So, the web uses a system called chain of trust. There are public keys stored in your system or browser that are used to validate the public keys given to you by various web sites.

Both letsencrypt and traditional SSL providers work because they have keys on your system in the appropriate place so as to deem them trustworthy.

All that to say, you’re always trusting a certificate authority on some level unless you’re doing self signed certificates… And then nobody trusts you.

The main advantage to a paid cert authority is a bit more flexibility and a fancier certificate for your website that also perhaps includes the business name.

Realistically… There’s not much of a benefit for the average website or even small business.

I’d give up any and every gun point in favor of police reform, proper election and transition of power legislation, and climate change.

Actually, I think they have it exactly right. The problem is Republican voters views and priorities have been misaligned with their respective party representatives for at least a decade.

This is no more evident than in evangelical voters jumping through hoops to justify a detestable candidate of poor morals.

What Trump, the tea party before him, etc represents to folks that adore them is quite different than what those things are.

So the local machine doesn’t really need the firewall; it definitely doesn’t hurt, but your router should be covering this via port forwarding (ipv4) or just straight up firewall rules (ipv6).

You can basically go two routes to reasonable harden the system IMO. You can either just set up a user without administrative privileges and use something like a systemd system level service to start the server as that user and provide control over it from other users … OR … if you’re really paranoid, use a virtual machine and forward the port from the host machine into the VM.

A lot of what you’re doing is … fine stuff to do, but it’s not really going to help much (e.g. building system packages with hardening flags is good, but it only helps if those packages are actually part of the attack surface or rather what’s exposed to the remote users in someway).

Your biggest risk is going to be plugins that aren’t vetted doing bad things (and really only the VM or using the dedicated user account provides an insulation layer there – the VM really only adds protection against privilege escalation which is pretty hard to pull off on a patched system).

My advice for most people:

• Make a new user on the system to run each game you want to run
• Run the game using systemd and that user
• Use something like kopia + the root user’s crontab (easier than systemd timers, but systemd timers also work) to backup the files on disk

For Minecraft in particular, to properly back things up on a busy server you need to disable auto save, manually force save, do the backup and then enable auto save again after your backup. Kopia can issue commands to talk to the server to do that, but you need a plugin that can react to those commands running on the server (or possibly to use the server console via stdin). Realistically though, that’s overkill and you’ll be just fine backing up the files exactly as they are periodically.

Kopia in particular will do well here because of its deduplication of baked up data + chunking algorithm that breaks up files. That has saved me a crazy amount of storage vs other solutions I’ve tried. Kopia level compression isn’t needed because the Minecraft region files themselves are already highly compressed.

I got banned from signal’s subreddit for talking about how telegram works and the case for it.

I mean there’s quite clearly a victim here, the child.

I’ve been reading her book, the truancy thing is interesting. She had data that showed that kids that weren’t showing up at school, particularly young ones, didn’t learn how to read sufficiently well, and then fell behind in school and struggled to catch up, they then ended up struggling later in life, and often ending up either as victims or perpetrators of crime.

So, she used the California DA’s office to enforce truancy laws across California, encouraged reaching out to fix the problems at home if at all possible, and also encouraged reaching out to folks that had been written off as “not caring” (she cites an example of a father that hadn’t been paying child support but upon learning that his daughter wasn’t going to school, started taking his daughter to school every morning, and volunteering in her classroom).

Of course this is all by her account, but that sounds overall quite positive to me.

Have you ever seen a vacuum chamber? Science does suck … and it’s fucking awesome at it. 🥁

rclone or rsync is probably better but see my reply a few comments down (the very long one) about protocol aware cloning vs just cloning things at the file system

They do have versioning: https://docs.syncthing.net/v1.27.7/users/versioning

Of course, you actually have to use that, it has to work, and you have to have a strategy for reverting the state (I don’t know if they have an easy way to do that – I’ve never used the versioned side of things).

I have had some situations where Syncthing seems to get confused and doesn’t do its job right. I ran into this particularly with trying to sync runelite configurations and music. There were a few times I had to “force push” … and I vaguely recall one time where I was fighting gigs of “out of sync” in both directions on something and just destroyed the sync and rebuilt it to stop … whatever it was doing.

Don’t get me wrong, it’s a great tool for syncing things between computers; but I would not rely on it for backup (and prefer having a backup solution on top of the synced directories). There are real backup tools out there that are far better suited to this sort of thing. I suggested Kopia, you should get some integrity checking using its builtin sync (as it won’t be able to figure out what to sync if your origin is corrupted); you won’t get that with a straight up rsync or a syncthing, they’re not application-aware enough to know they’re about to screw you over.

Restic has a similar feature but I’ve always found Restic’s approach much more frustrating and not-at-all friendly for anyone less than a veteran in systems administration. Kopia keeps configuration in the repository itself, has a GUI for desktop use that runs jobs for you automatic, automatically uses the secrets manager appropriate for your operating system, etc … Restic you kind of have to DIY a lot of basic things and the “quick start tutorial” just kinda ignores these various concerns.

