• 0 Posts
  • 77 Comments
Joined 1 year ago
cake
Cake day: July 14th, 2023

help-circle

    1. I was showing that my understanding of the word “asset” was based in fact. The 4th definition wasn’t relevant to that.
    2. I literally talked about the 4th definition in the next paragraph.

    If anyone’s operating in bad faith, it’s you. Are you drunk? You’re being an intentionally obtuse pedant and a liar (by your own definition). Try replying once you’ve sobered up, clown. Once you reread and realize how much of a dick you were, I’m sure you’ll apologize - unless I’m right about you being too much of a coward to admit when you’re wrong about something.



  • Before I reply to your comment, I’d like to share this link. It didn’t change any of my existing understanding because Linus’s comment already made it clear that this was out of their hands, but maybe it’ll help clarify something for you.

    I realize now that this comment on that post was made before this one (“What’s free about delisting maintainers based on their country of residence?”) by the same person. It’s disingenuous for someone to act like this is about “country of residence” when they already engaged with a post clarifying that it’s because of sanctions against specific companies.

    that you unironically think asset means property

    I unironically think that because it does mean that:

    1. assets plural

    a. the property of a deceased person subject by law to the payment of his or her debts and legacies

    b. the entire property of a person, association, corporation, or estate applicable or subject to the payment of debts

    1. ADVANTAGERESOURCE

    a. an item of value owned

    b. assets plural the items on a balance sheet showing the book value of property owned

    When I do a search for “state asset,” the results I get are all related to property, resources, etc., things that belong to and can be exploited by the state - for example https://www.epa.gov/dwcapacity/state-asset-management-initiatives-documents

    Searching for “asset” specifically I see a tertiary definition reading “A spy working in his or her own country and controlled by the enemy” as well as the wikipedia definition, but that still means “spy,” not “paid lobbyist.”

    just that incredibly obtuse

    I’d apologize for not being well versed enough in counter-intelligence lingo to properly interpret the comment, but even with a proper interpretation, the comment I replied to was still incoherent, so I’m not really sure what you expect here.

    It feels weird to say that it was incredibly obtuse of me to not spend more time trying to figure out what someone meant when they were, as far as I can tell just mad that Linus and other Linux maintainers didn’t ignore what their attorneys advised, regardless of what impact that might have had on them personally, and spouting a bunch of nonsense as a result.

    Maybe I’m wrong, though. If so, would you care to explain how this was a violation of the GPL and/or how all of the 4 freedoms I listed were violated?




  • Literally none of those freedoms were impacted. Everyone is still free to use the program as they wish, fork it, make changes, etc… Linux doesn’t have a new license that says “anyone but Russians” can use it.

    he then followed up by gloating about Russian maintainers

    How did he gloat? He explained the change. If your complaint is that he was abrasive, I feel like you’re not familiar with Linus.

    Ok, lots of Russian trolls out and about.
    
    It's entirely clear why the change was done, it's not getting
    reverted, and using multiple random anonymous accounts to try to
    "grass root" it by Russian troll factories isn't going to change
    anything.
    
    And FYI for the actual innocent bystanders who aren't troll farm
    accounts - the "various compliance requirements" are not just a US
    thing.
    
    If you haven't heard of Russian sanctions yet, you should try to read
    the news some day.  And by "news", I don't mean Russian
    state-sponsored spam.
    
    As to sending me a revert patch - please use whatever mush you call
    brains. I'm Finnish. Did you think I'd be *supporting* Russian
    aggression? Apparently it's not just lack of real news, it's lack of
    history knowledge too.
    

    Sounds a lot more like he’s frustrated than delighted to me.

    Calling your former volunteer contributors bots

    He didn’t call the contributors bots.

    He called the people submitting reverts and complaining about those maintainers, who weren’t contributors themselves, “troll farm accounts.”

    and state assets because of their home country

    When did he call anyone a state asset? To be clear, being a troll or a paid actor doesn’t make you someone’s property.

    He also explained that this was a legal matter:

    > Again -- are you under any sort of NDA not to even refer to a list of
    > these countries?
    
    No, but I'm not a lawyer, so I'm not going to go into the details that
    I - and other maintainers - were told by lawyers.
    
    I'm also not going to start discussing legal issues with random
    internet people who I seriously suspect are paid actors and/or have
    been riled up by them.
    

  • First, you’re acting like the decision was made by Linus or another member of the team and that they weren’t following the law.

    Second, even if that weren’t the case, it’s still completely free. Unless you can name one of the following freedoms that was impacted by those actions:

    • Freedom 0: The freedom to use the program for any purpose.
    • Freedom 1: The freedom to study how the program works, and change it to make it do what you wish.
    • Freedom 2: The freedom to redistribute and make copies so you can help your neighbor.
    • Freedom 3: The freedom to improve the program, and release your improvements (and modified versions in general) to the public, so that the whole community benefits.




  • For starters, it was never “open source”…

    From your link:

    Instead, as Winamp CEO Alexandre Saboundjian said, “Winamp will remain the owner of the software and will decide on the innovations made in the official version.” The sort-of open-source version is going by the name FreeLLama.

