Fortunately, it was the imaginary half, dislocated from the real one

Every other doctor agreed

The difference is that tourists are not a somehow disadvantaged group. My livelihood isn’t endangered because I can’t go to a tourist spot in Spain somewhere without being heckled (though, when I actually was in Spain, everyone was nice, but Madrid isn’t that much of a tourist spot compared to others).

Also, in some cases, it isn’t “the rich” – I too love to point out the issues they cause – but sometimes, it’s just ordinary people hoping to make a quick buck buying up property to rent it out on AirBNB. Yes, it’s also rich foreigners getting property everywhere for themselves, which is a problem. But “the rich” don’t bother with AirBNB, they just build hotels, and these normally don’t compete with normal housing.

Raceism, specifically centering around skin colour and related features, is actually pretty recent and pretty Western.

If I may take a guess, it’s also because up until historically recently, larger groups of ethnicities didn’t know that other such groups existed. To be racist, you need to be aware of people you’d clarify as another race

It’s not like homophobia (or, say, racism) is unique to western civilizations.

It’s funny how the bigots insist that only what your birth certificates states is relevant for anything except for when they don’t like what it says.

Client data absolutely is encrypted in TLS. You might be thinking of a few fields sent in the clear, like SNI, but generally, it’s all encrypted.

I never said it isn’t, but it’s done using symmetric crypto, not public key (asymmetric) crypto.

Asymmetric crypto is used to encrypt a symmetric key, which is used for encrypting everything else (for the performance reasons you mentioned).

Not anymore, this was only true for RSA key exchange, which was deprecated in TLS 1.2 (“Clients MUST NOT offer and servers MUST NOT select RSA cipher suites”). All current suites use ephemeral Diffie-Hellman over elliptic curves for key agreement (also called key exchange, but I find the term somewhat misleading).

As long as that key was transferred securely and uses a good mode like CBC, an attacker ain’t messing with what’s in there.

First, CBC isn’t a good mode for multiple reasons, one being performance on the encrypting side, but the other one being the exact reason you’re taking about: it is in fact malleable and as such insecure without authentication (though you can use a CMAC, as long as you use a different key). See https://pdf-insecurity.org/encryption/cbc-malleability.html for one example where this exact property is exploited (“Any document format using CBC for encryption is potentially vulnerable to CBC gadgets if a known plaintext is a given, and no integrity protection is applied to the ciphertext.”)

As I wrote in my comment, I was a bit pedantic, because what was stated was that encryption protects the authenticity, and I explained that, while TLS protects all aspects of data security, it’s encryption doesn’t cover the authenticity.

Anyhow, the point is rather moot because I’m pretty sure they won’t get a certificate for the IP anyways.

Public key crypto, properly implemented, does prevent MITM attacks.

It does, but modern public key crypto doesn’t encrypt any client data (RSA key exchange was the only one to my knowledge). It also only verifies the certificates, and the topic was about payload data (i.e. the site you want to view), which asymmetric crypto doesn’t deal with for performance reasons.

My post was not about “does TLS prevent undetected data manipulation” (it does), but rather if it’s the encryption that is responsible for it (it’s not unless you put AES-GCM into that umbrella term).

Right, and for the challenge, you need to have access to a privileged port (which usually implies ownership), which you won’t get assigned.

Let’s Encrypt are rolling out IP-based certs, you may wanna follow its development. I’m not sure if it could be used for your forwarded VPN port, but it’d be nice anyhow

It shouldn’t be because you’re not actually the owner of the IP address. If any user could get a cert, they could impersonate any other.

I believe encryption helps prevent tampering the data between the server and user too. It should prevent for example, someone MITM the connection and injecting malicious content that tells the user to download malware

No, encryption only protects the confidentiality of data. You need message authentication codes or authenticated encryption to make sure the message hasn’t been transported tampered with. Especially stream ciphers like ChaCha (but also AES in counter mode) are susceptible to malleability attacks, which are super simple yet very dangerous.

Edit: this post is a bit pedantic because any scheme that is relevant for LE certificates covers authenticity protection. But it’s not the encryption part of those schemes that is responsible.

I’m all for alternatives, regardless of whether I’m gonna use them, but in my opinion, one of systemd’s big advantages is that you’re not relying on scripts for service management; scripts mix configuration with logic and this was a big reason why a lot of distributions switched to systemd in the first place. The init scripts (that they had to write themselves) were sometimes getting very large and complex in order to cover interdependencies (both to other services, but also to eventual mountpoints) and ordering.

