proprietary and Chromium-based, Zen is Open Source and Firefox-based.
Cu3PO42
·5 maanden geleden·discuss
I personally find the "animals killed since you opened this page" number to be the most unsettling. YTD numbers are so large, I find them hard to process.

If you choose to eat meat, please be aware of the conditions most of these animals exist in and how they die. I'll spare you more numbers, because they don't do the cruel reality justice anyway. Instead, I'll leave you with some video material: https://animalequality.org/blog/factory-farming-facts/
Cu3PO42
·5 maanden geleden·discuss
I've looked at OpenRC, RUnit and S6. I haven't recently run any of them "in production", however.

Personally, I am a strong believer that declaring the desired state is a lot easier to get right than actually writing the code to get there. Beyond that, I'm not saying any of these are bad at being what they are, systemd just has more features, some of which I really like. Two examples I'm actively using currently are automount units and socket activation (S6 also has socket activation). I have some remote folders mounted via SSHFS automatically when I access them and this is incredibly useful for my workflow.

Could I find tools to slot into other init systems that do this for me? Probably. But systemd has this neatly packaged up, easy to configure and easy to introspect state.
Cu3PO42
·5 maanden geleden·discuss
Gnome, for example. GDM now needs systemd's userdb.

It is indeed becoming harder and harder to avoid and I understand that this isn't great, but systemd tackles some genuinely hard problems that others don't. Which is to say I don't begrudge Gnome devs for this and personally prefer systemd over current alternatives.
Cu3PO42
·5 maanden geleden·discuss
You seem to be under the impression that you cannot reset your Secure Boot to setup mode. You can in the UEFI, doing so wipes any enrolled keys. This, of course assumes you trust the UEFI (and hardware) vendors. But if you don't, you have much bigger problems anyway.

Is it possible someone will eventually build a system that doesn't allow this? Yes. Is this influenced in any way by features of Linux software? No.
Cu3PO42
·5 maanden geleden·discuss
> What prevents Microsoft from mandating removal of enrollment permissions for user keychains and Secure Boot toggle

Theoretically, nothing. But it's worth pointing out that so far they have actually done the opposite. They currently mandate that hardware vendors must allow you to enroll your own keys. There was a somewhat questionable move recently where they introduced a 'more secure by default' branding in which the 3rd party CA (used e.g. go sign shim for Linux) is disabled by default, but again, they mandated there must be an easy toggle to enable it. I don't begrudge them to much for it, because there have been multiple instances of SB bypass via 3rd party signed binaries.

All of this is to say: this is not a scenario I'm worried about today. Of course this may change down the line.
Cu3PO42
·6 maanden geleden·discuss
> Maybe I could get a EU bank from another EU country but my employer will not accept an out of country account for salary deposits because it makes their tax life difficult and my mortgage provider doesn't trust foreign accounts either.

I do not doubt this is happening, but it is forbidden under SEPA. All IBANs, no matter from which member country, must be treated equally. Unfortunately, "IBAN discrimination" happens quite frequently still. The European commission recommends filing a complaint with your national governing body.
Cu3PO42
·6 maanden geleden·discuss
If you're working in a corporate environment, this may not be viable. LibreOffice is great software, but it's not 100% compatible. Things may look slightly different, get lost or otherwise cause problems. I've really tried, but at the end of the day I occasionally do need to use actual Microsoft Office.
Cu3PO42
·6 maanden geleden·discuss
nix-darwin is essentially this. I have a small bootstrap script to install Xcode CLI and Nix, git clone my dotfiles and activate the config. That in turn sets up the system, also installs Homebrew, installs apps from the App store and sets up all my configs. The only thing I need to do after is sign into some accounts.
Cu3PO42
·7 maanden geleden·discuss
ZeroSSL is Austrian, however since I last looked at them it appears they were acquired by a US corporation.
Cu3PO42
·7 maanden geleden·discuss
If you use secure boot and don't let your keys near Windows, you should be fine even if your Windows install is compromised. Unless you don't trust Microsoft themselves, in which case you'd need to re-enroll keys whenever switching operating systems, which is possible, but very tedious.
Cu3PO42
·7 maanden geleden·discuss
I also strongly dislike requiring remote attestation for any kind of software I want to run. But what I also dislike is cheaters in my online games and I genuinely do not have a better suggestion on what to do.

Personally, I run Windows purely for gaming and don't let it near any important data. For the latter, I boot into Linux with separately encrypted disks.
Cu3PO42
·9 maanden geleden·discuss
The important part in the parent is "that don't need a user password". You just said you had to supply a (user) password.

With a TPM you can set it up that your disk is unlocked automatically, but only if no-one changed anything in the signed boot chain. This is the default with Bitlocker on Windows and is also possible on Linux, though somewhat more finicky.
Cu3PO42
·9 maanden geleden·discuss
Is it? Last time I tried to self-host my email I did. I had DKIM, DMARC and SPF set up correctly as verified by multiple sites, but I couldnt't get reliable delivery to any Microsoft-hopsted mailboxes. Every other provider I tested was perfectly happy with my mail, unfortunately MS is too big a provider to ignore them.

> What matters is domain age, IP, and compliance with DKIM/DMARC.

Maybe it was my IP, but I cycled a few with my hosting provider and none of them made a difference. If I am unable to reliable obtain a 'trusted' IP, what good does it do?

I switched to hosted email and all my delivery issues were gone.
Cu3PO42
·10 maanden geleden·discuss
Anecdotally, I'm not. I always use Firefox (or Zen) and get almost no Captchas. Neither at home, nor at work. Not on Windows, not on Linux, not on macOS.

I'm not going to say that Cloadflare isn't doing anything fishy, but if they are, it's probably more complicated.
Cu3PO42
·10 maanden geleden·discuss
Depending on the timeouts involved, I imagined it might still happen if you had automatic retry.

And thanks for the pointer, I actually have the same fix in my config with the nice benefit of only adding a single non-changing entry to /etc/shells. It might be worth up streaming something like this to nix-darwin, so we don't all go implement essentially the same fix.
Cu3PO42
·10 maanden geleden·discuss
Neat. Though I wonder if this suffers from the same race condition that the graphical session does when your shell is stored on a data volume.

Specifically, if you restart and opt to restart apps, they can come up before all volumes have been decrypted and mounted. If your shell is on one such volume, your terminal emulator may fail to start, for example. This can happen when using Nix to install your shell, for example.

I imagine this may be even easier to hit over SSH unless the underlying problem was resolved.