Crypto is doing kind-of ok. But what about other blockchain apps and startups, or blockchain integrations into every tech imaginable? There were so many popping up, just like there are with AI now. Business models and use-cases that are based solely on the hype of the tech in question, without any consideration about whether it’s actually a good fit for the tech. That is the point, and what it has common with AI and other “buzzwords”.

I’m not sure about other countries, but here in Czech we actually have a mandatory subscription, that’s absolutely bullshit.

So far, the law is that if you own any TV or radio, you have to pay monthly fee for public service broadcasters (national Czech TV). It’s bullshit, the channels are full of ads anyway, and the shows they run and create is insultingly bad. Sure, it is important to have public service broadcasters that are not dependent on the state (because state-owned TV is reeaallly bad idea), but FFS can they just reduce costs and stick to news, instead of doing another stupid series, and stop forcing us to pay for something I don’t care about or use?

You could just not pay the fee, if you state you don’t have a TV capable of receiving it (which I don’t). But now, they are changing the law that everyone who has any kind of internet-capable device has to pay the monthly fee, while also rising prices to something like 6 EUR per month. Fuck that and fuck them.

Many companies are still using Windows 7 machines or 2008 win servers, without MS17-010 patch. They don’t really care about security that much, when it’s inconvenient or slightly difficult to mitigate. They won’t be switching entire architecture just for a few screenshots

I self-hosted it few months ago, and it’s actually surprisingly easy! Someone has made an Ansible script for Matrix with Element and some bridges, that (at least a month ago, IaaC tends to be pretty fragile) worked out of the box on a first try. I just set up some config values (mostly about enabling bridges I want) based on their amazing documentation, and then ran it once and everything is working so far. I even updated it several times already, and every time it was smooth, and it was basically just running a single ansible command. Their documentation is pretty well written, and with my basic cloud, IT and Linux knowledge I had no issues with following it. All you need to know is how to set up cloud VM, get a domain and set DNS, and set up SSH keys to access the server.

In total it took me about two hours in total, from when I decided “I’m setting up Matrix tonight” without any prior knowledge, looking up my options and finding the ansible script, setting up cloud and getting Matrix up and running.

I’m renting a VM on Hetzner for like 6$ per month, and it worked without issues so far. I use it for Discord and Messenger, although the Meta bridge does have some problems, for example I didn’t figure out how to message someone with whom I haven’t had a conversation since I set up the bridge, since only then it creates the room for it. But that can be solved by keeping the Messenger app or usign the browser to send a first message, and it immediately shows in your Matrix bridge (and stays there forever).

I’ve just ben talking with my kind of tech illiterate gf about switching hers to Linux too, since she saw some articles about Copilot and Recall, which she hates with passion. Should I go for Mint or PopOS, assuming she does game on steam a lot (nothing with anticheat, thankfully)? She’s working in a GSuite/Slack workshop, so there shouldn’t be any problems with that. However, she does have NVIDIA GPU, which was the cause for most troubles for me.

I’m on Nobara, but that’s because I’ve always preferred Fedora, and it isn’t exactly a smooth sailing. Nothing major, but I suppose one of the two I mentioned would be a better choice.

Looks like I’ll finally get a reason to cut off another website I hate using, but never found the willpower to get rid off.

Good

Ever since I played watchdogs and shadowrun, I wanted to work in cybersecurity, especially as a Red Teamer, which is literally Shadowrun - you run complex ops that have to break in, and steal stuff from largre banks without anyone but the management knowing about the test, with almost nothing being off-limits, as long as it doesn’t cause some kind of damage.

Five years later, I do work as a Red Team Lead. Hpwever, our company was just scrambling to start doing RT since thats the buzzword now, and while we did have amazing pentesters, unfortunately pentesting and Red Teaming requires vastly different skills. Ypu never need to avoid EDRs, write malware with obscure low-level winapi, or even know what kind of IoC ajd detections will a command you run create, when you are doing a pentest.

But since no one knew better, and I love learning and researching new stuff, while also having Red Teaming romabticized, my interrest in it eventually led to me getting a Lead position for the barely scrambling team.

Mind you, I was barely out of being a junipr, with only three years of part time pentesting experience. It was NOT a good idea.

I quickly found out that RT is waaay harder and requires the best of the best from cybersec and maleare development. We didnt have that. Also, turns out that I love to learn now stuff and take on a challenge, but being a Lead also means you are drowning in paperwork and discussions with client, while also everyone from the team doesn’t know what to do and turns to me about what should we do. Which I didn’t know, and barely managed to keep learning it on my own. Our conpany didnt want to give us much time for learning outside of delivery, I was only working parttime, and I was slowly realizing that we don’t have almost any of the skills we need.

We were doing kind of a good job, most of our engagement turned out pretty well, but it was atrocious.

Turns out, I’m not good at managing and planning projects, or leading people. I’m better just as a line member.

This is actually a great question, in the context of the Fediverse.

Usually, every social network or forum has in their ELUA that anything you post is theirs, and you can’t do anything about i.e Reddit using your data to train AIs.

Hlwever, here, we’re on private instances of regular people. We can make our own rules, can’t we? If an instance would say that anything you post is copyrighted by the author, i.e by CC, would it be enforcable if someone would decide to scrape (or repost) the content for profit?

I suppose it’s written in a way to sound way worse and alarming than it actually is, due to the upcoming elections. It sounds almost unreal, i mean “EU secret plan to ban any kind of encryption or privacy” can’t be reallistically happening, right?

