It’s cute how they think they can control every technology by controlling commercial sales. And this after 3D printing started as this huge RepRap movement where everybody and their friend built their 3D printer from online instructions and rollerblade bearings.

Up next: when buy a 3D printer kit, you have to agree to only flash the unmodified firmware on your Arduino, and not one of the forks from Github. And you are no longer allowed to create your own hardware at home, or tinker with electronics of any kind, or publish instruction how to make your own electronics. And after that, you now need to register yourself before you can use a debugger.

The authenticated encryption of HTTPS similarly protects the CDN-based web clock approach. This avoids situations where an attacker-in-the-middle tampers with insecure NTP responses, messing up your system’s clock.

Almost… there is this fun thing called a delay attack that works despite encryption! (I’ll admit that it’s probably not a practical concern.)

Anyway, the article talks about time measurements through an absurd amount of abstraction layers. Please don’t ever call this “simple” or even “cloud-native time” or the like.

If you start trying to improve this setup you’ll find so many face-palm moments. Like TCP retransmissions (which the article mentions, to be fair). You’d have to use WebRTC to avoid that, which I bet the CDN network doesn’t support. Or the fact that web browser timers have intentionally reduced precision to resist fingerprinting. (Granted, if you are still in the milliseconds range it is not a problem.)

After I fiddle with the firewall rules (or a system install or major upgrade) I usually only do a quick portscan with nmap from another box. (TCP and UDP; only IPv4 only because I disabled IPv6 completely.) There are online port-scan services too, but you never know if they also invite the bots.

I agree with others here that vulnerability-scanning your own applications seems overkill. Like with external virus scanners, I always feel they are just as likely the attack vector themselves. The more complexity, the more risk.

What I do is:

1. Enable unattended system updates (on Debian stable) and automated reboots. And sometimes check if it actually still works.
2. Firewall configuration with a whitelist for public ports, and as a second layer:
3. configure internal services to listen only on localhost, or to filter access by ip/netmask, and
4. put something in front of services that don’t need general public access. (A wireguard tunnel, or HTTP basic auth in your reverse-proxy.)
5. if you expose ssh to the public, make there is some extra step that prevents you from exposing a test user you just created. I’m using the AllowUsers user whitelist, but KbdInteractiveAuthentication no should be good enough too. If the failed login attempts by the bots bother you, you could run sshd on a non-standard port.
6. stop services you no longer use, or at least remove public access.
7. If you have a complex service that needs to be fully public (say a video conference solution, I wouldn’t worry much about a simple static web server) then isolate it from everything else somehow. Ideally on a separate box, make sure it cannot access the internal network, make sure it cannot access any files it doesn’t need. And install those security patches.

Something else I always wanted to do (but never got around doing) is to create a simple canary intrusion detection. Like, putting some important-looking “prod” host into ~/.ssh/config and a private ssh key, and configure the target host to send me a SMS instead when this key tries to log in. (Or even shut everything down automatically.) This should prevent me from becoming part of a botnet for months unnoticed, maybe.

Check out the “tyranny of the rocket equation”.

Or ask Randall Munroe How many model rocket engines would it take to launch a real rocket into space?

I have a router with a few cronjobs like this:

# m h dom mon dow command  
00 20 12 * * echo "check bank transactions (monthly reminder)"  
00 19 15-21 * * test $(date +\%u) -eq 6 && echo "Anki learning reminder"  

Cron will by default send an email with the script output. So you “just” need a non-broken email setup that forwards system emails to your main account. (Assuming you don’t self-host email too.)

This setup is useful because I have a few other cronjobs (backup scripts, and a health check for my own application) that should notify me in case of failure, and I would eventually notice that this is broken by noticing that those “calendar” emails no longer get through.

Reminds me of this Calvin and Hobbes comic about ethics :)

Do not go gentle into that good night,
Old age should burn and rave at close of day;
Rage, rage against the dying of the light.

