Hanging on in quiet desperation is the English way

This is great and all, but what I really need is an alternative picture of shel silverstein to put on the back of the book.

This argument implies there’s an easy way for you to perform the reproducible builds on iOS, but it’s quite involved and requires a jailbroken iPhone. Overall this is more a limitation of apple and not signal.

Even if you were able to perform a reproducible build of Signal on a jailbroken iPhone, there’s no way to confirm that the stock iOS Signal app will match, or has a backdoor that got added in a supply chain attack that only is delivered to non jailbroken phones. You could use a jailbroken iOS device, but then it could be lagging behind updates and be even more vulnerable from zero days.

The real pressure here should be on Apple to provide a way to verify a build of an open source app matches what is being installed via the app store, but for some reason this is being framed as a Signal issue, which is disingenuous.

Not having reproducible builds is definitely weird though. Does anybody have more information on that?

They boast this as a feature, but on the instructions for how to do this for iOS, even Telegram admits “As things stand now, you’ll need a jailbroken device, at least 1,5 hours and approximately 90GB of free space to properly set up a virtual machine for the verification process”. Browsing the steps, it’s extremely complex, and doesn’t seem like something that is very user friendly and that you’d do weekly or monthly when a new version is released.

On the GitHub issue linked to in the body, it’s disingenuous to claim they refused to implement this, and that the technical hurdles Apple has in place make this extremely difficult which halted progress. In the community forums where the conversation was moved to, someone pointed out that even if you were to reproduce it on a jailbroken iPhone, that there’s no way to confirm that non-jailbroken iPhones aren’t receiving a version with a backdoor.

And even if you are using a jailbroken device exclusively and can confirm the reproducibility of the iOS app, then the risk becomes the latest available jailbroken iOS could be outdated from the real versions, and you’d have other issues with not receiving timely security updates. This same issue applies to Telegram also.

Exactly, like how an ocean liner is a step up above a sailboat. That doesn’t mean you’re unsinkable and don’t need to worry about icebergs.

Windows is banned in my household, so l’m not worried about malware.

This is a false sense of security and just because you’re not running Windows doesn’t mean you’re immune to everything and can let your defenses down. For example, KDE recently had to announce that downloading themes will execute arbitrary code and cited someone who had personal information deleted because of downloading a theme.

I do the same thing, and one morning, I woke before my alarm and left my phone in the bedroom to take a shower. Learned that day that my wife doesn’t know PEMDAS.

Clearly yes, as this post outlines, these candidates weren’t smart enough to use ChatGPT

The hostages are believed to be Santa #or men of military reserve age

If your services are not stateless, work to make them such so you can learn about scaling in the cloud, which can even be done w/ VM-based services. how much more agility using cloud vs a DC gives you

This can’t be understated. Embracing elastic idology to remove single points of failure and decoupling stateful aspects of applications has been the biggest takeaway of being part of several migrations of services to AWS. Implementing these into your practices as you grow is a huge benefit that may is worth the cost.

Over time, if the scale you’re operating at grows, using experience/knowledge from AWS and applying it to running services in a datacenter could be beneficial. In my experience, if you have a large, consistent, asynchronous workload which you’ve maxed out on reserved instances or savings plans, it is likely cheaper to operate on your own hardware than in the cloud (or get credits from GCP or Azure to migrate services to reduce costs). This is where avoiding vendor lock-in is key.

have y’all factored in all the time/money spent on maintaining the server hardware, power, DC cooling, etc. too?

For sure, this isn’t 2007 where you need to purchase servers and network equipment to start a website. For most startups and small businesses, operating in the cloud will be less expensive upfront and likely over the first 3 years. This isn’t a one size fits all approach though, and it’d be prudent to evaluate the cloud spend periodically and compare with what’d it’d cost to manage it entirely. Obviously you’d need a team competent enough to manage this, without it going to shit.

Just when I thought Facebook couldn’t go any lower.

That’s not an allowlist though, SimpleLogin was on a denylist, possible because of high rates of spam. An allow list would be if they only allowed @gmail.com for example. If you have your own domain and set it up to use Proton Mail, you shouldn’t have any problems.

I’ve never encountered a site which had an allow list of domain names. The hardest thing about self hosting an email server is most home ISPs will block SMTP as it’s a source of spam. Usually this requires business level ISP or an SMTP relay, both which aren’t usually free from what you’re already paying for home internet.

The scene with the tractor beam was pretty great though.

https://www.srenity.online/

Is the former employer of your friend trying to claim ownership of the project after laying him off??

Good point, I’m not against the transparent salary, my company lists a salary range, and knowing I’m at the top of my range for my position is rewarding.

If it’s working for them, that’s great. I wonder how they deal with resentment if someone is not contributing as much as everyone else. Knowing compensation is equal for differing level of work could result in higher performers reducing their effort, leading to an overall decline in the work the team is doing.

I just was reading Wikipedia and it said he was arrested previously for hacking.

In 2015, when he was still a teenager, a Finnish court found Kivimäki guilty of more than 50,000 aggravated computer break-ins. Among other targets, he attacked large educational institutions in the US, hijacking emails, stealing credit card details and blocking site traffic.

Kivimäki received a two year suspended sentence for those charges.

https://yle.fi/a/3-12669196

You’re probably right he had some connection and stumbled onto the data, but this wasn’t his first rodeo.

I was in your camp for a while and just kept it on my watchlist for forever. Eventually I figured I would probably sink 100+ hours into the game, so the cost per hour of entertainment was quite low. After getting it and playing for more than 100 hours, I can say I’m happy with the purchase and it’s worth it.