It’s a risk that I’m willing to take, personally.

But tbf I do make sure that I own my primary mail domain.

Website hosting and such thing? Njal.la all the way. Never had an issue with them.

Edit: oof, clearly some irrational hate for njal.la here. I state my personal preference and get downvoted… is this reddit now?!

Sonarr + Radarr + Transmission-OpenVPN + Ombi + Plex.

For the past ~5 years or so, I’ve had the choice of a polished web UI to pirate any movie or TV show on demand. Up until the past few months, I have still paid for:

• Netflix
• Amazon Prime
• Apple TV+ (as part of Apple One)
• Disney+
• YouTube Premium

… because their products and recommendation engines were more user-friendly for my family and I. Since the pattern of price gouging in the last 6-12 months, I now subscribe to:

• Netflix (cancelling this imminently)
• Apple Music (Apple One cancelled)

I hope the shameless cash grabs result in a mass exodus of users and really hurt these platforms.

I would’ve been delighted to receive a managed Ethernet switch as a kid! I hope it came with some useful SFP modules and a USB serial adapter 😜

Zsh is a nice balance of modern features and backwards compatibility with bash.

Crostini is an official feature built by Google that allows you to run Linux on a tightly integrated hypervisor inside Chrome OS. You keep a lot of Chrome OS’ security benefits while getting a Linux machine to play with.

That said, no, it’s not illegal to install a different operating system on your Chromebook hardware. They are just PCs, under the hood. You might lose some hardware security features though, e.g. the capabilities provided by integration of the Titan silicon.

If you had a job at Google, corporate IT would definitely not be happy if you wiped the company-managed OS and installed an unmanaged Linux distro :)

The reddest of red flags.

Open source vulnerabilities typically stem from poorly written code

Yeah, because paid programmers never write bad closed-source code…

Tl;dr: TPMs are very unlikely to make your privacy better or worse, but they could definitely be abused by a company like MS to make end users’ experiences worse. They could also be used for significant security and privacy gains… they’re a tool.

The TPM can be used to provide a cryptographic binding between aspects of your system’s configuration and a unique key which is resident within the TPM (a process called “attestation”). It can also generate secondary keys that are associated with the base key, and use those to do cryptographic operations like encryption/decryption and authentication.

Telemetry wise, the TPM’s only utility might be to “prove” that the data sent from your PC wasn’t tampered with. That said, I don’t think MS is actually doing that, and they don’t need to in order to be incredibly invasive in their telemetry.

The (imo) worst way in which a TPM might be abused in a user-hostile sense is to detect if the OS has been modified by the user, or if an installation isn’t legitimate, etc. That could be used to disable certain features if you try to install unauthorised software, dual boot Linux or whatever. This would be similar to the smartphones of today, which can for example disable access to banking apps if jailbroken/rooted.

TPMs (>2.0 at least) otherwise have the potential to realise a significant improvement in security and privacy for users, if used correctly. They can be used for encryption and credentials that are bound in hardware and therefore practically impossible to steal. And can detect hardware tampering and potentially foil Evil Maid attacks. Imagine if your login sessions for various websites were bound to your hardware, such that a dodgy extension could never steal your cookies.

I found it much more barebones in my tinkering. It doesn’t seem to support pulling via SSH (and definitely doesn’t support signing commits). Configuration options appear extremely limited, both in documentation and the UI.

It looks nice, but I don’t really see the point to it when Gitea Actions is now a thing. Gitea is a more mature product, and is similarly fast and lightweight.

This is why self hosted to me means actually running it on my own hardware in a location I have at least some control of physical access.

That said, an ISP could perform the same attack on a server hosted in your home using the HTTP-01 ACME challenge, so really no one is safe.

HSTS+certificate pinning, and monitoring new certificates issued for your domains using Certificate Transparency (crt.sh can be used to view these logs) is probably the only way to catch this kind of thing.

Of course they do, but it isn’t the ISP’s job to do so. I believe that is the point that the EFF is making here.

Censorship sometimes needs to happen to protect people, but it should be conducted by website owners/platforms and government authorities – on each end of the information transaction, not in transit by an ISP.

Njalla is mine. I like the privacy protections they offer.

Are CloudFlare, Amazon or Microsoft any better? Google at least take security (if not privacy) very seriously.

In general it seems bad to have any huge profit-driven organisation exercising significant control over open standards, but I do think that Google is lesser than many of the other evils.

Sonarr and Radarr with Ombi for requests if desired. Transmission + OpenVPN for the download side.

Or you could manually rip DVDs/Blu Rays if you can still get ahold of them for the stuff you want to watch.

Did they ever satisfactorily resolve that issue, or did the media just stop covering it as aggressively? Last I heard they were trying to add solar shields to the satellites to reduce their albedo.

I’d argue the bigger moral is that you should always own your online identity. You should buy your own domain (@yourname.xyz or something like that) and make your email on that. So if Google bans you, you just switch email providers and keep your address.

IIRC DuckDuckGo wasn’t a fan of the Australian media bargaining bill either. I suspect they will also deindex news sites in Canada should amendments not be made.

I haven’t seen the Canadian one and this is honestly the first I’ve heard of it, but the idea that a referrer has to pay a news website for directing traffic to them is ludicrous to me.

Looks like a very cool project, thanks for building it and sharing!

Based on the formula you mentioned here, it sounds like an instance with one user who has posted at least one comment will have a maximum score of 1. Presumably the threshold would usually be set to greater than 1, to catch instances with lots of accounts that have never commented.

This has given me another thought though: could spammers not just create one instance per spam account? If you own something like blah.xyz, you could in theory create ephemeral spam instances on subdomains and blast content out using those (e.g. spamuser@esgdf.blah.xyz, spamuser@ttraf.blah.xyz, etc.)

Spam management on the Fediverse is sure to become an interesting issue. I wonder how practical the instance blocking approach will be - I think eventually we’ll need some kind of portable “user trustedness” score.

Maybe I’m being stupid, but how does this service actually determine suspicious-ness of instances?

If I self-host an instance, what are my chances of getting listed on here and then unilaterally blocked simply because I have a low active user count or something?

There has been some good commentary about this on Mastodon, but the long and short of it seems to be that federation is actually a pretty terrible way to harvest data.

The entire fediverse is based heavily on openly accessible APIs - Meta doesn’t need to federate with your instance to scrape your data, there’s really not much that can be done about it.

The real solution to Meta’s unethical behaviour is unfortunately going to be legislation, not technical.