who would use this?

Very resource constrained systems, systems where consistent admin between *BSD and Linux is important. Containers where you have reasons to break the single process practice.

Your phone. Haven't looked into Android images for at least a decade but it was just simple bash scripts back then.

My phone does not run Devuan.

People who hate idiots that put the verb before the noun.

I have never seen this happen.

I have however experienced that a ISP will write to you because you have a faulty modem (some Huawei device) and asks you to not use it anymore.

Visit eBay and search for "blocked IMEI" or variants. There are plenty of used phones which are IMEI locked due to either: reported lost, reported stolen, failed to make payments, etc.

All offers seem to be from the US.

I the lines between IMEI banning or blacklisting and the modern unlocking techniques they use have been blurred a little bit and so some carriers and some manufacturers don't really want to do or spend time doing the IMEI stuff and would prefer to just handle it all via their own unlocking and locking mechanisms.

it's all lowercase anyway at parse time.

rate-limit-remaining would be nicer than ratelimit-remaining

only if looping information is stored inside the container.

Bug tracker where they lied about "not enough interest".

change port.

After years of cargo-culting this advice—"run ssh on a nonstandard port"—I gave up and reverted to 22 because ssh being on nonstandard ports didn't change the volume of access attempts in the slightest. It was thousands per day on port 22, and thousands per day on port anything-else-i-changed-it-to.

It's worth an assessment of what you _think_ running ssh on a nonstandard port protects you against, and what it's actually doing. It won't stop anything other than the lightest and most casual script-based shotgun attacks, and it won't help you if someone is attempting to exploit an actual-for-real vuln in the ssh authentication or login process. And although I'm aware the plural of "anecdote" isn't "data," it sure as hell didn't reduce the volume of login attempts.

Public key-only auth + strict allowlists will do a lot more for your security posture. If you feel like ssh is using enough CPU rejecting bad login attempts to actually make you notice, stick it behind wireguard or set up port-knocking.

And sure, put it on a nonstandard port, if it makes you feel better. But it doesn't really do much, and anyone hitting your host up with censys.io or any other assessment tool will see your nonstandard ssh port instantly.

Conversely, what do you gain by using a standard port?

Now, I do agree a non-standard port is not a security tool, but it doesn't hurt running a random high-number port.

> Conversely, what do you gain by using a standard port?

One less setup step in the runbook, one less thing to remember. But I agree, it doesn't hurt! It just doesn't really help, either.

it did for me.

I've tried using a nonstandard port but I still see a bunch of IPs getting banned, with the added downside of if I'm on the go sometimes I don't remember the port

Underrated reply - I randomize the default ports everywhere I can, really cuts down on brute force/credential stuffing attempts.

or keep the port and move to IPv6 only.

>Maybe not in the strict sense, but it kind of has.

>In the enterprises I've worked in the past decade with IPv6 running, at least 75% of the Internet traffic is IPv6.

Nobody cares about those. What matters is if my device has an IPv6 address assigned.

Ok then: most people in the US do. The rest of the world is looking increasingly ipv6 too: https://www.google.com/intl/en/ipv6/statistics.html#tab=per-... India is 71% IPv6 (probably thanks to Jio), China has it in its 5 year plan, Europe is doing well, etc

Wasn’t it mandated for 4G? Or at least 5G?

IIRC LTE had licensing shenanigans which made v6-only cheaper, and 5G doubled down on them

> at least 75% of the Internet traffic is IPv6.

> Nobody cares about [that]. What matters is if my device has an IPv6 address assigned.

This seems to be the weird dichotomy in these comments. Some people are arguing from the position that is absolutely everywhere and is doing great.

Others are saying since their machine doesn’t show it it’s dead and no one cares.

Is there a term for this? A successful failure? A failed success?

Kind of odd.

It is why the Google IPv6 stats fluctuate between weekends/holidays and weekdays. IPv6 is much more prevalent on home and mobile networks so increase on non-work dyas. Companies have IPv4 networks that they don't want to upgrade. We have dichotomy where 50% of clients have IPv6, but most of the small sites do not.

The other thing I have seen is that engineers make things complicated. Normal person has IPv6 enabled by default or enables it in router, and it just works and they never notice. Engineers want to configure things manually, but IPv6 is hard if fight against the dynamic defaults.

Maybe the False Consensus Effect?

https://en.wikipedia.org/wiki/False_consensus_effect

Anecdotal stalemate.

I use this argument, because HN also tries to do the reverse when someone suggests a protocol/addition/replacement to either TCP or HTTP. Then suddenly it's important what shitty company networks do. It's still not.

yes

From my observation Mattermost is not a software you buy "support" for. It either works and is self-manageable or you use something else. I guess Mattermost (as in the company) saw that too and now uses shitty practices to coerece people into buying it.

Yet.

Yes. This discussion is now. Not in a future which may not arrive.