Kid_Thunder
@Kid_Thunder@kbin.social
- Comment on Self-hosted website for posting web novel/fiction 6 months ago:
I see some comments recommending wordpress but wordpress is a security problem, especially if you're using 3rd party plugins. It is such a bad problem that their are 'wordpress security' applications but even then wordpress sites get hacked all the time. If you are going to use it, it is best to let some other host handle it for you if you don't know a whole lot about what you're doing.
There are many, many other content management systems out there. Some are lighter than wordpress and some heavier. They are all about posting and managing content. Most of them have some sort of user and authoring system. Once you're webserver is set up, many are written in a mixture of php and python so setting them up is generally drag and drop with either minor configuration file edits or wizards. Many of them have sections that you can set up using a labeling/tagging system. Most of them allow you to have the 'stories' as private or draft where you have to actually click publish before people can view them. Some have user roles systems where you can limit viewing and even editing between different roles for sections.
Generally, once their setup is done, they are point and click to do everything.
Here's a nice list of FOSS CMS' (which includes Wordpress of course).
- Comment on Self-hosted website for posting web novel/fiction 6 months ago:
Just to be clear you 100% have copyright protection as soon as you put pen to paper.
- Comment on Google Cloud accidentally deletes UniSuper’s online account due to ‘unprecedented misconfiguration’ 6 months ago:
Google Cloud definitely backs up data. Specifically I said
after an account is deleted.
The surprise here being that those backups are gone (or unrecoverable) after the account is deleted.
- Comment on Google Cloud accidentally deletes UniSuper’s online account due to ‘unprecedented misconfiguration’ 6 months ago:
Actually, it highlights the importance of a proper distributed backup strategy and disaster recovery plan.
Uh, yeah, that's why I said
it is good practice and frankly refreshing to hear that a company actually backed up away from their primary cloud infrastructure
The same can probably happen on AWS, Azure, any data center really
Sure, if you colocate in another datacenter and it isn't your own, they aren't backing your data up without some sort of other agreement and configuration. I'm not sure about AWS but Azure actually has offline geographically separate backup options.
- Comment on Google Cloud accidentally deletes UniSuper’s online account due to ‘unprecedented misconfiguration’ 6 months ago:
And the crazy part is that it sounds like Google didn't have backups of this data after the account was deleted. The only reason they were able to restore the data was because UniSuper had a backup on another provider.
This should make anyone really think hard about the situation before using Google's cloud. Sure, it is good practice and frankly refreshing to hear that a company actually backed up away from their primary cloud infrastructure but I'm surprised Google themselves do not keep backups for awhile after an account is deleted.
- Comment on EA wants to place in-game ads in its full-price AAA games, again 6 months ago:
Even though costs of AAA games have gone up for some games (certainly not all) because of the size of teams/labor hours, so have the volume of sales. Publishers have made more and more profit while the average price of AAA games had stayed about the same for a long time.
Games selling in the hundreds of thousands was considered really good decades ago but now those are in the tens of millions.
Publishers aren't having problems with profitability, so much so that they've been buying up large swaths of development houses and IPs and then dismantling them when they have a single flop.
EA's gross profit in 2010 was $1.6B, in 2014 was $3.03B and in the past 12 months have been $5.8B right now according to macrotrends.
But the current trends are unsustainable
The current trend in profitability is increasing, not decreasing. It isn't a minor trend or minor increases either.
Major publisher profitability has vastly increased in spite of stagnant game prices. They don't have to increase prices to increase growth. It is simply that the market allows the increase of the price with more profitability and so they do.
- Comment on EA wants to place in-game ads in its full-price AAA games, again 6 months ago:
Even though costs of AAA games have gone up for some games (certainly not all) because of the size of teams/labor hours, so have the volume of sales. Publishers have made more and more profit while the average price of AAA games had stayed about the same for a long time.
Games selling in the hundreds of thousands was considered really good decades ago but now those are in the tens of millions.
Publishers aren't having problems with profitability, so much so that they've been buying up large swaths of development houses and IPs and then dismantling them when they have a single flop.
EA's gross profit in 2010 was $1.6B, in 2014 was $3.03B and in the past 12 months have been $5.8B right now according to macrotrends.
