Joe

I find it pretty useful to help get me over mental hurdle of starting something. So it’s faster than me procrastinating for another day. ;-)

Many governments get access to source code for critical systems as a condition for their use / part of contract negotiations. It’s also quite likely that Microsoft and all its services in China is operated as a Joint Venture.

China did have Red Flag Linux (with Government support) for a while, too.

Boomerang-Fu ?

Hmm. You are right, but they might not need it for every region. Steam is probably big enough that existing regional companies would come to it and be eager to form partnerships. They could become more of a payment processor aggregator, focused on a low risk market segment. And of course they can do CCs directly too - that’s the easy part.

The challenge will be to get consumers on board. I know that I groan every time I need to enter my CC details online these days.

They would face anti-competitive behaviour from Peepal though. So it’s a risk.

Internally, they are probably already working on ways to appropriately segment their catalog based on payment provider. “Sorry User, you cannot purchase title X using Paypal. We recommend $Competitor instead.”

It sounds like some payment processors are treating mastercard’s contractual requirements as a hard risk in this case - maybe it’s justified, maybe not. Try getting corporate lawyers to be risk averse in the finance world. Mastercard doesn’t seem to want to soften their wording but talks platitudes in public statements. Shrug.

They could do it with significantly fewer people, for themselves and even for GOG, Itch and potentially others. Their use-case is digital payments for games, which is limited in scope and risk. PCI and compliance is a PITA, but manageable.

https://www.urbandictionary.com/define.php?term=Hacker

“The media’s definition of the real term malicious cracker. A hacker used to be a well respected individual who loved to tinker with gadgets.”, plus a few other definitions.

Judges usually don’t know this stuff, but they primarily work with systems and software supplied by the state…whose experts should know what they are doing.

My bet is that this guy decided to work on personal equipment, probably in violation of the rules. Being a judge, he’s unlikely to be sanctioned for it, and will certainly learn from the experience. If anything, there may be some internal discussions which we’ll never hear about.

Law is an area where AI can add value, though… searching through past rulings and legal opinions is tedious, and anything that can assist to find needles in haystacks would be welcome. It shouldn’t be used to write legal judgements or arguments though…

They could. The protocol also supports IP spoofing, so doxing could also be a thing.

For individuals, it is a time consuming and costly legal process, whether justified or not. For the law firm, it costs a few cents per letter, but they get a few hundred (or more) euros when some sucker pays.

In Germany and no doubt some other countries, private law firms can (on behalf of the copyright holders) request people’s identity based on residential IP addresses and then send extortionist legal threats. Apparently an IP appearing on a public tracker can be enough to trigger it, without any confirmed data transfer.

VPNs are common and usually sufficient.

Not everything will be open source. For whatever reason, they decided to make this obfuscator open source. It might also just be an interesting side project that someone got permission to release.

Obfuscation can make it harder to reverse engineer code, even if the method is known. It might also be designed to be pluggable, allowing custom obfuscation. I haven’t checked.

We also know that obfuscation isn’t real security … but it’s sometimes it is also good enough for a particular use case…

Except my crazy relative (just 1, thank dog) also has telegram and feels the urge to forward every damn whackjob conspiracy theory reinterpretation of truth that they find to me and my wife, despite us never replying except to ask them to stop. eg. Cloud seeding, windmills and electric cars are responsible for destroying the atmosphere (not co2 and other greenhouse gases); Bill Gates etc. are spreading microchips through vaccinations; judges ruling that measles doesn’t exist; Ukraine is full of nazis; and yes, even regurgitated feelgood fairy tales and random cat pictures from Facebook. So glad they are in a country far far away from me. They “do their own research”, of course.

So bloody sad that so many people are in a similar situation of avoiding friends and family for their own sanity (and sometimes safety).

But not Fire tablets (kids profile) or Samsung TV or many others that Plex currently supports.

JellyFin android phone app’s UI is a little weird at times, but does work pretty well for me.

…

What I would adore from any app would be an easy way to upload specific content and metadata via SFTP or to blob storage and accessible with auth (basic, token, or cloud) to more easily share it with friends/family/myself without having to host the whole damn library on the Internet or share my home Internet at inconvenient times.

Client-side encryption would be a great addition to that (eg. password required, that adds a key to the key ring). And of course native support in the JellyFin/other apps for this. It could even be made to work with a JS & WASM player.

Don’t they know that the kids deserved it, because they like Hummus. Yes, I’m sure that was it.

I used to love Pocket … I remember they changed something, and then I refused to use it since. I don’t remember what it was now, though. I assume enshittification of some kind.

And contributions to codebases that have developed with the goal of meeting the team’s own needs, and who similarly don’t have the time or space to refactor or review as needed to enable effective contributions.

Enabling Innersource will be a priority for management for only two weeks, anyway, before they focus on something else. And if it even makes it into measurable goals, it will probably be gamed so it doesn’t ruin bonuses.

Do you also work for $GenericMultinationalCompany, per-chance? Do you also know $BillFromFinance?

Yeah, at that point I wouldn’t worry. If someone has docker access on the server, it’s pretty much game over.

Encryption will typically be CPU bound, while many servers will be I/O bound (eg. File hosting, rather than computing stuff). So it will probably be fine.

Encryption can help with the case that someone gets physical access to the machine or hard disk. If they can login to the running system (or dump RAM, which is possible with VMs & containers), it won’t bring much value.

You will of course need to login and mount the encrypted volume after a restart.

At my work, we want to make sure that secrets are adequately protected at rest, and we follow good hygiene practices like regularly rotating credentials, time limited certificates, etc. We tend to trust AWS KMS to encrypt our data, except for a few special use cases.

Do you have a particular risk that you are worried about?

Normally you wouldn’t need a secrets store on the same server as you need the secrets, as they are often stored unencrypted by the service/app that needs it. An encrypted disk might be better in that case.

That said, Vault has some useful features like issuing temporary credentials (eg. for access to AWS, DBs, servers) or certificate management. If you have these use-cases, it could be useful, even on the same server.

At my work, we tend to store deployment-time secrets either in protected Gitlab variables or in Vault. Sometimes we use AWS KMS to encrypt values in config files, which we checkin to git repositories.

It typically takes a small core team to build the framework/architecture that enables many others to contribute meaningfully.

Most OSS projects get bugger all contributions from outside the initial core team, having limited ability to onboard people. The biggest and most active (out of necessity or by design) have a contribution friendly software architecture and process, and often deliberately organized communities (eg. K8S & CNCF) or major corporate sponsors filling the role.

Free Software and resulting ecosystems seem to have a better chance of contributing to the common good over the long term. This is simply because most companies are beholden to their shareholders, and at some point the urge to squeeze every last cent out of an opportunity comes to the forefront, and many initially well intentioned efforts get poisoned.

Free Software licenses like the GPL help to protect our freedom and to set open standards, and are essential for the core technology stack.

When someone can get annoyed with some shitty software or its license-terms and reimplement the core functionality in a few days/weeks/months … eventually someone will get annoyed and create some decent free software that will kill off the shitty alternatives, or even just a better commercial alternative. This only works because of the open platforms & protocols.

One of the major challenges for consumers is finding good software today in the grey goo of projects and appstores. This harks back to OP’s point about curated collections of software. It’s also where the various foundations add value (CNCF, Linux Foundation, Apache) … along with “awesome X” gitlab repos, which are far better than random youtube videos or ad-riddled blogs or magazine articles.