> a basic level of device security across all iMessage threads I have
Is that really true though? Jailbroken phones, iMessage may still work. Any device security gets thrown out the window.
You also can't expect everyone to have an Apple device for security, which we've seen time and time again SS7 being weak - So is the requirement to remove SS7, for everyone to jump on the Apple train?
I see Beeper as doing Apple a service, not so much a competing platform, but a gateway to the iMessage ecosystem - 'Hey, this would be pretty cool to use without this app and have it native' vs the 'Only Apple devices can use this.'
> Apple closes exploits which allow jailbreaking, precludes it in the EULA. What more would you have them do?
Preventing jailbreaking is not a good thing, in part since that's what allows us to check on what Apple is doing on the device, in regards to privacy, security and e2e encryption. If nobody can check, do you suppose we just accept their statements about the device as fact?
> More and more of the internet is now moving behind Cloudflare
This is a big double-standard here on HN. Everyone hates Google for making decisions on behalf of the internet as a whole; yet Cloudflare has done the exact same thing with a different OSI layer.
I'm not very trusting of Google, but I certainly dont trust Cloudflare any more-so, because they keep things much closer to the chest.
> Cloudflare essentially centralizing the Internet is disturbing to me.
Maybe different people have different standards, and HN isn't a completely homogeneous group with a single viewpoint. Just like every other group where individuals are free to express themselves.
I think we can trust them for now. They seem like good people and company. I don't know what's at stake in the future, but Mozilla has trusted their service, so there's bo good reason not to.
For the overflow, Jagex with RuneScape did it in Java. They also did stupid Object arrays 7 or so levels deep, doing casts on casts in between. The bytecode itself made the actual runtime slow to a crawl (anywhere from 5 to 10x slowdown.) This was circa 2014.
Spit-balling; when will they put GSM chips in them? The cost of a data-plan could easily be reached with estimated figures for ads and selling usage data.
GSM is old-hat. The new cool is 5G chips embedded in TVs, and they are coming. And you won't be able to opt out unless you build a Faraday cage around the TV.
For maven, to push artifacts via the correct mvn deploy:deploy-file requires a S3 wagon (transport layer) software to actually make the S3 calls. For bigger orgs, having everyone use a wagon is a non-starter.
All I'm seeing this does is give the proper http endpoints so you dont need the wagon. Is it worth ~2x the price, no, but it's better than the other enterprise-y solutions.
It should be noted that SameSite was broken with Google Sign-in because Google themselves never set the None attribute before they reverted the rollout in April. [0]
Samesite won't break it if you set it none. Eg samesite=none Google failed to set it before the official rollout.
Reason is that sso effectively uses an iframe or popup to a 3rd party auth provider (Google, Microsoft, Auth0...) Provider saves a cookie with that state (from something like accounts.google.com) and usually reads it back from first party context.
If samesite is not set to none, supporting browsers are not allowed to write cookies on the auth domain from the firstparty context, and so the firstparty scripts don't think it ever happened, even though it did. First party scripts can't read it and so sso failed.
We've seen the GDP number manipulated during this crisis, Gov propping the economy up with lots of self-debt that we cant pay back.
We've seen that other developed counties in the world bawk at us. Example being the American woman who killed a guy in the UK by driving on the wrong side; and the US said she had diplomatic immunity, when she did not. [0]
Crime stats... Crime isnt crime if it isnt punished or even taken to the courts proper. A sitting president was impeached, but not removed from office. He was charged with high-crimes. If you need a statistic, just look at how stacked the government is from a 2-party system.
The VPN is optional purchase. I mentioned it since the setup is a bit misleading. The DNS blocking is free and on-device and available to run after skipping the VPN part. Pi-hole is harder to get right with a mobile device on the go unless you are hosting on your server. This is basically an app with a subset of features of pi-hole. iOS is very restrictive and to enable the on-device firewall you do need to use the VPN functionality but you can check the VPN profile it installs that references 127.0.0.1.
If you can figure out another way to pull it off, I’d wager you could make a fair bit of cash. Or at least get a job offer at a lot of places you might like to work.
> See what's happening on your devices with in-depth Analytics and real-time Logs.
> Protect your kids and control what they can access online.
Their pricing page is also extremely troubling.
> We may adjust this later on based on actual costs at scale, but it will follow this logic.
What the hell is this Mozilla... This is not a company you should be dealing with. They tell you up front that they log and monitor... They also aren't at scale, and have to learn lessons the hard way with outages.
Where on earth is a transparency report for NextDNS? They were started in March, and I would think that Mozilla would check their requirements before giving the 'lets add them.'
If not specifically requested by the user, no data is logged. Some features require some sort of data retention. In that case, our users are given the option, control, and full access on what is logged and for how long.
> Protect your kids and control what they can access online.
Yes, god forbid some parents would like to have a little bit of control and the ability to protect their children from seeing obscene material when they're too young to handle it.
