sugar_in_your_tea

@sugar_in_your_tea@sh.itjust.works
6 Post – 5552 Comments
Joined 1 years ago

Mama told me not to come.

She said, that ain't the way to have fun.

Most people weren't following the Chagos Islands news, and I doubt most people with .io names bothered to check any notifications here. A lot of people just pick them up and set them to auto-renew and generally don't think about it again. Those people won't be impacted today, but they will be once the domains get transitioned away, and it'll be a rude awakening for a lot of people.

The simple solution is to not buy country TLDs unless you live in that country or something.

There's no technical reason why they couldn't sync messages, but there is an attack if they do. Basically, someone could set up a new device with your account and grab all of your past messages. Since Signal doesn't sync messages, they'll only get messages going forward.

It should certainly be an option to sync, but I don't think it should be on by default (or at least it should ask on setup).

I still haven't gotten my fill of Civ V, and I've barely touched Civ VI. So I'm not going to bother with anything using Denuvo when I have other games to play w/o that nonsense.

Yeah, and this, right here, is a huge reason why I don't buy vanity domains based on country codes. Political structures can change quickly, and I really don't want to have to rebrand something just because some country decides it wants to restrict its country-code TLDs (e.g. the .ml TLD is owned by Mali, and they could totally push to restrict it to Malian residents).

I stick with the normal ones, like .com, .info, or .org, or content-specific ones like .games.

1 more...

Dang, that hits too close to home for me too. I have kids, and sometimes I forget how old I am because I care far more about how old they are that it just isn't as important to me.

And it's why I, as a self-respecting SWE, refuse to apply to big tech jobs. Yeah, I could get paid a lot more, but it's not worth it for the work culture. My current org seems to respect my opinions and values, and that's worth a lot more than money.

Eh, I'm honestly trying to give Yahoo another shake now that Google is so terrible. That said, Yahoo still sucks to use, and it lost most of the charm that it had in the 90s. And BTW, the xFire suit was around 20 years ago, so you may be older than you want to admit.

1 more...

It's not "security" gains, it's privacy gains, and not storing messages in a central location is a privacy feature, not a bug.

That said, it's not for everyone, and I respect that. That said, I don't use Signal for things that need to stick around long-term, it's just an SMS replacement for me, and messages are only relevant for a week, at most.

1 more...

Isn't it generally better if you use a smaller instance/host your own? Most of the complaints I've heard have been on the busier instances.

That said, I only use it occasionally to catch up on dev updates.

I recently went through most of my accounts and randomized the username, with the thought here being to limit the likelihood of one site being compromised leading to accounts at other sites being compromised. I don't have to remember them due to using a password manager, so it's really no skin off my nose.

I'll use this as a reminder to everyone to improve your security. Some ideas:

  • use a password manager and use random usernames and passwords
  • have multiple email accounts, and don't use your "main" email w/ random signups - I use a simple mnemonic, like "-@domain.com"; so "me-shopping@domain.com" or "me-games@domain.com" so it's easy for me to remember, but unlikely for a lazy hacker to pwn other accounts (a lot of these are automated); my real email is "me@different-domain.com"
  • use 2FA if offered, even if it's stupid SMS or email based; having any extra step can deter an attacker

Sucks that people are targeting IA, I hope there isn't any lasting damage and that this is a simple defacement/DOS.

3 more...

Eh, that's a bit of an exaggeration. There is a lot of room for improvement, but it works pretty well today, especially if your rooms are relatively small (e.g. a few dozen people) and you don't use an overcrowded instance (e.g. not the main Matrix.org one).

If you can host your own, you can adjust the resources so it works well for you. If you can't, just avoid the main instance.

And desktop email clients work if you install their bridge thing.

Yup.

If you use the same email everywhere, they can try brute-forcing the password by using the email instead of your username. Give them less to go on. $1/month is absolutely worth it to prevent an important account from getting hacked.

OpenSuSE

As an openSUSE user, I want to also point out that you can upgrade from Leap -> Tumbleweed really easily, so I highly recommend starting with Leap and upgrading to Tumbleweed later once you get a feel for the system and want something a little more exciting and up-to-date.

That said, I don't recommend openSUSE for a new user unless you're in Europe, because there just isn't a huge userbase or single community I can point at. Support is high quality, when you can find it, but quite a bit less plentiful vs Fedora. That said, SUSE is huge in Europe, so you could probably find a lot more non-English language support.