Now, please don’t see this as a general criticism of this init system, firstly I’m not an expert on the subject, second I don’t believe there is the one and true design that covers all cases. My criticism is more towards the reporting about this when comparing to systemd.

There are comparisons that state that this isn’t the monolith systemd is. From the author’s own blog in comparison to runit:

nitro favors a monolithic approach, and keeps everything in a single process. This makes it also easier to install for containerization.

So if you’re really into that “do one thing and do it well” mantra, use something different. Note: personally, I think use what does the job best, and if you think nitro does a particular job better than systemd, go for it. I’d guess that it could be particularly suited better for the last three bullet points in the OP compared to systemd, but that would need to be tested in practice.

Anyhow, if you hate systemd or another piece of free software, go touch grass.

Duh

I really don’t care about people not being sober as long as they can function correctly.

Regardless of the rest you wrote that I disagree with, she crashed her car on the way to the flight that she was removed from, blaming the steering. Not sure how that would qualify as “function correctly”

A lot of people have no idea about aviation safety, it shows in these kind of threads. I worked in aviation for about 5 years, so I at least have an idea, though I’m far from an expert (about a year as a technical officer in the German Air Force, more of a management role but you still get the basic safety courses like Maintenance Resource Management training, four years of procurement for a maintenance IT system), and how some people approach the subject stumps me. Flying isn’t the safest mean of travel because of its nature, but rather because of rigid rules at every step of the process that are enforced by supervisors and inspectors.

Literally heard this phrase Sunday: Accidents don’t happen – they’re caused.

I’m not worried. I don’t live my life around freak accidents. This really doesn’t need to be national news ruining her life if there wasn’t a crash before hand, that’s the real issue.

I mean she literally crashed her car on the way to the flight she was finally removed from? I agree it’s weird that this makes the news, but it’s probably because the case is so odd…

Expecting a shit wage employee to act better than cops (let’s set that bar real low) in a dangerous event is silly.

It’s shameful that Virgin pays so little. But then again it doesn’t excuse going on the job drunk. Don’t take the job, go on strike for better conditions, all fine by me. But don’t show up drunk to your job where you operate safety equipment. Too much to ask? Also I do expect cops not to be drunk

Probably, but then again that’s not the only possible accident; she was planned on an intercontinental flight that day, but it could just have been Rome or something; and even over the ocean, an aircraft has rafts, it might not save you in the very middle, but if you go down close to a coast, you want the crew to be able to handle emergency equipment and not be tipsy

I know you jest, but the flight attendants’ primary job isn’t catering, but safety. Some passengers seem to forget that. Passengers are required to follow their orders, not the other way around; their hospitality doesn’t mean they have to take one’s bullshit.

So yeah I’d personally prefer if the people in charge of safety on a flight weren’t intoxicated. Usually that’s a pilot privilege

I would have expected a far more accurate version would have been made and accepted long ago.

The earth is a three-dimensional globe, all two-dimensional projections will be incorrect, you can only choose which aspects (e.g. distances, areas or whatever) you want to keep correct.

Good luck on the journey! What I meant is that over time, you’ll realize that what you did was probably not the most elegant was to do something, at least that’s my experience with my config. Like, I started with a flake with an explicit config for each machine (basically multiple nixosConfigurations) and then turned it into a lib with functions to turn a set of hosts from json into an attribute set (kind of a simple inventory done). My last efforts that are still ongoing (cough) are splitting my NixOS modules off into a separate flake using flake-parts.

I do understand you meant having the stuff that your need work, I just wanted to hint that the language is very powerful and as such, most configurations have room for improvement, as in learning to do things more efficient or do things that weren’t possible before.

I think one could argue this but it’s immaterial. My point remains the same. The lack of a universal installation method makes deployment expensive on Linux, and confusing for users.

If you’re fine with an executable just writing stuff to your system, then .sh is Linux’ universal installer format.

It’s true there are degrees of backwards compatibility here, but Windows is king

I agree, Microsoft has invested a lot into backwards compatibility and some nifty tricks to deal with DLL hell which was a huge issue in the past and as a result, provide the best backwards compatibility, as long as you stay on x86-64. Nowadays, each .exe basically sees its own sets of dlls in the filesystem. I agree it’s best there. My point was rather that it’s not as bad on Linux as people make it out to be if the application was packaged correctly. Going forward, I think stuff like Valve’s Linux Runtime can provide compatibility.