Bit of an alarmist headline here. The vulnerability has been patched in the most common clients (openssh) and it was because the protocol wasn't being implemented correctly. To say that the SSH protocol "just got a lot weaker" is just not true.

Why are people weaving social media and the internet into a single thread? The internet is so vast, social media makes up a tiny sliver of it.

Because to most people outside Lemmy the "internet" (by which they mean the world wide web but that's me being a pedant) IS social media. There might as well not be anything outside the walled gardens of social media to them because they've been conditioned to only stay on one, maybe two platforms for years at this point. The old "what's a browser?" question these days gets answered with "I don't need a browser I have Facebook". Completely nonsensical to us but to them it's totally natural. Not being derogatory about them or anything but the 60k lemmy users and however many million on Reddit are not the majority. Facebook with it's 3 billion (with a b) users, IS the majority of the internet.

Yes I was wrong to say that this an implementation detail rather than a protocol problem as the OpenSSH release notes to prevent this vulnerability include extensions to the SSH Transport Protocol, however I still believe that the headline is sensationalist at best since it can and has been protected against by patching ssh clients and servers. It would be entirely unreasonable in the majority of cases to simply stop using SSH on the basis of this vulnerability and that's why I think the headline exaggerates the problem. The Register has a much more measured take on this including comments from the paper's authors that people shouldn't panic and try to fix immediately.

I've been programming for too long, my brain just autocorrected the typo so initially didn't get the joke...

I disagree with the $ per hour framing (it's more about the value the entertainment provides than the amount of time it takes to consume) but yes you should pay for your entertainment. I got far too used to paying nothing or close to nothing as a student that it took me a while to readjust.

In the nicest possible way, what do you mean by "both sides" in this context? One side says that trans people either don't or shouldn't exist and the other side says they should exist. I know that may sound extreme or combative but that's fundamentally "the debate" so I genuinely want to understand how you reached this "both sides have merit" stance that some people close to me also take but I've never understood.

"Too slow to be viable" is a bit strong. I've had a fairphone 4 for at least a year now and I've had no issues.

Yeah then you start debating the merits of hate crime as a concept and I am not even slightly equipped to deal with that!

I had similar queries around "biological sex" vs gender a while ago and my understanding now is that biological sex is surprisingly hard to define. You can't go by genitalia because sometimes a person creates the "wrong" ones. You can't go by chromosomes because again, sometimes they're different. And you can't go by other physical traits (Adams apple for example) because again sometimes it's there, sometimes it's not, completely unrelated to sex. You can sort of go by hormones but not really (just look at professional sport) so it's all a bit of a mess. It's way easier for me to just accept there's a spectrum and move on, because to me it's way harder to actually define where the line is than to just dismiss the line entirely.

Another commenter said this but the last two prime ministers were only chosen by the conservative party membership, not by general election. So about 30,000 people have decided the ruler of the country for the past couple of years. You can argue about PMs before then but First Past the Post voting also has a lot to answer for.

I agree with those saying mailing lists are intimidating. I don't know if others are using dedicated tools or something but I find web based mailing list UIs just incomprehensibly bad and difficult to navigate.

I've heard the argument as a positive of learning vim and while it did finally force me to touch type I can't say that it had any impact on my programming speed.

Again, this existed before AI. Typo squatting, supply chain attacks, automated package uploads, CI pipeline infection, they're all known attack vectors. That's not to say this isn't a concern, just that it's a known risk and the addition of "AI" doesn't, to my eyes, increase that risk. If your SSH keys don't require a password, you have taken the decision to make those keys less secure but more convenient to use. That's pretty much always the tradeoff in security.

I've had this argument with friends a lot recently.

Them: it's so cool that I can just ask chatgpt to summarise something and I can get a concise answer rather than googling a lot for the same thing.

Me: But it gets things wrong all the time.

Them: Oh I know so I Google it anyway.

Doesn't make sense to me.

The risk here is slightly overblown or misrepresented. Just because a fork exists doesn't mean that anyone has even read it, let alone run it on their system. For this to be a real threat they would have to publish packages with identical or similar names (ie typo-squatting) to public package repositories which this article didn't have any information on but which is a known problem long before AI. The level of obfuscation and number of repos affected is impressive but ultimately unlikely to have widespread impact to anyone besides GitHub.