So if you're sold on an RPM distro, I recommend Fedora, not because openSUSE is bad, but purely based on community support. That said, my primary recommendation is Linux Mint due to community size and proximity to Debian (which also has a huge community).

OpenSUSE defaults to KDE Plasma.

That's not really true, it asks you in the installer which one you want. However, most openSUSE users seem to recommend KDE, so you'll probably get the best help with that desktop (and it's what I use, now that Wayland support is pretty good).

At the end of the day, I recommend

I differ a bit. Here's what I recommend:

  1. Linux Mint
  2. Fedora
  3. Debian
  4. openSUSE Leap -> Tumbleweed (start w/ Leap, upgrade to Tumbleweed later)
  5. Pop!_OS

I use openSUSE, but put it lower due to limited community support. It's the perfect distro for me, and I love the different spins it has. I currently use Leap for servers and Tumbleweed for desktop/laptop, and I plan to transition to microOS for servers.

Arch

I don't see Arch as a meme, I think it's a fine distro and I used it for several years. However, I don't think it should be anyone's first distro, or even second, not because it's hard or complicated (it's remarkably simple), but because it doesn't really have any guardrails, so whether you have a good or bad experience with it depends more on you than the distro itself.

That said, don't use Manjaro, it's not "easier Arch" or "safer Arch," in fact I think it has way more problems than Arch does. If you want an easy install option, I recommend using something else first. If you are familiar with Arch, then use something like EndeavorOS so you don't need to do all the setup, but as a first time user, I recommend using Arch's official install process instead.

I don't use it, but I recommend it to every newcomer and I've had great feedback that it's easy to get started with. There's a lot of help available online, and almost anything Debian or Ubuntu-related should apply, most of the time.

Once you get a feel for Linux Mint, you can decide where to go from there. But the most important part is to get a usable system first, and Mint makes that really easy, without some of the drawbacks of Ubuntu.

I recommend the Debian edition, but honestly, any of their spins are fine, pick one that looks cool and have at it.

I wonder if HIBP is also compromised, that would be a 5-head level play.

Dang. I haven't been to Florida (or anywhere with tolls) for a few years, but I knew plate readers were an option, but I thought cash tolls were still quite prevalent.

That's a privacy nightmare.

Hard work is not the thing that got him where he is

No other investor has his track record, or anything close to it, so I really do think it comes down to hard work.

Whether the type of work he did should be compensated as well as it was is certainly a valid discussion to have. That said, he's pretty much the top of his industry and extremely well-respected by his peers, so it makes sense that he has an outsized portion of the wealth of those in his industry. That said, I absolutely agree with Buffett that we should have higher taxes on the wealthy (like Buffett) because that level of wealth concentration doesn't benefit anyone, including the wealthy individual.

What got him to the top of his profession absolutely was hard work. What got him to become one of the richest people in the world was that plus the tax system and other legal structures that reward that work. In other words, "don't hate the player, hate the game."

it is anyones guess what the order of magnitude of spin Nobel’s corpse has accumulated.

I'm guessing it's nearing the theoretical limits of "abstract wankery."

Dang. Covid really messed stuff up, I used to love Meetup before, but I haven't had as much time since (had a kid right after Covid started, so I've been spending more time at home).

Seems like a pretty extreme flex, I'm worried it'll snap.

One of us!

I have Leap on my homelab and Tumbleweed on my desktop and laptop for >5 years now. It's been awesome, and it's my favorite so far from >15 years of Linux.

Glad you're enjoying it! Next step: get unreasonably obsessed with chameleons.

1 more...

That's largely why I haven't self hosted either. But problems can be mitigated:

  • regular, automated backups to something else (say, KeePass), encrypted with your master pass and backed up off-site
  • host your PW manager on a VPS, or have the VPS ready to deploy a snapshot from offsite backup
  • change your master pass regularly - limits the kinds of breaches that can impact you
  • randomize usernames - makes it easier to detect a breach, because you can see if any of those were exposed without the org being breached

But honestly, my main reason is that I don't trust my server to stay up 100%, but I do expect Bitwarden to. I also trust their security audits.

2 more...

