Both ends of this are frustrating. Buying a domain either as a purely speculative asset (as the judge correctly labeled this purchase as) so you can 1) get under someones skin enough to make them want to buy the domain from you, or 2) just buying up every popular or potentially popular domain just to sell if off is scummy behaviour that ideally this guy should never have been able to do in the first place.

The other end of this I don’t like though is the possibility of somebody being able to convince a judge that they should own your domain and then just being able to take it. In this case I think the judge ruled correctly but the idea that somebody (especially in the US government) would be able to just take away my domain on a whim is terrifying when you can’t just go to people and say “hey, the person you are going to this domain for has now moved and is now here”. Things like e-mail address, monitoring, firewall exceptions and many self-hosted sites assume that the owner of the domain does not change hands without permission, and trust the domain blindly. Taking away a domain isn’t just like taking away somebodies nickname. It’s taking away their online identity and forced impersonation.

I really wish there was a way to address each other in a decentralised way that doesn’t just push the problem down to something like a public key, where the same problem exists except now you worry about the key being compromised.

The fact that we have ways to coordinate globally unique addresses that we collectively agree on who owns what is a feat. It just sucks that it’s also something which somebody can take away from you.

“We should privatise service X so it’s more efficient” X collapses “We can’t afford to let X fail despite the fact that it ran at massive profits all the way to it’s collapse so we’ll bail it out” THEN WHAT WAS THE POINT OF PRIVATISING IT IN THE FIRST PLACE?!

You can take on the burden of running the thing and therefore the cost of making it public, or you can allow it to be private with the caveat that they must pay a substantial (enough for the government to not be at a net loss) tax as a kind of insurance in the event a bailout is needed, but don’t take on the worst of both worlds where the profits are private and the losses are public.

It surprises me that companies like Uber depend on them. You’d think that by the time you’re as big as Uber that you’d be able to just endure a DDoS but I guess the threat of multi-terabit DDoSs and the cost of the associated downtime would be enough to scare anybody smaller than AWS.

What about 2nd 54th route?

I understand (to agree degree) going after AI companies for reproducing the lyrics in a way that would not normally be protected by copyright but outright scraping is going too far from a moral standpoint.

There’s a good argument to be made about abusing their resources to do the scraping as I’ve heard complaints of site owners getting overwhelmed by AI crawlers but provided you’re not doing that I think scraping should be allowed generally speaking even if the operator disallows it, since without that search engines break and archival (especially to prove malice) go out the window.

I’m inclined to take an approach of “you can ingest whatever you want, but you are liable for reproduction, and if preventing reproduction is too onerous, then you probably should get the licences to permit it or don’t ingest that data”. Even that has some caveats since that reasoning would decimate social media services and personal/community spaces if actually enforced which is kinda what Safe Harbor helps protect.

It would help! It would establish that an archive was made no later than the date it was recorded on a blockchain (assuming the archiver isn’t also the one the made the original content in which case they can upload it after making the “archive”). You would still need to prove the trustworthiness of the archived data and at the moment the only thing we have for that is just trusting the archiver.

You could do something like have multiple archivers archive the same site in s stripped down for like plain text (so that differences caused by time or day, ads, etc don’t change the hash) and that way you can say that X amount of archivers agree that the site looked like that at that time.

It occasionally catches things that archive.org misses too. Also really nice to have an alternative.

It’d be nice to have a way of doing decentralised archiving while still keeping the trust. If you’re trying to prove that a site really said something at a certain date to another person, pointing to your own archive is kinda useless.

[REDACTED] deleted

Signal does have a censorship circumvention feature in the advanced settings on iOS which may work when this hits provided you already have the app installed. Never had to use it though.

I could see it being an issue for more privacy-oriented sites. I imagine some Lemmy and Mastodon users might be less inclined to have to login to Apple, Google or Microsoft to be able to interact with others even if the vast majority of users are fine with it. Would be nice for somebody to come up with an open-source service that handles some more basic age verification so other services can just self-host it instead of each platform implementing their own logins. By basic age verification I mean things like matching user behaviour to users with a known age and maybe some face scanning. Nowhere near perfect and it’s a constant cat and mouse game, but maybe enough to be compliant with the law.

If age verification wasn’t being made mandatory in Australia for social media sites I think it could be a great idea for some services especially if the verification is done by the government with the same level as photo ID. Think dating apps, finance and marketplace sites where having a higher level of confidence that the person you are talking to is who they say they really matters, especially if law enforcement need to be involved down the line. Even if you the user can’t verify the identity of the other person, law enforcement could, and the site might be able to block alt accounts. The credential theft problem still exists of course so it’s no silver bullet, but it’s a lot better than what we have now.

You can work around it in both cases. SecureBoot will only prevent you from running non-signed boot loaders. If that breaks then you just turn off SecureBoot while you work on the issue (assuming SecureBoot failing isn’t due to a compromised boot loader) and the machine will boot normally minus any data stored in the TPM such as the encryption key. For the encryption key, this is something you are supposed to keep a copy of outside the TPM for scenarios like this. On Windows consumer PCs, this is stored in your Microsoft account or the place you specify when enabling it. For Azure or AD-joined PC’s this can be stored in Azure or AD.

