Don’t let people steal your device to break into it and replace the login software with a compromised version…

People not even checking the PKGBUILDs will also not check sandboxed applications to see if it was actually done properly…

While you are right in general, you are just creating a file with a <user>:<hashed password> line without any identifying context. So have fun searching the world for where I might have actually used it. Sounds like a really bad use of ressources to create list of passwords.

PS: Yes, as an Arch user I am still pissed that this tool is not available in the repos beside installing the complete Apache server…

The options to password protect it are in the (usually /etc/radicale/)config file under [auth].

For proper security you could use

type = htpasswd

htpasswd_filename = /etc/radicale/users

htpasswd_encryption = bcrypt

then create a users file with apache tools (htpasswd -c -B users User1) or one of the million online htpasswd file creators.

Wait? Aren’t we also boykotting passwd because it has an optional field for your complete real name?

Occasionally I need to run an “occ” command after an install to fix some indexes

That then fails and breaks it (in about 1 out of 3 cases). Which requires rolling back everything, running the commands again pre-update, then updating and praying to not have to do another re-install (~ 1 out of 5).

I actually moved away from classical self-hosted cloud storage solutions after trying the usual suspects like opencloud, nextcloud etc.

And for me the time and effort (also the ressource-hogging if you don’t use quite overpowered servers) just weren’t worth it. Not when the used interfaces most of the time are open standards anyway and simpler solutions do the job:

Radicale for contacts and dates via a webdav subset. Webdav concidently being widely supported for integrating online storage into any filesystem (or as the backend for several other things like for example syncing my bookmarks over several devices and browsers). SFTP or the million tools being just a frontend for it.

One shiny platform like for example Nextcloud to do it all might be nice for a lot of users when they have someone dedicated to maintain it. But for selfhosting (as in: mainly for myself) the constant attention needed to fix stuff was quite tedious.

When I think of “Google Drive” or “Dropbox” alternatives nowadays it’s just a drive hooked up to some low-spec device and accessed via one (or several) already existing open standards.

(Bonus point: that lost phone is simply cut off by deleting its keys - unlike so many dedicated platform where you have to manage -if you even can- multiple dedicated users and their rights just to easily separate your personal access from your devices that are by design not all equally secure.)

Most ads are gone when your DNS blocks them anyway. Can’t you change your DNS on iPhones? Preferably to secure ones, too.

If only there was a difference between out-of-tree and kernel modules for Realtek’s network stuff, but the driver quality and performance is most of the time abyssal anyway.

And already patched in mainline.

Let’s see how many hours it takes for backports to all generally supported versions in common distros.

Update: Kernel 7.0.5 just released

Fixes: cac2661c53f3 (“esp4: Avoid skb_cow_data whenever possible”)

Fixes: 03e2a30f6a27 (“esp6: Avoid skb_cow_data whenever possible”)

Fixes: 7da0dde68486 (“ip, udp: Support MSG_SPLICE_PAGES”)

Fixes: 6d8192bd69bb (“ip6, udp6: Support MSG_SPLICE_PAGES”)

That may be true for private machines, but having user access to a machine, yet not be allowed admin rights is not actually a rare setup in the wild (read: servers… where the actual money is, not on that boring thing sitting under your desk)

While that is true in general, combined coal power plants also only sit at about 50% on average, 65% with the most modern ones.

So burning stuff in a power plant, then adding some more loss in transfer, is not actually much better.

Which of course is not an argument against EVs but against coal and gas power plants. In the end they are still just glorified rather primitive steam machines.

Gnome is good for people who like their philosohy and design and opt for less customisation. That’s enough.

Pretending that Gnome is good because you can customise it with just these few tools (that will totally not break with every upgrade) however is stupid and in line with “look Windows is totally okay after you spend 12 hours with tweaking the install with these 3rd party tools”.

“…reduce…”

Sure… 😂

A bug in Apple’s notification system allowed extraction even when the message that triggered the notification was deleted.

This means access you any text you got. This means a list of any incoming calls. This means all your appointments that your phone reminded you of.

And instead we get a story about deleted Signal messages, prominently featuring Signal in the thumbnail and picture while failing to mention any of the other implications of that Apple-specific bug.

How is that accurate or even just sane reporting? Either it’s an incredibly stupid take or there is an actual agenda focusing on Signal here. And when I see several of those (including stuff like people falling for phishing attempts and giving away access to their devices being reported as “Hackers getting access to Signal account”) within just a few days I tend to assume the latter.

Wasn’t my point. What’s going on with Signal to tell the story of accessing deleted Signal messages (and multiple other Signal hack/ bug/exploit headlines I’vs seen within a short time frame) when this is exactly zero about Signal?

There was an Apple bug that allowed restoring information from their notification system. So Apple leaked info from Apps that used the notifications. From any App. Why is this talking about Signal? Why not a “Apple patches bug that allowed access to E2E encrypted WhatsApp messages”? Why not “bug that allowed access to your call history even after deletion”? Because those are all equally true. What’s reason we are talking about Signal here.

And to add more context: the exact same was true for the other “Signal bug/hack/exploit” articles I mentioned. No actual connection to Signal at all, yet that was always the story told.

Apple fucks up and leaks all private information that passes through their notification system? “Bug that allowed to read Signal messages!” Idiot fell for phishing attempt and logged into a fake website giving someone else full access to their device? “Hacker managed to access XY’s Signal account!”. I left my door standing wide open when leaving to work and got robbed? “Locked doors don’t actually protect your stuff!”

Those 3 statements are equally stupid. I am pretty sure the third one would trigger you to question either my sanity or if I think you are an idiot and why I would try to convince you that doors are useless. Why don’t the other two?

What actual news did I miss that triggered the half a dozen fake hacked/bug articles regarding Signal I read in the last 48 hours?

Would be nice to leave all the legacy 32bit stuff behind then…

But seeing the mess that is the Steam App on Linux, that will probably take another decade.