    While Winamp hasn’t said yet what license it will use for this forthcoming version, it cannot be open source with that level of corporate control.

    If I upload the source code for my project on Github/Forgejo/Gitlab/Gitea and license it under and open source license, allowing you to fork it and do whatever you want (so long as you follow the terms of my copyleft license), and I diligently ensure that code is uploaded to my repository before being deployed, but I ignore all issues, feature requests, PRs, etc., is my project open source?

    Yes.

    Likewise, if Winamp had been licensed under an open source license, it would have been open source, regardless of how much control they kept over the official distribution.

    Winamp wasn’t open source because its license, the WCL, wasn’t open source.


  • Do you memorize all of your passwords? If so, I take that to mean that you don’t use a password manager. Password managers - really, any app with 2FA - have this problem, too. But if you use a password manager and store your 2FA methods in it, then you only need to be able to regain access to your password manager.

    If you use a cross-platform password manager with Passkey support, like Bitwarden, you can use it on any of your devices. In the event that you lose all of your devices, if you don’t have an Emergency Contact set up, you will need your password and one of the following to gain access to your account:

    • Access to your 2FA method
    • Access to your Recovery Code
    • If you’re in an enterprise using Duo 2FA, access to a Duo bypass code (contact your Duo admin to request this)

    If you use security keys for 2FA, then you should have at least two - one that you keep with you and a backup that you keep in a safe place, like at home in a lockbox.

    If you use a TOTP app to log in, or if you use security keys and want another backup, then making sure you’ll have access to the Recovery Code should be your priority. You can write it down and keep it in a few different places - at home, in your car, in your locker at work, etc… You can share it with someone you trust in person or over an encrypted channel (like Signal). You can store it on a flash drive, encrypted by a second password (which can be much easier than your primary password) or even unencrypted, if you generally keep the drive somewhere safe, disconnected from your computer. As long as you remember your password and can access your recovery code, you’ll also be able to regain access to your account, including all of your passkeys.

    Emergency Access requires someone else to have access to their Bitwarden account, but assuming you don’t both lose access, it’s a pretty solid solution. When they request access, Bitwarden will send you an email allowing you to accept or reject their request. If you accept or don’t respond within the allotted “Wait Time” (which you configure: 1 day minimum, 90 days maximum) then they’ll be granted access. You also get a choice (when setting this up) to let them takeover the account (resetting your master password) or to just get read-only access.

    Maybe you don’t like Bitwarden and want to use some other app, like 1Password, Dashlane, Roboforms, etc… Whatever your choice, familiarize yourself with how to restore access to your account in an emergency. Then you only need to worry about that and not about how to get access to your passkeys that are on your Windows laptop or only synced to your Apple devices.


  • But that is exactly what he recommends, using a password manager - with one time email authentication for the first login as an extra step, right?

    Nope.

    Using a cross-platform password manager with synced passkeys is different and much more secure than using a password manager with email TOTPs or sign-in links with emails that aren’t end-to-end encrypted.

    And password manager adoption is much higher than PGP keyserver adoption, and if you can’t discover someone’s public key you can’t use it to encrypt a message to them, so sending end-to-end encrypted emails with TOTPs/sign-on links isn’t a practical option.

    According to Statista, 34% of Americans used password managers in 2023 (a huge increase from 21% in 2022), so it’s not even like the best case scenario is rare.


  • The author mentions it: the QR code approach for cross device sign in. I don’t think it’s cumbersome, i think it’s actually a great and foolproof way to sign in. I have yet to find a website which implements it though.

    The site doesn’t need to implement this; the browser handles that part.

    I confirmed this works and logged into Github using Google Chrome on my work computer using a passkey stored in Bitwarden earlier today. I had to enable Bluetooth for Chrome, since I’d had it disabled, but then everything else was seamless.





  • I made a typo in my original question: I was afraid of taking the services offline, not online.

    Gotcha, that makes more sense.

    If you try to run the reverse proxy on the same server and port that an existing service is using (e.g., port 80), then you’ll run into issues. You could also run into conflicts with the ports the services themselves use. Likewise if you use the same outbound port from your router. But IME those issues will mostly stop the new services from starting - you’d have to stop the services or restart your machine for the new service to have a chance to grab the ports while they were unused. Otherwise I can’t think of any issues.


  • I’m afraid that when I install a reverse proxy, it’ll take my other stuff online and causes me various headaches that I’m not really in the headspace for at the moment.

    If you don’t configure your other services in the reverse proxy then you have nothing to worry about. I don’t know of any proxy that auto discovers services and routes to them by default. (Traefik does something like this with Docker services, but they need Docker labels and to be on the same Docker network as Traefik, and you’re the one configuring both of those things.)

    Are you running this on your local network? If so, then unless you forward a port to your server on the port your reverse proxy is serving from, it’ll only be accessible from the local network. This means you can either keep it that way (and VPN in to access it) or test it by connecting directly to your server on that port and confirm that it’s working as expected before forwarding the port.