I know about Chatcontrol, so I wouldn’t be surprised, but this article sounds pretty overblown, to the point of sounding more like a wild conspiracy theory. Does anyone have more resources or info about this, that don’t read like an election ad?

I’m not trying to dismiss or disrespect the author, and I trust that it was written with best intentions, but it’s a really worrying topic about which I’d like to get more information about.

However, thanks for bringing it up, I contacted our local Pirate party about the topic, because they don’t have anything related to crime prevention vs. privacy in their programe. I suppose that I know what the answer would be, but getting a confirmation before I vote for them would definitely be nice.

I’d like to mention one exception, because it took me ages to properly debug.

If your endpoint is serving mirrors for APT, don’t redirect to HTTPS.

APT packages are signed and validated, so there is no need to use TLS. Lot of docker images (such as Kali) do not have root certificates by default, so they can’t use the TLS, because cert validation fails. You also can’t install the certificates, because they install through APT. If your local mirror redirects to https by default, it will break it for people who choose the mirror, which IIRC happens automatically based on what’s closest to you. I think this issue is still there for Czech Kali package mirror, and it took me so long to figure out (because it’s also not an issue for most of the users, since they have different mirrors), so I like mentioning this when talking http/s. It’s an edge case, but one that I find interresting - mostly because it would never occur to me that this can be an issue, when setting up a mirror.

But that was more than a year ago, it may be better now.

Btw, choco (and maybe even winget?) already has a gsudo tool, which implements sudo. It is super handy, and having a native version is definitely better, but before its available, I recommend gsudo.

Serious EVE players are something else. The mention about IT security isn’t a hyperbole, some EVE players take the espionage meta-game very seriously, and even though it’s not only against the rules but also illegal, that’s not gonna stop them. I mean, once they literally got someone to turn off electricity for a whole town just so they can win a fight (I tried to find a link to the article, because I’m 90% sure I did read about it somewhere, but I can’t manage to find it anywhere, if anyone has a link. Maybe it was just a rummor, or an unexecuted plan?)

I used TS for the first time in like 15 years litterally two days ago, funny timing.

Yeah, I lost EVE. Again.

I never noticed that the logo in fact does look like am asshole. Cool

Some kernel anticheats work too, I had no issues playing Helldivers and Hell Let Loose, both of which use EAC. Developers have to enable Linux support, which AFAIK is just one checkbox, so you still get games that don’t allow it (like EVE Vanguard), but most of them are OK.

League and Valorant is a different story, those don’t work.

We’ve had to work in Pharo for our OOP uni course, and it was one of the worse experiences I’ve had in school. Mind you, it was something like 7 years ago, so the language may very well be a lot better now, but the whole “your IDE is the code” felt cubersome, it was buggy and crashed randomly, and in general I spent more time fighting with the IDE than doing something useful.

It was a bad time, but also a great learning experience. Being forced to work in something that IMO sucks is an useful skill, but I never want to see that language again :D

But a paid licence will affect users that are all right abd for whom you’re doing it.

I understand that using something with a risk of loosong access because you’ve upset the developer is something that will turn away a lot of people, but then again, I’d say that “don’t be a dick” is a pretty reasonable requirement. The only issue I see that it’s a pretty vague definiton, but maybe just limiting it to profanities and insult towards the contributors is something more concrete, which would be easy to fulfill and also enforce.

I wonder, is it possible to create a license that would allow you to simply ban people who are being a dick about something from using it? Sure, it may turn away some people, since there’s always a risk of abuse, but it’s your work and as far as I know, you are the one who sets the terms.

If I’m not mistaken, most of the FOSS licenses (or maybe even laws?) guarantee you that you would be able to use the software even if the project later decides to change to proprietary license. But I assume you can simply specify in a licence “Everyone can use it, expect X.Y.Z”.

Would that be legal? Sure, it would probably be pretty hard to enforce, but in some cases it could make for a pretty satisfactory (and petty, of course) C&D letters, for people that really deserve it. You insult the devs of a software your company depends on, demanding something while being a dick about it? Well, fuck you, no library for you and your company.

But… They said that privacy is the most important thing for them 0_0 https://about.meta.com/actions/protecting-privacy-and-security/

I’m starting to think that “good code” is simply a myth. They’ve drilled a lot of “best practices” into me during my masters, yet no matter how mich you try, you will eventually end up with something overengineered, or a new feature or a bug that’s really difficult to squeeze into whatever you’ve chosen.

But, ok, that doesn’t proove anything, maybe I’m just a vad programmer.

What made me sceptical however isn’t that I never managed to do it right in any of my projects, but the last two years of experience working on porting games, some of them well-known and larger games, to consoles.

I’ve already seen several codebases, each one with different take on how to make the core game architecture, and each one inevitably had some horrible issues that turned up during bugfixing. Making changes was hard, it was either overengineersled and almost impenetrable, or we had to resort tonugly hacks since there simply wasn’t a way how to do it properly without rewriting a huge chunk.

Right now, my whole prpgramming knowledge about game aechitecture is a list of “this desn’t work in the long run”, and if I were to start a new project, I’d be really at loss about what the fuck should i choose. It’s a hopeless battle, every aproach I’ve seen or tried still ran into problems.

And I think this may be authors problem - ot’s really easy to see that something doesn’t work. " I’d have done it diferently" or “There has to be a better way” is something that you notice very quickly. But I’m certain that watever would he propose, it’d just lead to a different set of problems. And I suspect that’s what may ve happening with his leads not letting him stick his nose into stuff. They have probably seen that before, at it rarely helps.