That kind of makes sense? Aren’t the labs when they’re A/B testing or benchmarking new features before general release and toggle random people’s settings doing so? I vaguely recall some drama around that.

If I turn off telemetry I want those off too, it makes sense they’re linked. It you want a new feature there’s always nightly+about:config, but I don’t want it downloading random config toggles especially if it’s not reporting back that it broke my stuff. The code should be what I installed, not some random lab blob downloaded off their servers at runtime.

It seems to have picked up “circle” as the distro. You’ll need to replace that with the matching Ubuntu or Debian version of what this version of ElementaryOS is.

It’s derived by both a key from the TEE and the PIN/password.

The reason for that is so you need both the user’s correct password, and the TEE to agree to hand out the key, which it may refuse to do if there’s been too many attempts. When you factory reset it just generates a new key, instantly making all the previous data permanently inaccessible. The TEE will also wipe the key if you unlock the bootloader or try to break in the wrong way.

It’s still only roadblocks though, extract the key from the TEE and you have unlimited attempts on what are usually weak 4-6 digit PINs. It’s not a lot of tries. Then you better hope you had a good password.

Biometrics are worst than a pin in a situation where your phone us hooked up to Cellebrite, because most likely they can just take your fingerprints, or make you press the sensor by force. Or even worse with facial recognition, because they can just wave the phone in front of you to unlock it.

It’s generally not super good otherwise either, at least not as a reliable way to derive an encryption key while being tolerant enough to damaged skin and positioning and all.

Biometrics are a good compromise for daily convenience: most people care about if they lose their phones or it gets stolen, and a thief will just factory reset it and flip it especially of the full qwerty keyboard pops up. Biometrics are still usually backed by a PIN or password, so biometrics makes it bearable to use a strong password since you only need to enter it once every couple days. And that password is the encryption key, so in BFU state you’re safe.

It was made back when Facebook had that old style UI, in 2010. And then interest in Facebook’s format kinda died, and so did the interest in the project.

What do you want the UI for? For configuration it’s usually meh because it’s the kind of thing you configure by config file, often generated config files even. For stats it’s where it gets interesting, usually third-party options like Grafana is used along with something like Prometheus to collect the metrics.

When it comes to easy configuration, newer options go for the zero configuration angle rather than a nice UI to configure it. Just need some Docker tags and Traefik automagically configures itself, so the UI is just for viewing information.

I don’t remember the exact details but it didn’t work right. That was arguably a couple years ago on a server distro approaching EOL, may have been long fixed. It involved Android 4.4.

Few of them for most use cases, especially a VPS. My server have a couple of IPs each mapping to a different VM, they can all claim 22/80/443 as you’d expect, but that’s just basically the same as having a bunch of VPSes anyway.

It’s useful for some other uses like, I might want to dedicate an IP for VPN exit that doesn’t expose any services.

Another use is sometimes you just want two things to stay entirely separate, even if on a technical level it could work with a reverse proxy. It can eliminate some class of exploits like request smuggling.

One use case I’ve had for a customer is they have a system that can only do TLSv1.0, which is wildly obsolete and exploitable. So that particular API endpoint was served from a secondary IP, that way I can continue to enforce TLSv1.2+ on the primary IP. It’s possible with some reverse proxy magic with HAproxy, but I could also just make a new server block in the existing NGINX bound to that IP and call it a day.

How do you guys without aphantasia manage to read when there’s pictures whizzing around your head all the time??

For me, the book and my surroundings completely disappear, the whole thing turns into a dream-like movie experience. I don’t see letters or words at all, it becomes an unconscious process that keeps feeding the dream and it looks similar to fuzzy AI videos.

Sometimes the process of getting pulled out into reality again can be brutal: suddenly it’s 3h later and I have to look around and take a moment to settle back. If you dream while you sleep, it’s like when you suddenly wake up while you were in an intense dream, takes a moment to process. I’m really completely gone in another world the whole time.

Í wonder if visualizing what you read slows people down.

Not really, I can read very fast too and also visualize it at the same time, like full blown movie. I think it’s more indicative of information processing abilities in general: I can generally keep up watching lectures at 3x speed and notice things on screen almost instantly too.

I’m super efficient at filtering information too: I’ll look at a paragraph in some documentation and immediately see “If you’re in X special case, then…” at the 5th sentence in the middle of the paragraph when skimming through documentation. Or of course skipping details I don’t care about.

Ideally, socialism isn’t just “the government provides for your needs”, it goes the other way around too. The point is to come together, pool resources and combine our strenghts. There’s no free handouts, you give and you receive.

You shouldn’t have to enforce a birth rate cap if the population understand that they need to match society’s capacity to expand and build the infrastructure. You’d announce the recommended number and danger number, and people would organically organize to on average make it, knowing their large family could lead to famine.

The main problem here is

If all basic needs were met (food, shelter, and medical)

That part does a lot of heavylifting there. People only play nice all together when society is working for them, people need to respect the society they live in. When scarcity happens, people become selfish, it’s survival of the strongest, and everything falls off the rails and naturally goes to capitalism and hoarding resources. The population cannot lose faith in the system.

Overlay2 support is really nice. I had to use the ZFS driver for it and boy does it pollute your zfs list output.

Also pretty excited about the user properties, it's gonna make initramfs mounting a lot easier over the somewhat buggy parsing of the output of zfs list. Same for encrypted home directories, now I can set a custom user property on them to easily enumerate what my PAM script is supposed to mount/unmount with the user password instead of hardcoded paths.