Third, a redirect is obvious
A redirect isn’t necessary if you control the DNS servers. If you control the DNS servers, you can MITM the website for any visitor because you can prove that you own the domain to a certificate authority and generate a new, trusted HTTPS cert. (Depending on specifics this may or may not foil the anti-phishing capabilities of Passkeys / U2F.)
They aren’t. From a comment on https://www.reddit.com/r/ublock/comments/32mos6/ublock_vs_ublock_origin/ by u/tehdang:
For people who have stumbled into this thread while googling “ublock vs origin”. Take a look at this link:
"Chris AlJoudi [current owner of uBlock] is under fire on Reddit due to several actions in recent past:
- In a Wikipedia edit for uBlock, Chris removed all credits to Raymond [Hill, original author and owner of uBlock Origin] and added his name without any mention of the original author’s contribution.
- Chris pledged a donation with overblown details on expenses like $25 per week for web hosting.
- The activities of Chris since he took over the project are more business and advertisement oriented than development driven."
So I would recommend that you go with uBlock Origin and not uBlock. I hope this helps!
Edit: Also got this bit of information from here:
https://www.reddit.com/r/chrome/comments/32ory7/ublock_is_back_under_a_new_name/
TL;DR:
- gorhill [Raymond Hill] got tired of dozens of “my facebook isnt working plz help” issues.
- he handed the repository to chrismatic [Chris Aljioudi] while maintaining control of the extension in the Chrome webstore (by forking chrismatic’s version back to himself).
- chrismatic promptly added donate buttons and a “made with love by Chris” note.
- gorhill took exception to this and asked chrismatic to change the name so people didn’t confuse uBlock (the original, now called uBlock Origin) and uBlock (chrismatic’s version).
- Google took down gorhill’s extension. Apparently this was because of the naming issue (since technically chrismatic has control of the repo).
- gorhill renamed and rebranded his version of ublock to uBlock Origin.
Is it possible to force a corruption if a disk clone is attempted?
Anything that corrupts a single file would work. You could certainly change your own disk cloning binaries to include such functionality, but if someone were accessing your data directly via their own OS, that wouldn’t be effective. I don’t know of a way to circumvent that last part other than ensuring that the data isn’t left on disk when you’re done. For example, you could use a ramdisk instead of non-volatile storage. You could delete or intentionally corrupt the volume when you unmount it. You could split the file, storing half on your USB flash drive and keeping the other half on your PC. You could XOR the file with contents of another file (e.g., one on your USB flash drive instead of on your PC) and then XOR it again when you need to access it.
What sort of attack are you trying to protect from here?
If the goal is plausible deniability, then it’s worth noting that VeraCrypt volumes aren’t identifiable as distinct from random data. So if you have a valid reason for having a big block of random data on disk, you could say that’s what the file was. Random files are useful because they are not compressible. For example, you could be using those files to test: network/storage media performance or compression/hash/backup&restore/encrypt&decrypt functions. You could be using them to have a repeatable set of random values to use in a program (like using a seed, but without necessarily being limited to using a PRNG to generate the sequence).
If that’s not sufficient, you should look into hidden volumes. The idea is that you take a regular encrypted volume, whose free space, on disk, looks just like random data, you store your hidden volume within the free space. The hidden volume gets its own password. Then, you can mount the volume using the first password and get visibility into a “decoy” set of files or use the second password to view your “hidden” files. Note that when mounting it to view the decoy files, any write operations will have a chance of corrupting the hidden files. However, you can supply both passwords to mount it in a protected mode, allowing you to change the decoy files and avoid corrupting the hidden ones.
It sounds like you want these files to be encrypted.
Someone already suggested encrypting them with GPG, but maybe you want the files themselves to also be isolated, even while their data is encrypted. In that case, consider an encrypted volume. I assume you’re familiar with LUKS - you can encrypt a partition with a different password and disable auto-mount pretty easily. But if you’d rather use a file-based volume, then check out VeraCrypt - it’s a FOSS-ish [1], cross-platform tool that provides this capability. The official documentation is very Windows-focused - the ArchLinux wiki article is a pretty useful Linux focused alternative.
Normal operation is that you use a file to store the volume, which can be “dynamic” with a max size or can be statically sized (you can also directly encrypt a disk partition, but you could do that with LUKS, too). Then, before you can access the files - read or write - you have to enter the password, supply the encryption key, etc., in order to unlock it.