The only ways SecureBoot and encryption will burn you are if there is data stored in the TPM that you don’t have a backup of or way of re-creating, or if the encryption headers on the drive are lost. That said, if you aren’t using a TPM some Windows features will break regardless and if the drive is so messed up that the encryption headers are lost then you’re probably back to backups anyway.

As somebody who often ends up using Reddit like Stackoverflow and in some cases needing the Internet Archive (IA) to find the original post after it’s been deleted or garbled, I think this is a wakeup call for those go to Reddit both to get technical help and to post it. More than ever, Reddit is becoming an unreliable place to find answers for old obscure issues and if they are going to lockout places like the IA then I think it’s time people stopped contributing their solutions to Reddit.

For the vast majority of users Linux is just a worse deal. Only thing that really comes to mind that Linux does that users care about is that it will support that hardware that Windows 11 will leave behind, and even those users will happily just run Windows 10 without updates and if that bites them in the ass then maybe they’ll upgrade or just ask their IT friend to use a bypass to make Windows 11 at least work on their old hardware.

Otherwise, of the things users actually care about, Linux has worse app support to the point that even pro-Linux users would rather dual-boot that lose access to their games and worse hardware support. Linux also has a problem of not being well understood by a lot of tech folk so if you bring somebody onboard you better be ready to be their only point of support.

ChromeOS is probably the best example against this since it is basically just a browser, the laptops it sells on are substantially better value than their budget counterparts and realistically a lot of the people buying them are parents for their kids so the user’s preference is substantially pushed aside in favour of cost. The SteamDeck is another good counter-example since it essentially refuses to compete with the PC gaming market by calling itself a handheld.

Linux is stuck in the crappy position of needing more users to get more software and hardware support but users need better software and hardware support for Linux to make sense compared to Windows. It’s getting better and Valve’s efforts have steadily brought the Linux gaming percentage up but it’s still the enthusiast OS.

By all means encourage it’s usage though. Linux is a far more open and privacy-respecting option and the more tech folk and basic-usage users that adopt it the better!

Sounds like this is not the same as S mode but only related to it based on the article. I hope Microsoft kill the cancer that is S mode.

Just hope they (Facebook and friends) give you the choice to delete OR verify those accounts and not require verification to delete it.

Same in Australia. From memory the law has already passed, it’s just got a delay on it to give companies a chance to implement it.

I might be mistaken, but isn’t using a mixer considered money laundering in the US?

Ah you’re right about the GDPR part in the article! My bad. Signing might be the best bet in that case since it avoids storage IF you were to try and implement this kind of system.

The idea of having them send an e-mail to an address containing their IP is clever, however you need to authenticate that the person who sent the e-mail is either somebody who queried your site, or somebody that got the address from somebody who queried your site or else you could just figure out how to generate that base64 yourself and impersonate somebody else’s IP address which could have catastrophic results if you then fed these IPs into something like a block list and suddenly you’ve blocked Microsoft/Office 365. To be fair, I doubt anybody is going to try and reverse engineer one person’s code to then figure out how to impersonate who sent spam, but if this became a widely distributed program you could just pull off Github then it would be more concerning.

A couple ways to solve this:

1. Sign the information before encoding it in Base64 so you can verify it came from your site and wasn’t just spoofed. This has the upside of being stateless since you don’t need to keep a record of every e-mail you’ve generated but comes with the disadvantage of spending CPU time signing the text which could be exploited as a DDoS.
2. Spit out a random e-mail address and record which e-mail address was given to each IP. Presumably you wouldn’t hold on to this list forever since IPs change owners frequently and so an IP that was malicious 1 month ago could be used by a completely different person now and so you can trim this list down once a month to avoid wasting disk space. You’d probably also want to keep some amount of these requests in memory (maybe 10Mb or so) to avoid ruining your IOPS.

All this said, I think your time is better spent with the using unique e-mail aliases as the author suggested but with 2 changes: 1) use aliases which are not guessable to prevent somebody from making it look like somebody else was hacked (e.g. me+googlecom@ gets compromised, but the spammer catches on and sends from me+microsoftcom@ instead to throw off the scent) and 2) don’t use me+chickenjockey@, use chickenjockey@ or else the spammer can just strip “+chickenjockey” from the address to get the real e-mail address.

Eh it depends. I’m fortunate enough to be in a good IP block so I don’t get my e-mails dropped purely on that. It’s been a good learning experience and I’ve leaned on my own server a number of times for troubleshooting at work since I can see the whole mail flow. The only problem I have is the free Outlook/Hotmail will not accept my e-mails. Everybody else seems fine. All that said, I don’t host anybody else’s e-mail so I haven’t had any spam come out of my IP, and I would never in a million years host e-mail for a customer.