You’re right, I should have been more specific.
If you’re already storing your password using pass, you aren’t getting 3 factors with pass-otp unless you store the otp generation into a separate store.
For services like GitHub that mandate using an otp, it’s convenient without being an effective loss of 2fa to store everything together.
I already use pass (“the unix password manager”) and there’s a pretty decent extension that lets it handle 2fa: https://github.com/tadfisher/pass-otp
Worth noting that this somewhat defeats the purpose of 2fa if you put your GitHub password in the same store as the one used for otp. Nevertheless, this let’s me sign on to 2fa services from the command line without purchasing a USB dongle or needing a smartphone on-hand.
You may also interact with countless bots without ever knowing, because creating fake identities is free.
Maybe. Bots don’t seem currently capable of holding a conversation beyond surface level remarks. I think I tend to engage with thought-provoking stuff.
On the off chance that I reply to a bot, it is as much for my reply to be read by other humans viewing the conversation. So I don’t understand how interacting with countless bots is supposed to be such a big downside.
Plus, I don’t see how public/private key pairs prevents endless “fake” identity creation/proliferation. It’s not like you need a government-issued ID to generate them (which, to be clear, still wouldn’t be great -just got other reasons).
Fair, some people value their identity.
To be clear, I’m talking about online identities. In which case, I would argue that if you value it so much you should not delegate it to some third party network. My IRL identity is incredibly valuable to me, which is why I don’t tie it up with any online communications services, especially ones I have no control over.
For average people nothing changes, the app can hold their key for them and even offer email recovery.
…so then the app can post on my behalf without me knowing? And it’ll be signed as if I had done it myself. I don’t understand preferring this if you’re not also self hosting.
That’s something having signatures and a web of trust solves.
But as I wrote in my previous message regarding gpg signing circles (a web of trust), that doesn’t “solve” things. It just introduces more layers and steps to try and compensate for an inherently impossible ideal. Unless I’m misunderstanding your point here?
Besides, you fail to see another problem: Whichever centralized, federated site you use can manipulate anything you read and publish.
I just take that for granted on the internet. It’s true that key-signing messages should make that effectively impossible for all but the largest third parties (FAANG & nation-states). But you still need to verify keys/identities through some out-of-band mechanism, otherwise aren’t you blindly trusting the decentralized network to be providing you with the “true” keys and post, as made by the human author?
Anyway, if you don’t see a need for tools like nostr you don’t need them.
Maybe I’m not expressing myself properly; I don’t see how nostr (and tools like it) effectively address that/those needs.
Sort of like how there was (arguably still is) a need for cash that governments can’t just annul or reverse transactions of, yet bitcoin and all cryptocurrencies I’m aware of fail on that front by effectively allowing state actors (who have state resources) to participate in the mining network and execute 51% attacks.
It weirds me out that most of the arguments for nostr I come across are around how “you can’t loose your identity, it’s just a private/public keypair!”. Maybe I just don’t get banned enough to understand the perspective, but to me the real problem is the content/discussions being lost, not usernames for some corner of the web.
I really don’t care about loosing my identity on a social media website; I’ve found it healthier to view social media accounts on the same level as my customer account at my isp and power utility. When I change ISPs, the old account is closed down and I start up a new one at the other ISP. What’s important to me is the service getting delivered, not that it remembers that I’m the same person from however many years ago. It’s still the same me here in my body, interacting with the web. I know what I need from it, it doesn’t always need to remember who I am (and sometimes I’d rather it forgot or never knew in the first place).
My final point is a bit of a troll, but also kinda serious: how decentralized is it when your identity is “centralized” in your key pair? Loose your keys or loose your password to the key, and your identity is similarly effectively gone. Even worse in this case, no-one can restore it for you. Which is why I don’t tie my identity that much to any online service, especially ones I don’t host. The only thing that truly preserves my identity is the flesh-and-blood body that I inhabit (and even that isn’t fail-proof).
I’ve interacted with GPG signing circles before. So many people are losing access to their keys. So many more are considering some of their keys as compromised. In either case they’re regularly generating wholly new keys, essentially rebooting their “identity” from scratch. When they do so, they always rely on flesh-and-blood interactions to have their new identity verified and trusted by others.
