thesmokingman

The claim is that audio and video are E2EE. I’m not sure how you’re unable to disprove that using the linked code, audit report, and COTS debugging tools. Can you expand on that? I see a lot of FUD without anything more than “they’re not libre” which, again, doesn’t do a great job of selling your point.

Interesting. I was able to access the linked whitepaper and repositories without trouble and the 3rd party stuff too. Do you have local config preventing you from downloading the source code to review?

While I can respect your distaste for non-libre software, you’ll need to back up the malware claim. There are real security concerns out there in common non-libre; labeling things that are not libre as malware solely because they are not libre muddies the waters and makes your message much less palatable.

You’ve turned this into a catch 22. If there were no female characters, you could argue that’s sexist. If the idiotic boss was female, you could argue all of the dumb characters are female so that’s sexist. If Jarod were the only female, that would be sexist.

How does this sketch get rewritten in such a way that it is not casually sexist?

The reason to use mono over dotnet is political. This is stirring up some really old shit; I expect a continuation of that shit now. Mono is currently MIT as is dotnet core. Who knows what direction each project will go now? MS has a history of fucking with licenses and Wine uses copyleft setups.

Microsoft has had dotnet-core for awhile. If you are running production dotnet loads (eg a C# app), you’ve probably been using those Linux containers for awhile. This doesn’t surprise me; they usually aren’t interested in maintaining an open version of software they have more restrictive licenses for. Enterprises will continue to use dotnet-core and Microsoft will probably do something to shoot mono in the foot in a few years.

Let’s assume you’re arguing in good faith here so we can understand why land deeds and URLs are completely different.

Deeds are managed by a central authority. There is an agreed-upon way(s) to view and search those deeds. There is a single authority to update or remove deeds. The items the deed refers to also are controlled by a single authority and changing them has a single process.

URLs are registered (loosely) with a central authority but the similarities end there. I can impersonate a URL on a network (even up to large chunks of the internet if I’m able to confuse DNS in a large enough attack). So just because you’ve bought the domain referenced in the blockchain and set up some name servers doesn’t mean any consumer of the blockchain or even the internet is guaranteed to hit your instance of the domain. All a URL is is a reference to something so let’s assume for a minute we can have a global reference. What’s behind it? Again, completely uncontrolled. For now it could be your NFT; what happens if I am your hosting provider and destroy your instance? Move your hardware? What’s to prevent you, the owner of the assumed global reference, to change what that uniform resource locator is actually locating?

Land deeds and URLs are not analogous. Land and the content served at a URL are not analogous. Let’s look at NFTs quickly to see if we can actually do something about this!

Since we have a single-write, read-only database, why not store the full thing in the DB? Well, first you have to agree on a representation. It has to be unchanging so we can’t use a URL. It can’t ever duplicate so realistically hashing is out (unless our hash provides a bijection which is just a fancy way of saying use the fucking object itself). Assuming we’re only talking about digital artifacts (attempting to digitize a physical asset is a form of hashing meaning we get collisions so you can’t prove ownership), we’re now in an arms race for you to register all of your assets and their serialization methods before I brute force everything. Oh and this needs to live everywhere so it can be public so you need peta-many petabyte drives. But wait! Now we’re burning the sun in power just to show you have ownership of 10 and I have ownership of 01. Fuck me that’s dumb.

That’s not how that works.

There is literally no way to opt out of Google’s data collection if you are going to use their products. Using another frontend shifts the data profile but it still exists and provides value to them. It’s reasonable to say it’s a bad thing. It’s unreasonable to say there are no other ways. I grew up in a public library and I can still get most of the information I need from a public library without Google products (things I can’t get usually come through inter-library loan or direct connections with subject matter experts at, say, a maker space). This seems to be less of “I’m against invasive corporations” and more of a “I don’t like the solutions available to avoid invasive corporations.”

If you care about that you don’t use YouTube at all or support creators that do. Even using 3rd party apps or services feeds into that. This feels like a serious non sequitur on any thread about any Google product.

I pay for YouTube Family. I consume a lot of YouTube and I want to support the creators I watch. At its current price point, YouTube Family is reasonable. Several households in my family get ad-free YouTube for what is a reasonably low price point for each household.

If the price goes up much (eg if I were paying the single price of $11 per household), the creators I really enjoy continue to get pushed out or change content because of shitty ad rules, or they pull the whole “must be in the same household” bullshit I would drop it in a heartbeat just like I’ve dropped most streaming providers. Streaming has become cable and YouTube has been shooting itself in the foot by forcibly changing content for advertisers. I come to the platform for content, not advertisers.

To be clear, usually there’s an approval gate. Something is generated automatically but a product or business person has to actually approve the alert going out. Behind the scenes everyone internal knows shit is on fire (unless they have shitty monitoring, metrics, and alerting which is true for a lot of places but not major cloud or SaaS providers).

Speaking from 10+ YoE developing metrics, dashboards, uptime, all that shit and another 5+ on top of that at an exec level managing all that, this is bullshit. There is a disconnect between the automated systems that tell us something is down and the people that want to tell the outside world something is down. If you are a small company, there’s a decent chance you’ve launched your product without proper alerting and monitoring so you have to manually manage outages. If you are GitHub or AWS size, you know exactly when shit hits the fan because you have contracts that depend on that and you’re going to need some justification for downtime. Assuming a healthy environment, you’re doing a blameless postmortem but you’ve done millions of those at that scale and part of resolving them is ensuring you know before it happens again. Internally you know when there is an outage; exposing that externally is always about making yourself look good not customer experience.

What you’re describing is the incident management process. That also doesn’t require management input because you’re not going to wait for some fucking suit to respond to a Slack message. Your alarms have severities that give you agency. Again, small businesses sure you might not, but at large scale, especially with anyone holding anything like a SOC2, you have procedures in place and you’re stopping the bleeding. You will have some level of leadership that steps in and translates what the individual contributors are doing to business speak; that doesn’t prevent you from telling your customers shit is fucked up.

The only time a company actually needs to properly evaluate what’s going on before announcing is a security incident. There’s a huge difference between “my honeypot blew up” and “the database in this region is fucked so customers can’t write anything to it; they probably can’t use our product.” My honeypot blowing up might be an indication I’m fucked or that the attackers blew up the honeypot instead of anything else. Can’t send traffic to a region? Literally no reason the customer would be able to so why am I not telling them?

I read your response as either someone who knows nothing about the field or someone on the business side who doesn’t actually understand how single panes of glass work. If that’s not the case, I apologize. This is a huge pet peeve for basically anyone in the SRE/DevOps space who consumes these shitty status pages.