I just... don't see the benefit. I host videos so I can access video content even if my internet goes out, and it's a lot cheaper than paying for streaming. I host my own documents because I don't want big tech scraping all my data. I host my own budgeting software, again, because of privacy.

I could host Vaultwarden. I just don't really see the point, especially when my SO and I have a shared collection, and if that broke, my SO would totally blame me, and I don't think that's worth whatever marginal benefits there are to self-hosting.

Maybe I'll eat my words and Bitwarden will get hacked. But until then, stories like yours further confirm to me that not hosting it is better.

I see two arguments here:

  1. Billionaires existing is a symptom of a larger problem
  2. Someone having a better start than you makes them a "nepo baby"

For the first, I and Warren Buffett somewhat agree, and I'll quote him here:

"I continue to believe that the tax code should be changed substantially," wrote Buffett. "I hope that the earned-income tax credit is increased substantially and additionally believe that huge dynastic wealth is not desirable for our society."

"Perhaps annual payout requirements should be increased for foundations," he added. "Some time ago, I testified before Senator Baucus in favor of increasing and tightening estate taxes."

...

"I believe the money will be of more use to society if disbursed philanthropically than if it is used to slightly reduce an ever-increasing U.S. debt," wrote Buffett.

That said, I likely disagree with his specific solutions, though I haven't bothered researching to figure out what those are, because he's clearly not particularly interested in crafting policy.

For the second, I largely hold to this definition of nepotism:

favoritism (as in appointment to a job) based on kinship

Someone giving their kids the best education they can isn't nepotism, that's normal parenting.

Someone giving their child an job they're not qualified for absolutely is. If you want to see examples of that, look no further than Trump and his kids.

When I look at the top billionaires, most of them are largely self-made. For example:

  • Elon Musk - dropped out of college and co-founded zip2, largely with money from investors
  • Bill Gates - dropped out of college and founded Microsoft, which was pretty much bootstrapped
  • Jeff Bezos - graduated from college, worked his way up in his career, then started Amazon when the internet was getting big (parents did invest $300k)

I don't really consider any of them to be "nepo babies" because their parents didn't give them an undeserved job or anything like that. And honestly, none of their parents were particularly rich, except maybe Musks. Each of them had incredible luck and capitalized on the early days of consumer computing, but that doesn't cheapen the work they put in.

Do they deserve hundreds of billions? Probably not. But I don't think they really benefited from nepotism like Trump's kids, Kim Kardashian, and others did. There's a huge difference between someone who had a good start and builds something great through their hard work and someone who is handed a pile of cash or a prominent position and rides that.

If you show evidence that their success is largely dependent on their parents, I'll believe you. But if they largely built their wealth themselves, that's a harder sell. I think each of those I mentioned earned their wealth, I just think our tax system dramatically increases wealth accumulation past a certain amount, and that's what needs to be changed here.

I think there are a few reasons it will be hard to switch to this model.

It's the same model advertisers use though. Here's the flow for ads:

  1. Ads load from the advertiser, with metadata about which website to pay
  2. Periodically, advertisers pay the website for showing ads

All that's changing is the browser vendor is paying instead of the advertiser. So I guess think of Mozilla "paying" for ads, but not showing anything, and Mozilla's non-ads would show if a given header is present.

Another is that sites want to be able to charge more for popular content. That’s easy with advertising

Sure, and users could decide to see the ads or pay the premium to avoid them.

And yeah, I agree that most sites overvalue their content. This makes that more transparent, so users will gravitate toward the better value. I personally avoid a lot of high quality content because viewing it is too much of a hassel, a privacy violation, or too expensive (I'm not getting another subscription to read a handful of articles).

I don’t think Mozilla is interested in this sort of solution.

Agreed. But unfortunately, Mozilla seems like the best chance we have here. Brave replaces website ads (big no-no for many sites), Chrome doesn't EB want ad blocking at all, and Microsoft is cooking its own ad network.

So the most obvious niche left is an un-ad network, where you can pay to not see ads. Yet Mozilla wants to make "ethical ads" or whatever, which doesn't really solve the problem for people who hate ads.

I honestly only buy a new phone when my current one breaks or runs out of software support. I bought my current phone (Google Pixel 8) because my old (Moto G Power) ran out of security updates, and this one has 7 years of support.

If I could have switched to a FOSS OS for longer support, I'd still be using my old phone. If I could replace parts to something that gets software updates, I would have. But no, it's ewaste because it's no longer getting support.