Maybe it’s a question of which circles we’re involved in; mine are already regularly hopping accounts, without being forced to by bans or server outages. I’m used to interpreting the tone & content to recognize “people”, and ignoring usernames. On top of that so many people regularly change their display names on social media for vanity and expression purposes that I can’t reliably use them anyways for recognizing accounts.
I really appreciate Linus trying to tone down the nastiness in his replies over the years, but I’d be willing to let almost anything slide if it means getting a proper, old-school Torvalds tear-down of Musk.
Maybe nowadays, with Elon’s imbecility so publicly visible.
I’ve run Arch for close to 10 years, and was pretty jazzed by Musk in the early days of his presiding over Tesla and Space X. Then again, I was barely an adult at the time, and I hadn’t yet come across the first reports of terrible working conditions and his overall shittyness as a manager/exec.
For clarity’s sake: I have been daily driving Linux, specifically ArchLinux, for the past 9 years, across a rotation of laptop and desktop computers. I do almost everything in the command line and prefer it that way.
I still think if you want people to try Linux you need to chill the fuck out on getting them to use the command line. At the very least, until they’re actually interested in using Linux on their own.
Kinda disappointing.
The article is really trying to sell us, the reader, that using Linux without knowing how to use the command line is not only possible but totally feasible. Unfortunately, after each paragraph that expresses that sentiment we are treated to up to several paragraphs on how it’s totally easier, faster, and more powerful to do things via thé command line, and hey did you know that more people like coding on Linux than windows? Did you know you can do more powerful things with bash, awk, and sed than you ever could in a file manager?!
FFS vim and nano are brought up and vim’s “shortcuts” are praised… in an article on how you can totally use Linux through a gui and never need to open up the command line.
Who is this written for? outside of people who not only already use Linux but are convinced that using any other OS is both a moral failing and a form of self-harm?
In case you’re unaware, the “deep inhale” is because that phrasing is historically tied to the WINE project, as per their website (winehq.org):
Wine (originally an acronym for “Wine Is Not an Emulator”)
And at this point it’s like a 10-year old meme (if not 20) to bring it up when someone may seem unaware of the distinction between emulation and what Wine does.
It is a bit tired of a reference, and I imagine somewhat off-putting of a response to receive when you don’t know the reference yourself. The acronym is in the spirit of the GNU one (“GNU’s Not Unix”), and as the other commenters have explained the fact that wine does something different than emulation is very relevant when you get into the nitty-gritty details, so it has extra sticking power in terms of memes in linux/foss communities.
I have no idea how widespread it is among other distros, but ArchLinux’s bootable install disk/iso comes with a genfstab command that snapshots your current mount points and outputs it as a fstab.
You still need to figure out where and how to mount everything yourself, but at least it saves you from most typos that could otherwise end up in the fstab file.
Yes, sway presents itself as a drop-in replacement for i3 (just built on top of wayland instead of xorg).
I’ve used it on a Thinkpad laptop for close to 4 years, and on my desktop for the past 3.
The only problems I’ve encountered are some apps not being Wayland-compatible; xwayland makes the rendering work for those but then things like sharing a window or the entire screen don’t always work. Notably, Discord’s sharing doesn’t work, but I can use OBS to record any entire screen since [the OBS devs] put in the work to properly support Wayland.
For what it’s worth: I self-host gitea, and it gives me the possibility to import not only repos but also issues, projects, etc from GitHub, gitlab, bit bucket, and a handful of others.
I don’t know if Utterances can work with gitea’s API. If it does, then in theory you should be able to migrate to gitea from GitHub for this use case.
Not necessarily cash, but definitely a bit of luck. Some lawyers, if they think a case is guaranteed to go your way, will do the work for free in exchange for receiving a portion of the damages the final judgement will award you. Even rarer, some lawyers care enough about some issues on a personal level that they’ll work for free, or reduced rates, on certain cases.
In this case, I’m not sure there are any damages whatsoever to award to OP - a “win” is forcing the company to abide by the GPL, not pay up money. The EFF and the FSF, as others have brought up, are probably the best bet to find lawyers that would work on this case for the outcome instead of the pay.