But the current trends are unsustainable
The current trend in profitability is increasing, not decreasing. It isn't a minor trend or minor increases either.
Major publisher profitability has vastly increased in spite of stagnant game prices. They don't have to increase prices to increase growth. It is simply that the market allows the increase of the price with more profitability and so they do.
- Comment on FCC explicitly prohibits fast lanes, closing possible net neutrality loophole 6 months ago:
I was trying to find the old Level 3 blog post but didn't because I believe they basically said that Comcast needed to upgrade its infrastructure and never did. Netflix was the cashcow they saw to essentially make them pay for it.
You're right on about CDNs and edge / egress/ingress PoPs. It also keeps it cheaper for the likes of Netflix/Amazon/etc. in the long run with the benefits of adding more availability.
- Comment on FCC explicitly prohibits fast lanes, closing possible net neutrality loophole 6 months ago:
I found this wikipedia article about backbones and peering but it really isn't that great but in the results it also came up with this pretty good presentation from Carnegi Mellon. I was only going to browser a few of the slides but the information isn't really all that much and the illustrations are good. I think Prof. Nace did an excellent job here. Much better than I would have.
- Comment on FCC explicitly prohibits fast lanes, closing possible net neutrality loophole 6 months ago:
The problem historically isn't that streaming services are paying for fast lanes but that they have to pay not to be throttled below normal traffic. In other words, they have to pay more to be treated like other traffic.
Even crazier is remember that there are actual peering agreements between folks like cogentco, Level 3, comcast, Hurricane Electric, AT&T, etc. What comcast did that caused the spotlight was to bypass their peering agreement with Level 3 and went direct to their end customer (netflix) and told them they'd specifically throttle them if they didn't pay a premium which also undermined Level3's peering agreement with Comcast.
Peering agreements are basically like "I'll route your traffic, if you route my traffic" and that's how the Internet works.
- Comment on How come liberals dont hate conservatives the way conservatives hate liberals 6 months ago:
The conservative strategy has been to polarize politics in America in order to have a very aligned power. This means that if you aren't 100% behind them, then you are an enemy to them.
It is only through this that the GOP can both say that they are protecting individual freedoms but limiting or taking them away (of course opponents to this will be quick to point out the one and only counter point which is fighting against restrictions of the 2nd Amendment and only that), say that they are for smaller government but yet want private companies to be regulated that attempt to censor hate and misinformation (which has nothing to do with the 1st Amendment when it comes to non-government entities) yet still say that they are for businesses to operate as unrestricted as possible. They are anti-union because they are corrupt and take away accountability yet strongly support the worst of the worst of unions -- the police unions. The GOP constantly cries that there's a nanny government, yet they push laws to restrict people's choices, censor libraries and try to tear down citizen protections. The GOP cries that this country's deficit is out of control but when they are in power, they over spend. They complain that public schools indoctrinate but at the local and state levels attempt to indoctrinate in public schools. They talk about needing to stay in power to turn America around, yet when empowered in all three federal branches fails to pass meaningful legislation and run the government that they are overseeing and yet blame the government because they will eat each other alive for their own individual gains.
There so much more but the GOP is a party of hypocrites. Without polarization mixed with some fear mongering their party would likely cease to exist with any real power because they do not stand for the ideals that their own voting base supports.
The GOP constantly tries to create an environment of being constantly under attack and spews hate. Their voter base is simply a product of that.
- Comment on How RCS on iPhone Will Make Texting Better for Everyone 6 months ago:
Samsung didn't have to do anything. It uses the Jibe API to be a part of E2E when using RCS.
- Comment on How RCS on iPhone Will Make Texting Better for Everyone 6 months ago:
Well sure. You've got to trust that Jibe isn't man in the middling the key exchanges but regardless, it doesn't change what I said.
- Comment on How RCS on iPhone Will Make Texting Better for Everyone 6 months ago:
Not true. Both Samsung and Verizon messages uses RCS, so long as your carrier has implemented RCS.
- Comment on How RCS on iPhone Will Make Texting Better for Everyone 6 months ago:
They are also the only RCS supplier on Android. A random messaging app can’t simply add RCS messaging functionality.