Someone without the password but with permission to modify the file will be capable of corrupting it (which would prevent you from accessing every protected file), but unless they somehow got access to the password they wouldn’t be able to view or modify the protected files.
The big advantage over LUKS is ease of creating/mounting file-based volumes and portability. If you’re concerned about another user deleting your encrypted volume, then you can easily back it up without decrypting it. You can easily load and access it on other systems, too - there are official, stable apps on Windows and Mac, though you’ll need admin access to run them. On Android and iOS options are a bit more slim - EDS on Android and Disk Decipher on iOS. If you’re copying a volume to a Linux system without VeraCrypt installed, you’ll likely still be able to mount it, as dm-crypt has support for VeraCrypt volumes.
c. Phrase "Based on TrueCrypt, freely available at http://www.truecrypt.org/" must be displayed by Your Product (if technically feasible) and contained in its documentation.”“Supposed to” according to what?
If you’re in the US, Federal labor laws explicitly allow “meal periods” to not be paid, though short breaks must be paid. Neither is required to be offered to employees, though.
Source: https://www.dol.gov/general/topic/workhours/breaks
State laws differ, of course, and many states - e.g., California - have much more employee-friendly laws. However, even in CA, a meal period must be offered but isn’t required to be paid (unless it’s an on-duty meal break).
From the comments on the link someone else posted, it appears there is already a CA government-provided option:
If you are located in the US states California, Oregon, and Washington, see the MyShake app. This app is part of the USGS MyShake project.
One option I haven’t seen yet: You can set up a local file share on Windows or Linux and connect to it via the Files app.
Have you looked into configuring them directly from your NVR? Or third party options? I did a quick search and saw a list of several that as far as I can tell can display Reolink streams (though I haven’t confirmed any can configure the cameras):
And some proprietary options that have native Linux builds:
I haven’t worked with Scribus but I’ve heard good things about it, so I don’t think you’d be making a wrong choice by going with it. For this use case, the main reasons I can think of for why LaTeX would be preferable would be:
Are you familiar with LaTeX? You can use plugins that generate PDFs that follow the PDF/X1-a standard and send the resulting PDFs to professional printers.
TeXStudio is a FOSS LaTeX editor that looks well-suited for your use-case.
Since LaTeX documents are just text and your images are already sorted and so on, you could even write a script to construct the first draft of your doc with the pictures arranged consistently, based off the files in your file system, then edit it to tweak it to perfection. You could also/alternatively create or use some reusable LaTeX patterns.
Small correction - iCloud Photos are only end-to-end encrypted if you enable Advanced Data Protection, which was introduced in December 2022, and otherwise Apple has the keys. See https://support.apple.com/en-us/102651 for more details.
So the uploaded photos in question couldn’t have been e2ee. Even so, it’s reasonable for people to question the legitimacy of e2ee given instances where it’s been shown to be a lie or for the data to also have been transmitted without e2ee, like Anker’s Eufy cameras’ “e2ee” feeds clearly being accessible without keys from the user devices, or WhatsApp exposing tons of messaging metadata to Meta.
That said, I personally wasn’t using iCloud Photos prior to enabling Advanced Data Protection, and I had a few deleted photos show up from several years ago, so Apple’s explanation makes sense to me. And, like you’ve pointed out, most of the speculation was devoid of any critical thinking.
If you use that docker compose file, I recommend you comment out the build section and uncomment the image section in the lemmy service.
I also recommend you use a reverse proxy and Docker networks rather than exposing the postgres instance on port 5433, but if you aren’t familiar with Docker networks you can leave it as is for now. If you’re running locally and don’t open that port in your router’s firewall, it’s a non-issue unless there’s an attacker on your LAN, but given that you’re not gaining anything from exposing it (unless you need to connect to the DB directly regularly - as a one off you could temporarily add the port mapping), it doesn’t make sense to increase your attack surface for no benefit.
I haven’t personally used any of these, but looking them over, Tipi looks the most encouraging to me, followed by Yunohost, based largely on the variety of apps available but also because it looks like Tipi lets you customize the configuration much more. Freedom Box doesn’t seem to list the apps in their catalog at all and their site seems basically useless, so I ruled it out on that basis alone.
I am trying to avoid having to having an open port 22
If you’re working locally you don’t need an open port.
If you’re on a different machine but on the same network, you don’t need to expose port 22 via your router’s firewall. If you use key-based auth and disable password-based auth then this is even safer.
If you want access remotely, then you still don’t have to expose port 22 as long as you have a vpn set up.