Even if you plan to just use cron jobs, Kopia will do sane things with maintenance. Restic last I checked you still need to manually run maintenance tasks and if any job maintenance or otherwise fails, you need to make sure to unlock the repository (which if you haven’t set up notifications … well now you’ve got a silent backup failure and your backups aren’t running).

I just kept running into a sea of “oh this could be bad” footguns with Restic that made me uncomfortable trusting it as my primary backup. I’m sure Restic can be a great tool if used in expert hands with everything appropriately setup; but nobody tells you how to do that … and I get the feeling a lot of people are unaware of what they’re getting into.

The folks making Kopia … they seem like they really know what they’re doing and I’ve been very happy with it. We’re moving from rsnapshot to Kopia at work now as well (rsnapshot is also fairly good you’ve got a bunch of friends with NASes that support hard links and SSH, but it’s CHATTY and has no deduplication, encryption, data integrity verification is basically left to the file system – so you better be running ZFS – etc).

Duplicati’s developer is back too, so that might be something to keep an eye on … but as it stands, the project has been bit rotting for a while and AFAIK still has some pretty significant performance issues when restoring data.

You could use kopia for this (but you would need to schedule cron jobs or something similar to do it).

The way this works with kopia… You configure your backups to a particular location, then in-between runs there’s a sync command you can use to copy the backup repository to other locations.

Kopia also has the ability to check a repository for bad blobs via its verify function (so you can make sure the backups stored are actually at least X% viable).

Using zerotier or tailscale (for this probably tailscale because of the multithreading) would let you all create a virtual network between the devices that lets them directly talk to each other. That would allow you to use kopia’s sync functionality with devices in their homes.

Syncthing is not a backup tool and may very well destroy all your data on its own (though this is rare).

I think … this is going to be an uphill battle. If you’re in NYC, maybe you’ve got a shot (simply because there are so many folks around).

However, you’re looking at a minority of a minority probably within a minority of folks that you’d find attractive that are in your age group (unless liking Linux is literally the only thing that makes someone attractive to you).

I’ve been off and on dating sites myself for years in the Northeast Ohio area. I’ve used them since my early twenties and I’m now 29 really only having had one relationship come from them that actually went past a few dates; that unfortunately ended last year … and she was in the medical field and almost completely uninterested in computers (the outdoors is what we bonded over mostly).

My advice (speaking openly as someone that … doesn’t love where he ended up): keep an open mind, try and find hobbies that you genuinely like that are more likely to involve women, and just … focus on meeting people.

Unfortunately for me, I’ve found most of my hobbies outside of computers to be pretty unhelpful in meeting women (e.g., one of them is hiking, while plenty of women do it at least occasionally, starting a conversation with a girl who’s all alone in the middle of woods or in a group with her friends … well I’ve yet to do it, despite being a fairly social person elsewhere these days).

If you’re in college, definitely take advantage of the first few years when you’re doing gen-ed classes to meet people outside of any computer science related major … and maybe consider taking some classes that just are more likely to have women in them as electives. If someone you meet is not interested, take it at face value, maybe keep them around as a friend but move on, leave the “win over the girl that wasn’t interested” stuff for the movies (I’ve never seen it work).

Votes already are public to all server admins (I can see exactly what you voted for in communities my instance knows about).

Go for it, use a personal anecdote if you have one about how you or someone you know was bit by not putting blocks in front of the wheels.

If you don’t have one… make up a white lie about how your now deceased great uncle Johnny told you he left a trailer out without blocks on a little slope like that and it rolled into the street.

The anecdotes / a story can be a … easier path to selling the truth that can feel a bit more humbled vs “I know better than you, so do what I say.”

Exotic, extravagant, unconventional, unique come to mind

I sincerely doubt they’d be asking that. Many of them would probably be happy we’d moved past that point.

https://www.history.com/news/declaration-of-independence-deleted-anti-slavery-clause-jefferson

My understanding is that many of them saw it as more of a necessary evil vaguely justified on racial grounds. We need to be willing to talk about and acknowledge America’s racist history with the slave trade, but we also need to understand the era and the fact that it was never broadly accepted as the right way to do things.

This might make folks uncomfortable, but it’s not all that dissimilar to folks buying cheap imported stuff today built primarily for the US consumer in sweatshop conditions, via outright slavery, and/or with various child labor schemes often at an extreme cost to the health of the environment. We’ve made things better but we’ve also recreated some of the problems that we’d destroyed in the WW II era with the justification of indirection (“well I didn’t do it, the big company I bought from did it”) instead of racism.

I fully expect a future generation to hold us to the pitchforks for buying cheap junk on Amazon or at Walmart and not ever asking “what behavior am I supporting? How did they make this at this price?”

You let the supreme court say that the president is above the law!?!

My parents are that way, dad is an atheists and mom is a christian that doesn’t actively attend any church (and hasn’t in decades).

Huh, TIL…