Just some Internet guy

He/him/them 🏳️‍🌈

  • 1 Post
  • 922 Comments
Joined 1 year ago
cake
Cake day: June 25th, 2023

help-circle
  • It’s just not that good of a metric overall. Not just because it would be easy to fake it, but also because it would inevitably divide into tribes that unconditionally upvote eachother. See: politics in western countries.

    You can pile up a ton of reputation and still be an asshole and still get a ton of support from like-minded people.

    The best measure of someone’s reputation is a quick glance and their post history.


  • I think it is a circular problem.

    Another example that comes to mind: the sanctions on Huawei and whether Google would be considered to be supplying software because Android is open-source. At the very least any contributions from Huawei is unlikely to be accepted into AOSP. The EU is also becoming problematic with their whole software origin and quality certifications they’re trying to impose.

    This leads to exactly what you said: national forks. In Huawei’s case that’s HarmonyOS.

    I think we need to get back to being anonymous online, as if you’re anonymous nobody knows where you’re from and your contributions should be based solely on its merit. The legal framework just isn’t set up for an environment like the Internet that severely blurs the lines between borders and no clear “this company is supplying this company in the enemy country”.

    Governments can’t control it, and they really hate it.


  • The problem isn’t even where the software is officially based, it can become a problem for individual contributors too.

    PGP for example used to be problematic because US exports control on encryption used to forbid exporting systems capable of strong encryption because the US wanted to be able to break it when it’s used by others. Sending the tarball of the PGP software by an american to the soviets at the time would have been considered treason against the US, let alone letting them contribute to it. Heck, sharing 3D printable gun models with a foreign country can probably be considered supplying weapons like they’re real guns. So even if Linux was based in a more neutral country not subject to US sanctions, the sanctions would make it illegal to use or contribute to it anyway.

    As much as we’d love to believe in the FOSS utopia that transcends nationality, the reality is we all live in real countries with laws that restrict what we can do. Ultimately the Linux maintainers had to do what’s best for the majority of the community, which mostly lives in NATO countries honoring the sanctions against Russia and China.


  • Those kinds of problems aren’t particularly new (PGP comes to mind as an example back when you couldn’t export it out of the US), but it’s a reminder that a lot of open-source comes from the US and Europe and is subject to western nation’s will. The US is also apparently thinks China is “stealing” RISC-V.

    To me that goes against the spirit of open-source, where where you come from and who you are shouldn’t matter, because the code is by the people for the people and no money is exchanged. It’s already out there in the open, it’s not like it will stop the enemy from using the code. What’s also silly about this is if the those people were contributing anonymously under a fake or generic name, nothing would have happened.

    The Internet got ruined when Facebook normalized/enforced using your real identity online.


  • The logins aren’t federated, the content is. Each instance receives a copy of everything, and normally you browse other instance’s content from your home instance. In your case you’d access lemmy.one’s content from your home instance, lemmy.world. If the logins were federated we wouldn’t need those domains after our usernames!

    The email analogy still works for this: if you’re on Gmail, you don’t go log in to Outlook to send an email to your friend: from gmail directly, you send an email to your friend and Gmail’s server takes care of sending it out to Outlook.

    There’s browser extensions to help go back to your home instance, as the linking on Lemmy is sometimes a bit weird and you do end up on other instances every now and then.



  • Everyone’s approaching this from the privacy aspect, but the real reason isn’t that the cashier thought you were weird, they’re just underpaid and under a lot of pressure from management to try multiple times and in some cases they even get written up for not doing it because it’s deemed part of their job. They hate it just as much as you. Same when you try to cancel your cable subscription or whatever: the calls are recorded and their performance is monitored and they make damn sure they try at least 3 times to upsell you, even when it’s painfully obvious you’re done with them.

    Just politely decline until they asked however many times they’re required to ask and move on.




  • With Docker, the internal network is just a bridge interface. The reason most firewall rules don’t apply is a combination of:

    • Containers have their own namespace including network namespace, so each container have a blank iptables just for them.
    • For container communication, that goes through the FORWARD table, not the INPUT/OUTPUT ones.
    • Docker adds its own rules to ensure that this works as expected.

    The only thing that should be affected by the host firewall is the proxy service Docker uses to listen on a port on the host and send it to the container.

    When using Docker, each container acts like an independent machine, and your host gets configured to act as a router. You can firewall Docker containers, the rules just need to be in the right place to work.


  • The sandboxing is almost always better because it’s an extra layer.

    Even if you gain root inside the container, you’re not necessarily even root on the host. So you have to exploit some software that has a known vulnerable library, trigger that in that single application that uses this particular library version, root or escape the container, and then root the host too.

    The most likely outcome is it messes up your home folder and anything your user have access to, but more likely less.

    Also, something with a known vulnerability doesn’t mean it’s triggerable. If you use say, a zip library and only use it to decompress your own assets, then it doesn’t matter what bugs it has, it will only ever decompress that one known good zip file. It’s only a problem if untrusted files gets involved that you can trick the user in causing them to be opened and trigger the exploit.

    It’s not ideal to have outdated dependencies, but the sandboxing helps a lot, and the fact only a few apps have known vulnerable libraries further reduces the attack surface. You start having to chain a lot of exploits to do anything meaningful, and at that point you target those kind of efforts to bigger more valuable targets.






  • Yeah, I used to not block ads but they’re so invasive these days. If 2 banner ads pop on at the top and bottom of the screen with a full screen app on top with ads between every paragraph and a PIP video ad on top, yeah, I don’t even bother reading the article.

    And I sure as hell am not subscribing to a $10/mo subscription because someone linked to a paywalled article either. It’s so crazy those sites just assume every visitor is a recurring visitor that might subscribe. Definitely wish there was some sort of micropayment thing, like pay 25 cents to view it or something.


  • My point was really that data can’t be that exensive even with including transit fees like Cogent and Level3, because I can use TBs of bandwidth every month and OVH doesn’t even bother measuring it.

    If my home ISP gives me a gigabit link, yes I pay for all the cabling and equipment to carry that traffic. But that’s it, I already pay for infrastructure capable of providing me with gigabit connectivity. So why is it that they also want me to pay per the GB?

    In Europe they can provide gigabit connectivity for dirt cheap with no caps, they don’t even bother with tiered speed plans there, how come my $120+/mo Internet in the US isn’t sufficient to cover the bandwidth costs? It’s ridiculous, even StarLink doesn’t have data caps.

    But somehow communities with crappy DSL that can barely do 10 Mbps still have ridiculously low data caps. It’s somehow not a problem for most ISPs in the world, except US ISPs, the supposedly richest and most advanced country in the world.