Interstellar (2014) - Scene that quotes the poem. Now this is where you go for proper theatrical drama.

You don’t have to live with the developers. You don’t examine Google or Apple with that kind of scrutiny either, as a user. In fact you can’t, because Google and Apple developers have NDAs and PR to prevent any internal human drama from leaking to the public. Doesn’t mean there is less of it.

With community-driven open source projects, almost everything happens in public, so you can dig up all that, and drama gets amplified through social media. If you want the illusion of something free of imperfect humans, better stick to the corporate stuff, I guess.

A yes it would make sense for everything you can block/subscribe, but I guess 80% of the value is to “1/4 subscribe” or “4x subscribe” a community. I’m hesitant to block a whole domain or user, but I would probably have downweighted a few by factor 4 if I could.

I like how Kagi (the search engine) does it: you can set a domain to (block, lower, normal, raise, pin) from the search results page. It’s one of their most loved features. (Probably the five levels are a better UX choice than a slider or a number entry. My guess is that they search the first 100 results or so normally, and then reorder/filter according to preferences.)

I would like some manual control over how often I see a community in my “hot” feed (or any other feed). Some way to manually “down-weight” some very active communities. (And “up-weight” niche communities if they are very relevant to me.)

Basically when I join a very active community (like !dach@feddit.org) it will replace half of what I currently see in my feed, and I fear to miss the more niche communities that have one or two posts per week and few voters. Currently my only option seems to be to unsubscribe again and use a bookmark to check it. (Or to create a private feed with all the high-traffic communities, as someone else commented here - thanks!)

I think the first person on Mars should be close to retirement age and expect to stay and die there.

So the next achievement would be to get them an optional supply mission. And then for them to die after a few years, without too much discomfort, not from technical failure and without living through the effects of radiation.

Sure a great place to deploy solar. But Green Energy is not the label for this ;-)

Additions exceeded the prior year’s by 17%.

Woah! A second derivative has been spotted in the wild! Math friends rejoice!

It was trying to hide in the middle of a plain English sentence, in the free press! Don’t reach for your exponential gun just yet, you’ll scare it away. Put on LaTeX gloves and unbuckle your Weapons of Math Instruction.

Some quotes:

[…] the increase in clean-power generation from newly added capacity in 2025 was sufficient to cover demand growth of up to 5%.

In total, CO2 emissions went up slightly year-on-year, as increases from steel and cement outweighed the falls in gas demand and coal power.

The planned investment in steelmaking is overwhelmingly coal-based capacity. […] Two-thirds of steel is used for construction. Strong steel demand in 2025 reflected growth in new housing construction in earlier years

But I don’t drink alcohol, so when I buy the beer the CO2 remains captured! Now I just need a very large cellar. Would the beer store more CO2 per volume than balloons filled with my exhale? So many open research questions, affordable carbon capture breakthrough any time now! /s

Unintended consequences are not engineering. Quite the opposite. So “geo” yes, “engineering” no.

Are you this person who, at the family gathering, will loudly decline words in a long dead language they forced you to learn 50 years ago, just to call it useful?

Well the problem with Lemmy is that it doesn’t have clamfacts, so you need mastodon too.

E-Reader benutzen um längere Texte zu lesen (im Flug-Modus). News auf PC lesen, nicht auf Handy. Browser plugin (LeechBlock NG) einrichten, das nach übermässigem News-Konsum eine Warte-Seite anzeigt, so dass die Seite erst nach einer Minute lädt. Dann kurz aufzustehen und überlegen ob man die Seite wirklich öffnen muss. Den PC einen halben Tag lang nicht benutzen, dazu Stromkabel raus, Tastatur/Maus entfernen. Zehn Minuten Meditieren, oder nur schon zwei Minuten lang bewusst atmen bringt viel.

Yes. Not going to happen. The next best thing would be to shorten copyright protection to 10 years. (Also not going to happen, but easier to convince people that we should try this.)