If someone makes a forever phone, I'll buy it.

I'm completely fine with anonymized ads being an option in theory, but there needs to be a way to compensate services w/o resorting to advertising. I think Mozilla should provide a way for users to pay to opt-out of ads, and get websites on board that way.

Websites want to get paid for their work, and advertising is the easiest way to do that. The solution isn't better ads, but alternative revenue streams for websites, and I'm 100% fine with Mozilla taking a cut of that alternative revenue stream. But I will not tolerate ads on my browser.

I hoped Brave would've solved this problem by letting users pay to remove ads, but instead they went to crypto to reward viewing ads. That's the opposite of what I want, and I really hope Mozilla has someone still working there in a position that matters that understands that.

20 more...

Does buying BAT compensate websites? AFAIK, no sites actually signed up to be compensated that way, so it just ended up being a random cryptocurrency. Brave went crypto first, websites second, and that obviously didn't work.

Mozilla should do the opposite IMO. Go out and make agreements with major sites to make their content available w/o ads for compensation, and then get users to start using that service. What they use for payment isn't particularly important to me, but it should be stable and low-cost. I think GNU Taler is a good start to keep costs really low (no money is actually changing hands), and Mozilla can settle up with websites monthly, quarterly, etc.

It should be Brave collaborating w/ Mozilla, not the other way around, because Brave obviously has weird motivations. Brave can keep BAT to reward watching ads, I just don't think they should use the same system for rewarding ads vs compensating websites for not showing ads.

8 more...

My main issue with BAT and crypto in general is value fluctuations. If a website is going to get on board with something, they don't want to build a system that adjusts the price with the value of the token, so I don't think it could ever replace ads, only be supplemental.

So that's why I'm interested in Taler. It can be pegged to whatever currency we want without having any concern for transaction fees or anything like that, even across borders. But honestly, I also don't care what the currency is, I just want a way to pay a website without seeing ads and without making an account.

The implementation doesn't need to be that complicated, just a header that provides a unique identifier (can change every request), the entity to get payment from (e.g. Mozilla), and a cryptographic signature from that entity that guarantees funds are available. And then the response would be the same as if the user had a no-ads account, and the website would settle up with the payment entity at some interval. So:

  • user interaction - load funds, and a local ledger is kept tracking transactions, which is periodically synced with the browser vendor
  • website owner interaction - receive and validate headers in lieu of account details; send invoice each month to browser vendor (same overhead as dealing with one customer)

It wouldn't need to be Mozilla-specific either, it could be a standard that websites could adopt if they so chose. Mozilla and other browser vendors would be motivated to get sites on board because they'd make a cut from these transactions, and they could build plugins for the more popular platforms so adoption is easier. I'm thinking the big news agencies would be the perfect initial customers here, and they could branch out from there.

Picking a ten transaction tool (like Taler) could simplify things, but honestly anything could be used. Mozilla probably wouldn't be able to convince Google to join, but it could probably be an extension, and they could maybe convince Apple to join.

1 more...

Wait, how is Warren Buffett nepotistic? He's giving the vast majority of his wealth to charity. He gave his kids each $17.5M to start their organizations, and then donated like $5B total to their organizations once they proved their management skills. But he pledged to give away most of the rest (almost $100B), and has already given away about $50B (latest pledge is 99% of his assets).

I really don't see him as nepotistic, he's pretty much the best kind of billionaire.

22 more...

Yup, and that's generally what I do.

I honestly just want to put $20 in a pool or something and have the browser deduct from that balance when I visit a site. The sites I visit more get more of my money, and I'll get a record of how much each site changes per visitor to decide whether I want to keep going there. If they use something like GNU Taler for the accounting, the sites can't track me at all, they'll just get micropayments and settle up with Mozilla at some interval.

Yet Mozilla seems to not consider this at all. Their entire messaging is "better ads," not "alternatives to ads."

1 more...

Play Store

This is all about the Play Store though, it has literally nothing to do with competing stores. I use F-Droid today and there are no restrictions from Google about what apps I can install through that store, whether I can pay for apps through that store (some apps have donation buttons inside), etc. There's nothing stopping Epic from distributing their own app store like F-Droid does even before this decision.

