Welcome to Lemmy!

Unfortunately, I think most of the users here have no insight into every day Chinese life - myself included… in fact if not from your post, I would have had no idea this is a thing.

Anyhow, this is disgusting behavior, and I can’t really rationalize it.

Though for a lot of people, the source of grievance is pretty abstract. They could be victims of the system, and taking it revenge in that is difficult.

No you’re right, I mixed it up I guess.

I haven’t encountered systemd bugs in NixOS yet. Doesn’t mean they don’t exist - but I can’t confirm the issue.

I run everything on NixOS nowadays and I do think that all of this makes sense, whether the implementation is the best I can’t judge.

Just wanted to make sure my statement wasn’t a criticism on NixOS, the maintainers do a great job. It’s rather taking a jab at the “boring” statement.

Nowadays if I want declarative configuration, I just cram everything into docker containers and write a huge docker-compose.yml for everything that I want to run.

Docker compose is imperative though ;) (if that actually matters is up for debate) - fun fact nix allows you to build containers very easily.

I love how you can set up SSL certificates for nginx with autorenewal just by switching it on in configuration.nix.

How well this all goes together is really one of the strongest points of nix and NixOS. Though just for manageability, I personally wouldn’t put this into configuration.nix, but rather into a file dedicated to the respective service.

NixOS “is boring and iust works” until you want to do something fancy a module author didn’t anticipate and suddenly you find yourself defining functions that use genAttrs on some lists imported from JSON files

I worked in software certification under Common Criteria, and while I do know that it creates a lot of work, there were cases where security has been improved measurably - in the hardware department, it even happened that a developer / manufacturer had a breach that affected almost the whole company really badly (design files etc stolen by a probably state sponsored attacker), but not the CC certified part because the attackers used a vector of attack that was caught there and rectified.

It seemingly was not fixed everywhere for whatever reason… but it’s not that CC certification is just some academic exercise that gives you nothing but a lot of work.

Is it the right approach for every product? Probably not because of the huge overhead power certified version. But for important pillars of a security model, it makes sense in my opinion.

Though it needs to be said that the scheme under which I certified is very thorough and strict, so YMMV.

YOUR REALITY IS SHAKEN

YOU HEAR THE WORD “MONDAY” ECHOING AND SHIFTING IN COLOURS

A kind of interesting phenomenon. He comes in with his dog, cries that he doesn’t have a place to stay, Jon allows it for as long as needed and then… he just vanishes one day, leaving Odie with Jon, never to contact them again. Did something happen between the two? Was he ever real or a product of Jon’s mind? A wiki states:

According to Davis, Lyman’s original purpose was to be someone who Jon could actually talk to and express other ideas — a role gradually taken over by Garfield, himself.

It doesn’t reveal who gave Lyman that purpose; it could be that it was Jon himself who, over the years, got less attached to reality, so he got done with talking to and interacting with Garfield.

That or it’s just a lazy uninspired comic that only has a minimum level of continuity and doesn’t care to explain why a former choir character suddenly vanishes.

They’re afraid of the drag dealers’ wrath

I was also with a provider that didn’t offer API access for the longest time. When they then increased prices, I switched, now paying a third of their asking price per year at a very good provider.

I guess migrating is difficult if the provider doesn’t offer a mechanism to either dump the DNS to a file or perform a zone transfer (the later being part of the standard).

Can only recommend INWX for domains, though my personal requirements aren’t the highest.

A lot of paid cert providers were not so great before LE put the spotlight on the issue; it was more of a scheme to extract money from operators who couldn’t afford to not offer TLS / SSL. https://bugzilla.mozilla.org/show_bug.cgi?id=647959 was a famous post that made fun of / criticized the system before LE. This hurt security, and if not free, LE wouldn’t have worked.

Also wildcard certificates are more difficult to do automated with let’s encrypt.

They are trivial with a non-garbage domain provider.

If you want EV certificates (where the cert company actually calls you up and verifies you’re the company you claim to be) you also need to go the paid route

The process however isn’t as secure as one might think: https://cyberscoop.com/easy-fake-extended-validation-certificates-research-shows/

In my experience trustworthyness of certs is not an issue with LE. I sometimes check websites certs and of I see they’re LE I’m more like “Good for them”

Basically, am LE cert says “we were able to verify that the operator of this service you’re attempting to use controls (parts of) the domain it claims to be part of”. Nothing more or less. Which in most cases is enough so that you can secure the connection. It’s possibly even a stronger guarantee than some sketchy cert providers provided in the past which was like “we were able to verify that someone sent us money”.

Not even the “I can’t walk stairs anymore” ruse worked

I never forget how amazing bicycle is

Sacre bleu

By how the protocol is structured, it’s impossible for the address a downloader sees to know what the packet they forward actually contains, so they’re just taking the role of an ISP. Also, they don’t know the original source IP.

The R in LLM stand for Return on Investment

Chicken Game!

Rules: don’t look at the chicken.

🐔

Game Over

(I stole this from a shirt that did this better due to the layout)

This would also be fairly unintrusive, but could add a few false positives.

If this was the case, we’d have a whole bigger problem on our hands.

Even considering the birthday problem, the chance for such collisions is astronomically small. Especially if you combine it with the file size that you always have anyways.

In fact I’d guess that sites like these already do exactly that in order to avoid hosting duplicates (if not handled at the file system level).

Not with that attitude

You can measure anything in nanograms, but a typical LSD dose starts at about 100ug with the threshold at about 25ug or so. Still not much, but not what you’d usually measure in nanograms.