Without the context of your understanding of the debate as you've outlined here we can only guess what you meant by "the debate" in your previous comment so thanks for taking the time to describe it. I absolutely agree that there needs be great care around the legitimacy of when someone declaring their gender should be taken seriously or not in some limited and extreme circumstances (prisons spring to mind). I think your characterisation of the terf argument if you speak to normal people is about accurate from my limited experience. The media and some outspoken terfs like JK are on the more extreme side of that where they say that it is already "too easy" to legitimately change their gender. Which is where I fundamentally disagree with them since I know the hoops some of my friends have had to jump through to even get the smallest amount of help from health providers.

(I'm using "legitimate" above as a sort of catch all for legal or what the person genuinely feels. I don't think legal and legitimate are the same thing in this context, hence the distinction.)

I agree it's a low-to-mid tier phone but as I'm only using my FP4 for calls, discord, email, browsing, youtube etc it's perfectly fine. Most people don't need a top tier phone these days.

My specific point here was about how this friend doesn't trust the results AND still goes to Google/others to verify, so he's effectively doubled his workload for every search.

Personally I rename them to something meaningful and they get merged if there are no other references. PayPal is especially bad for completely meaningless rubbish in the payee field and they tend to be ad-hoc purchases so I don't fiddle with them much. The category is the most relevant bit for me.

I did the same with manjaro, though I split it so I technically can get back to macos if I really want to. Annoyingly that now means I need to keep an eye on the disk usage.

Thanks, the flexibility and closed source (I assume) of turn key solutions puts me off them. I've already got a raspberry pi running a few containers and I work with docker and Linux in my day job so I know a decent amount. The form factor of the turnkey solutions is the big draw for me at the moment to them as I've just got a spare ATX mid size tower handy. Would ideally replace with smaller case but then I'd need a smaller motherboard and that's just raising costs for starting out. Potential upgrade path anyway.

Yeah this is definitely a downside to using spare gear over purposeful purchases. I think it makes sense to use what I have and optimise later. I've got an old intel i5 and mobo I'm planning on using for the NAS. Need to find another use for my old Ryzen 5 2600X.

Literally just bought what I believe to be last generation's X13 on ebay for half the price of the new one. It's been great so far, especially with the power efficiency of Ryzen CPUs. My one complaint is the soldered RAM, which judging by the new lineup is getting phased out, thankfully.

Yes I've got the domain I just replaced example.com for explanation purposes. Yes I know public certs are easily searchable which is why I'm trying to use a wildcard domain (*.local) which is public. Caddy should be handling the domain record updates as required but I would assume that I'd see an error from the API request to update the record before seeing the cert failure. Maybe it's silently failing. I'll check if possible.

Yes it's ionos. I think from the other comment and the fact my DNS hasn't been changed (I'd assume I should be able to see the acme challenge record if it was successful) the DNS integration seems to be the culprit. Not sure how to fix it though!

So I put debug mode on and I see no requests to Ionos which seems like it's the main problem.

Yes, thanks.

No but it's an important step I didn't cover in the post so good spot. I've solved my issue now, see the edit in the post.

Thanks for the suggestion. That wasn't a standard format I was just trying to write them out in a way that represented what I was seeing in my DNS controller and now realise it probably would have been clearer as a table. I honestly wasn't sure if *.local would work either but it's working great now.

I've spent entirely too long in the last week or so researching this. You either go cheap but DIY, or expensive but prebuilt. That's not to say that a DIY is always cheaper than a prebuilt, you can go absolutely nuts if you want, but the performance and spec will always be better for the money going DIY. Hot swap drawers are over-rated as you'll maybe use them once a year if that. I can't recommend any specific prebuilt because I haven't used any and am waiting for parts for my DIY build.

I think for most people it's whatever you got used to first. I agree the hatred the GUIs get is overblown. I would always recommend people learn the command line but if you want to use a GUI, go for it, doesn't affect me unless your commits are bad, in which case the CLI wouldn't have helped anyway.

Either works

I think part of why it's confusing is that we don't have defined names for these things. This is so early in a social media "product" life that there isn't a common understanding. You're now part of making those names. It's a bit exciting but mostly confusing while everyone uses their own terms to mean the same fundamental things. Embrace the chaos!

Why is it surprising that you had a pocket knife confiscated at a bar?