That said, you don’t need to use a terminal to manage your docker containers. I use Portainer to manage all but my core containers - Traefik, Authelia, and Portainer itself - which are all part of a single docker compose file. Portainer stacks accept docker compose files so adding and configuring applications is straightforward.
I’ve configured around 50 apps on my server using Docker Compose with Portainer but have only needed to modify the Dockerfile itself once, and that was because I was trying to do something that the original maintainer didn’t support.
Now, if you’re satisfied with what’s available and with how much you can configure it without using Docker, then it’s fine to avoid it. I’m just trying to say that it’s pretty straightforward if you focus on just understanding the important parts, mainly:
If you decide to go that route, I recommend TechnoTim’s tutorials on Youtube. I personally found them helpful, at least.
I use Standard Notes for most of my notes. For simple todo lists, I use the Checklist note type. For project planning I generally use the SN Kanban Editor and while it has some quirks, I find it works fine on desktop and acceptably on mobile. It saves notes in markdown so I’ll sometimes swap the note type, make bulk edits, and swap back. I also use some of the other editors from https://github.com/jonhadfield/awesome-standard-notes like the MermaidJS one.
For notes that I plan to share or want to work collaboratively on, I use Hedgedoc. I tried it out because of the name and icon, thinking of it as basically a Gist tool, but then started using it for more because of how great the experience has been.
This is a very surface level overview of the frameworks it covers. The title is a bit of a reach, as it wouldn’t give anyone enough information to make a more educated decision about which framework to use.
Are you the author? I think it could be improved by including:
If you are the author, I saw your article on Typescript and would also like to say that you can configure your linter to not warn about using any. There’s even a no-implicit-any rule that you can use if you only want explicit any types but don’t want, for example, responses from API calls to have that type by default.
That is a problem, but this post is not an example of that problem.
I’m not addressing anything Gitea has specifically done here (I’m not informed enough on the topic to have an educated opinion yet), but just this specific part of your comment:
And they also demand a CLA from contributors now, which is directly against the idea of FOSS.
Proprietary software is antithetical to FOSS, but CLAs themselves are not, and were endorsed by RMS as far back as 2002:
In contrast, I think it is acceptable to … release under the GPL, but sell alternative licenses permitting proprietary extensions to their code. My understanding is that all the code they release is available as free software, which means they do not develop any proprietary softwre; that’s why their practice is acceptable. The FSF will never do that–we believe our terms should be the same for everyone, and we want to use the GPL to give others an incentive to develop additional free software. But what they do is much better than developing proprietary software.
If contributors allow an entity to relicense their contributions, that enables the entity to write proprietary software that includes those contributions. One way to ensure they have that freedom is to require contributors to sign a CLA that allows relicensing, so clearly CLAs can enable behavior antithetical to FOSS… but they can also enable FOSS development by generating another revenue stream. And many CLAs don’t allow relicensing (e.g., Apache’s).
Many FOSS companies require contributors to sign CLAs. For example, the FSF has required them since 2005 at least, and its CLA allows relicensing. They explain why, but that explanation doesn’t touch on why license reassignment is necessary.
Even if a repo requires contributors sign a CLA, nobody’s four freedoms are violated, and nobody who modifies such software is forced to sign a CLA when they share their changes with the community - they can share their changes on their own repo, or submit them to a fork that doesn’t require a CLA, or only share the code with users who purchase the software from them. All they have to do is adhere to the license that the project was under.
The big issue with CLAs is that they’re asymmetrical (as opposed to DCOs, which serve a similar purpose). That’s understandably controversial, but it’s not inherently a FOSS issue.
Some of the same arguments against the SSPL (which is not considered FOSS because it is so copyleft that it’s impractical) being considered FOSS could be similarly made in favor of CLAs. Not in favor of signing them as a developer, mind you, but in favor of considering projects that use them to be aligned FOSS principles.
Is there some sort of block chain base registrars out there?
There are handshake domains, which are distributed on a blockchain, but sites that use them won’t resolve in browsers by default
If your Java dev is using Jackson to serialize to JSON, they might not be very experienced with Jackson, or they might think that a Java object with a null field would serialize to JSON with that field omitted. And on another project that might have been true, because Jackson can be configured globally to omit null properties. They can also fix this issue with annotations at the class/field level, most likely
@JsonInclude(Include.NON\_NULL).More details: https://www.baeldung.com/jackson-ignore-null-fields