Evil! Mozilla needs to quash these terrible people! May they burn with Brendan Eich!
"Protecting your kids" is often "we log everything and have complete visibility over how people are using our service, and we're willing to share a bit of that with parents to spy on their children". It's a valid concern to have unless there's evidence to the contrary.
I assume every single DNS provider is logging and, if possible, selling my data. Why wouldn't I? This is actually why I use my own DNS server and resolve against the root, like anyone else who cares about privacy ought to be doing.
Still, if your goal is to block your kids' access to things, DNS is a good place to do it. Works across all your devices and doesn't require any install.
I can't speak for them, but I do the same thing and use a VPN to resolvers on numerous VPS providers. Those talk upstream to the root servers. Between the min-ttl cache at each layer and the large number of resolvers, correlation of my DNS requests is non trivial. I also ensure that client subnet EDNS is blocked.
They do via the SNI header, but Firefox already includes support for encrypted SNI. So if the server supports that, all the ISP gets is the IP of the server you're connecting to. If that IP only hosts a single domain, then they can still tell, but in other cases (think sites behind Cloudflare, or using shared load balancers), they can't.
Or actually, they might still, using side-channel attacks, but it's significantly harder to accomplish, especially at scale.
Thanks. I have heard of pi-hole and know what it does (though I haven’t setup one myself). I’ll take a shot at it. I was wondering what stack the GP was using, where it was hosted and what the costs were.
Further, any mention of homosexuality is often considered to be inherently and unmistakably morally obscene, such as by the One Million Moms group, or as described by various state GOP platforms. This would include the narratives on whether lesbian or gay parents exist.
One of the positives of DNS-level blocking is that it's relatively rough-grained. You can block pornhub.com, but you can't block out every mention of homosexuality at the DNS level without blocking any site that may potentially mention it, which would include any news site, discussion forum, social media, etc.
We should be skeptical of aggresively-enforced DoH. In most cases, the vendor's interest in stopping ad blockers is stronger than their interest in protecting user privacy. Mozilla is slightly more removed, but as they're dependent on The Big G for revenue, we're basically just waiting for that shoe to drop.
Technology should not be inserting itself into the private lives of people and determining the values they can raise their children with. This is something parents should have as a tool. If you don't like it, tough; go raise your kids the way you want to. There's no reason why someone with traditional values shouldn't be afforded the ability to selectively block things they find obscene.
Nobody is fighting over whether you're going to be doing site-by-site blocking, because that's too exhausting and people know that.
That's why companies have to exercise moral taste when they do a blanket ban on moral obscenity, and that's precisely the kind of product that people mean to purchase -- curation and tastefulness. It's also why it's interesting for people to fight over this, because they're fighting over a policy of scale as opposed to what goes on in one single home.
And presumably this company would later be interested in dealing with schools and other big institutions, which means their product takes on yet another critical dimension, which is the re-allocation of responsibility for making morally tasteful decisions.
In both B2C and B2B, the refusal to exercise moral perspective, taste, and curation is missing the soul of the product. But of course not all areas of tech is for everyone; some people don't wish to work with advertising companies, and that's fine too, but advertising companies likewise make policies of scale and must exercise moral and political taste.
Yes, so one should expect that religious sites describing the healthy mode of heterosexuality should remain visible, while sites discussing homosexual parenting ought be stricken via DNS. Is the positive you're talking about summed up as "it's not that bad"?
It's well within any parent's rights to block content like that, yes. If I can prevent my children from seeing obscene and objectionable things until they're old enough to have reasonable conversations about it, I will.
That doesn't mean I want to raise bigots, it just means I want to do what I can to ensure the narratives being pushed on my children are wholesome ones that will help them to grow up to be useful, contributing members of society and parents as well.
Maybe you don't care about that for your own kids; that's on you, champ. I'm not arguing for anything censoring anyone else, or anyone censoring what any adult reads.
Proxmox is good with the large exception of high speed interconnects.
If I have Mellanox IB cards in my servers, proxmox fails to handle ipoib without a lot of legwork. Compare that to something like oVirt; that supports it out of the box.
There is very little incentive for me to recommend a proxmox subscription to any of my clients because having >= 40 gbit interconnects is far better than using lags on single gbit. High traffic internal applications, (and migration!) benefit so much from those interconnects.
I have run dual 100gb mellanox in it with no problems without the IPoIB. It seems a pretty specific problem that is probably related to the mellanox cards and not to proxmox, as similar bugs show up with mellanox in oVirt.
Is that really true though? Jailbroken phones, iMessage may still work. Any device security gets thrown out the window.
You also can't expect everyone to have an Apple device for security, which we've seen time and time again SS7 being weak - So is the requirement to remove SS7, for everyone to jump on the Apple train?
I see Beeper as doing Apple a service, not so much a competing platform, but a gateway to the iMessage ecosystem - 'Hey, this would be pretty cool to use without this app and have it native' vs the 'Only Apple devices can use this.'