You are correct that an app can't directly implement RCS but it can support it. RCS is implemented by the carrier, not by Google or any other text application.
RCS is an open standard that any carrier can implement to replace SMS/MMS. The only thing special that Google does is on top of RCS is provides E2E via its own servers for handling messaging. The E2E isn't a part of RCS, though it should be IMO. Regardless, Google doesn't 'own' the Android implementation because it isn't a part of Android, other than it can support the carrier's implementation of RCS.
- Comment on How RCS on iPhone Will Make Texting Better for Everyone 6 months ago:
That's not true. Even Microsoft Windows' phone app supports RCS itself as a client with Android. What you're referring to is Google's own RCS servers that performs E2E, which is outside the RCS standard itself (currently).
- Comment on Bodycam video shows DA calling cop an “a**hole” after being pulled over for speeding 6 months ago:
Officer: Why am I an asshole?
DA: I'm the Monroe County DAShe also offered a lame apology. I'm sure she would have skewered someone else who acted like that, including charging them for running from the police.
She sucks. I hope she's going to be pushed out of office.
- Comment on [Gamers Nexus] Exposing Corruption: EK's Prison Threats, Lawsuits, Dangerous Workplace, & Leaked Documents 6 months ago:
It looks like to me that its set up purposefully to obfuscate its structure. I'd also assume the reason for the loan for 15% of shares was so the parent essentially isn't really just a sole owner to protect them from liability.
- Comment on Meta’s “set it and forget it” AI ad tools are misfiring and blowing through cash 6 months ago:
The best part is when the business customers had to use an AI chatbot for support which was as helpful as the AI Adbot.
- Comment on The walls of Apple’s garden are tumbling down 6 months ago:
Right now the closest we have to that is running ampere clusters. I'm saying that because it is going to be some years before any phone GPU/CPU is going to be able to effectively run a decent AI model. I don't doubt there will be some sort of marketing for 'boosting' AI via your phone CPU/GPU but it isn't going to do much.
It is far more likely that it will still continue to be offloaded to the cloud. There is going to be much more market motivation to continue to put your data on the cloud instead of off of it.
- Comment on The walls of Apple’s garden are tumbling down 6 months ago:
It's already here. I run AI models via my GPU with training data from various sources for both searching/GPT-like chat and images. You can basically point-and-click and do this with GPT4All which integrates a chat client and let's you just select some popular AI models without knowing how to really do anything or use the CLI. It basically gives you a ChatGPT experience offline using your GPU if it has enough VRAM or CPU if it doesn't for whatever particular model you're using. It doesn't do images I don't think but there are other projects out there that simplify doing it using your own stuff.
- Comment on giving out food bags to employees 6 months ago:
In the US they do not get a tax break for that unless they break the law. You can however take a tax deduction for it.
- Comment on giving out food bags to employees 6 months ago:
In the US they do not get a tax break for that unless they break the law. You can however take a tax deduction for it.
- Comment on If you’ve got an EV, Google Maps is about to become much more valuable | New updates address one of Americans’ top concerns about owning an electric car: finding a place to charge 7 months ago:
Maybe they'll replace it with a few of the features of Waze but without ads, adds stuff that have been asked for by people for years and the Google Maps look, call it Google Ways and act like it's going to be continued to be developed as Google Maps 2.0. Then Google Maps goes away but Google Ways never gets updated with anymore features.
All the competitors on the market lose a large part of their customer base now.
Then one day Google Maps makes a reappearance to replace Google Ways. You can now select an icon to represent your car but otherwise, it has no Waze features and has less features than the original Google Maps but they promise they'll be porting those features over. They never do.
That's pretty much the kind of thing I expect from Google.
- Comment on If you’ve got an EV, Google Maps is about to become much more valuable | New updates address one of Americans’ top concerns about owning an electric car: finding a place to charge 7 months ago:
How about adding speed limit without a destination, showing house/building numbers around you, traffic overlay without a destination, allow voice response to if reported hazards/speed traps/whatever is still there, better lane assistance, turn or which side the destination is on preview on the turn before so you know which lane to be in? Maybe a Recents list that doesn't seem like its just a shuffle of a few random locations you've been to maybe once in the last 6 months?