So I really don't understand what "cracking open Android" means here. All that seems to be happening is that Google is restricted from certain actions within its own store, which is absolutely fine by me (I don't use the Play Store), but I don't see any actual changes to Android or third-party app stores.

The closest is this one:

Offer device makers or carriers money or perks not to preinstall rival stores

But Samsung already has its own app store, no? So is there any actual evidence that this was ever a thing?

They should place these restrictions on Apple, not Google, because Apple is the one doing all of this nonsense. Yeah, Google should be reigned in a bit, but they're really not the problem here.

17 more...

Exactly. We should make rules about scary prompts and whatnot, I'm just hesitant about requiring an app store to distribute apps it doesn't want to for whatever reason, whether that's an ideological, technical, or competitive reason.

Look at his history. He started out selling gum and candy to kids at school, then took increasingly demanding jobs (delivered newspapers and whatnot) until he went to college, after which he worked for his professor (IIRC, I don't recall specifics).

And he never was a day trader, so he's not the type that's making money on the margins off other traders, he's actually investing and sometimes buying a controlling stake in companies that he believes in. If you look at his lifestyle, he very much doesn't look like your typical billionaire, he lives in the same house he bought in his 20s, and generally lives a pretty modest life, especially given his wealth. Yeah, he makes a ton at his job, but he seems to be doing it because he loves his work, not because he loves money.

In my mind, he's basically the best possible example of a billionaire. He didn't do much of anything shady to get rich, he worked hard in his youth and invested wisely the rest of his life. And he started a pledge for other billionaires to donate the vast majority of their wealth, leading by example by giving away half of his wealth to drop from #1 to #2, and now to #10 or so.

If you're going to criticize billionaires, start with Gates, Bezos, Musk, Trump, or Zuckerberg, not Buffett. Buffett is about as ethical of a billionaire as you can get, and while there's room to criticize him, he should be nowhere near the top of the list.

Dang. Does meetup work? I know it's pretty decent for tech meetups, not so sure about the others.

1 more...

Without reviewing the structures, this is just a trust me bro

You can literally see the donation of $48B. The pledge itself isn't legally binding, but he has been consistently donating. He's 94, so I don't think it'll take long to see the proof in the pudding.

Here are some notes from his Wikipedia page:

In 2008, Buffett was ranked by Forbes as the richest person in the world with an estimated net worth of approximately $62 billion. In 2009, after donating billions of dollars to charity, he was ranked as the second richest man in the United States with a net worth of $37 billion.

...

As of 2023, Buffett has given over $50 billion to charitable causes.

I will note that the last figure probably includes the money given to his kids' organizations (not directly to his kids).

And a quote about inheritance for his kids:

"I want to give my kids just enough so that they would feel that they could do anything, but not so much that they would feel like doing nothing"

He has a pretty consistent track record of philanthropy and statements about philanthropy, so I would be really surprised if he changed that in the last few years of his life. I guess we'll see though.

why are you worshiping some gereatric nepo baby

Where did I say I was worshipping him? I'm merely saying I think what he's doing is admirable and that he doesn't qualify as a "nepo baby." If you look into his history, he worked hard throughout his early life to save and invest, and I see no indications that his parents gave him a huge inheritance or kickstarted his career in any meaningful way. Yeah, his dad was a House Rep for 8 years (6 of those consecutive), and here's a quote about him on his father's Wikipedia page:

'Unshakably ethical, Howard refused offers of junkets and even turned down a part of his pay. During his first term, when congressional salary was raised from $10,000 to $12,500, Howard left the extra money in the Capitol disbursement office, insisting that he had been elected at the lower salary.' His wife said he considered only one issue when deciding whether or not to vote for a bill: 'Will this add to, or subtract from, human liberty?'

That doesn't sound like the kind of man to give his son an unfair advantage...

11 more...

Yup. I wager the vast majority of that is AI hype. Nvidia is the king there and in datacenter GPU compute in general, and investors are betting that Nvidia will continue to dominate and that market will continue to be relevant and grow.

I have my doubts, but as a famous economist once said:

Markets can remain irrational a lot longer than you and I can remain solvent.

So I'm not putting my money where my mouth is just yet.

And that ends when they die, at which point the stocks get stepped up in basis so the taxes are almost completely avoided. Or they structure their debts in such a way that certain entities can be bankrupted without impacting the actual assets.

Things get wild when you're in the 0.1% and above.

1 more...