To categorically prevent that, every computer would need to centrally controlled and managed, which might have been the case here, and the system configuration has to prevent all software that’s not pre-approved from running.

That’s possible too, but could be a pain to tightly manage. It was a privileged user that was spear phished though… the kind of trusted user who might be able to install software on their machine without additional approval.

Because less than 1% of users would use it and your trusting the security of not one bit partner but thousands of ever-changing small partners.

Also, email is already federated.

Yes. I used CVS when it was the best option. If I recall, CVS made it easy to check out a different version of only one fail, making it easy to put a system in an inconsistent state.

For modern VCS that’s pleasant to learn and use but won’t scale to the Linux kernel, I recommend Darcs.

A single binary, interactive commands and online help.

CVS does not even support atomic commits across four files.

You used CVS and it wasn’t a drugstore.

7” is a tablet.

The post suggests that Cloudflare is donating $100k to Omarchy, but no figure is given by Cloudflare. Cloudflare’s press release reads more services in kind for an open source project— something many tech firms already offer without a check on the politics of the maintainers first.

I haven’t heard of that happening much outside of law enforcement raid.

Laptops, yeah. But stories of homes being broken into to steal servers?

When was the last time you saw a headline: “Thieves steal home lab”?

The encoding format of URLs is URL encoding, also known as percent-encoding. Content in the URL may be first encoding in some other format, like JSON or base64, and then encoded additionally using percent-encoding.

While there is a standard way to decode percent-encoding, websites are free to use base64 or JSON in URLs however they wish, so there’s not a one-size-fits-all way to decode them all. For example, the “/” character is valid in both percent-encoding and base64-encoding, so to know if it’s part of a base64-encoded blob or not, you might end up trying decoding several parts of the URL as base64 and checking if the result looks like URL-- essentially brute force.

A smarter way to do this might be to maintain a mapping between your favorite sites that you want to decode and what methods they use to encode links. Then a tool could efficiently directly decode the URLs embedded in these click trackers.

Lol. After professionally hosting email for 15 years I’m happy to let someone else handle it now.

About 90% of incoming mail will be spam and it will be your job to make sure you are doing good job of classifying it so you don’t get junk in your inbox and don’t lose real mail in the spam folder.

Then for outgoing mail you need to make sure SPF, DKIM and DMARC are all in order.

Then there is all the usual stuff of security updates, backups, monitoring, alerting, logging and having a plan for internet outages.

Yes, it’s all doable but I won’t expect it be “set and forget”. I expect there will be quite a bit of tuning with some possible spam and delivery problems while you get kinks worked out.

Ubuntu has a diversity policy to explicitly welcome and encourage participation, mentioning that they explicitly honor diversity in sexual orientation among other things. It does not explicitly mention queerness.

A moderator made a bad a call. It sounds like there may have been some confusion about the word queer used as a slur vs a self-identification.

Upfront they describe two monocultures and then a thriving diverse ecosystem and then conclude that the thriving diverse ecosystem is the unsustainable option.

Yeah, Linux as a software ecosystem is complex and messy like a forest or the animal kingdom. It’s a feature.

Gimp already runs OK on ChromeOS, so I would expect the same on Android soon.

Because Linux runs in VM on ChromeOS, there were some annoyances and there will likely be some on Android.

Maybe they fixed it, but for a long time Linux on ChromeOS couldn’t access Yubikeys because Google choose not to expose those devices to the container.

And some keyboard shortcuts and mappings couldn’t work because again Google limited what the container was allowed to see and control.

And if certain kinds of problems happened, you ended losing both the apps and your data inside the Linux container.

Yeah, it will be cool to run desktop Linux from your phone. But if doing Real Linux Work on Chromebook doesn’t appeal to you, don’t expect it to be better on Android.

YADM is essentially git so about the only thing you need to remember is to use yadm instead of git when managing your dotfiles.

I use YADM to manage my dotfiles. I like and recommend it.

I don’t share them, though.

I work in a security-related position. My dotfiles expose more about tools I use, how I have them configured and if those configurations are secure.

I still like sharing and if there’s some snippet I think is particularly useful, I may share directly or post it somewhere. But I don’t share them all by default.

I posted part of it here: https://forum.ghost.org/t/interested-in-ansible-role-to-install-ghost-to-run-with-podman-containers-systemd-private-networking/46226/2

I also use Ansible. Using Podman’s “quadlet” adapter, the containers run as systemd services.

Congrats on the cat box cleaning!

There’s also Zitadel: https://zitadel.com/