Maybe some of that has been added somewhat recently?
- Comment on YouTube’s ad blocker crackdown now includes third-party apps 7 months ago:
The problem is that there is that ad networks and ad placements are just bad actors in the consumer space. Not only has malware been passed time and time again with ads but also false ads to malware. When that happens suddenly the content creator/website/whatever 'isn't responsible' for it. Then there's the issue of ads being placed everywhere slowing down websites but even worse, getting in the way with auto play audio and video, videos autoscrolling over the content you're trying to read or whatever, etc.
As a consumer, I should not and ethically do not need to worry about another's business model. If the business model fails simply because I don't allow something that model depends on to traverse my network then it is on them to figure it out. If the ads get in the way of the content, then I just want consume the content anyway.
Some news websites use Ad Admiral or whatever it is called and I haven't bothered trying to bypass the adblock wall for them. I just simply consume the content elsewhere.
- Comment on Stuck on Let's Encrypt certificate issuance due to firewall issue even after opening necessary ports 8 months ago:
Sounds like you have nothing listening on port 80 that resolves for your domain for Let'sEncrypt to verify that you own the domain. You need a webserver listening on port 80 and that Certbot can access if you're using the http method.
- Comment on How do conspiracy theorists get all of their coveted secret government information if it's meant to be hidden and the government would never hand it over? 9 months ago:
YouTube, Facebook, forums and pretty much any echo chamber. Pretty much anything that has replaced AM radio and shitty newsletters. In the ~2020's also parroting politicians -- I'm sure I don't need to go over the last 4 years of examples, so how about the Bowling Green massacre that never happened?
- Comment on Anybody here running AD on-prem in your homelab? 9 months ago:
The SSH keys don't help me if I get locked out of a Domain Controller unless you're using OpenSSH (which is now a native feature you can turn on). In that case you can actually still log into the DC via command line because it authenticates based on authorized_keys and not the LDAP of the DC. I actually do this on the enterprise, not because I may get locked out but because it is just convenient. Granted you'll have to execute powershell on the command line once in to use the AD cmdlets.
On the other hand when you create a DC now-a-days (Server 2019...I don't remember if this is asked in the wizard when in Server 2016) you can create a "Directory Services Restore Mode" which is basically a local admin account on the DC that you can log into only when the DC is booted into safe mode. You'll be asked to create it when you promote your DC.
- Comment on Anybody here running AD on-prem in your homelab? 9 months ago:
Personally I use FreeIPA for my LDAP. I like that I can create sudoers rules from one centralized place and manage ssh keys across all clients. Granted I could just use Ansible I suppose, which is how I update multiple distributions in my network and online but I like that I can just change SSH keys and sudoers from one place easily instead of changing tasks/roles. I also usually run cockpit even on my non-Red Hat distros with SSH keys just so I don't have to log into everything though it is somewhat limited outside of the Red Hat sphere.
If you don't want to use ProxMox or some other specialized HyperVisor ecosystem, you can also use Cockpit to manager your VMs along with your Pods. I wish there'd be more attention to it for features because it feels like it could do a lot more.
I also don't really worry about locking myself out for two reasons:
-
I use SSH keys.
-
I also have a break-glass local account on every system...with SSH keys. If its on your local network, you can use VNC/VM console/Remote Desktop with a local account while only allowing SSH with keys if you'd like. Just make sure if you're going to allow remote access outside of your network that you never forward the VNC/RDP ports. For SSH when I do this I always pick some random port -- never default and never common ones like 2222 to at least keep my logs less noisy from the botnet auto attacks.
For my online VPS' I use a firewall with geoIP from Maxmind and drop all ports but 443 from the world, except for whatever country I'm in. I drop all packets from certain countries that seem to auto-attack more often than others. I try to drop packets from all known (to me) Shodan scanners. If I'm not traveling I just restrict all other ports to my public IP's subnet though my IP hasn't changed for years. For status checking services like StatusCake, I use the "push" method instead using a simple cron job with curl instead of relying on servers around the world checking my ports. In this case, the services just check that my server has successfully hit them within X minutes to be "up".
-