Olivier Forget @teleclimber@social.tchncs.de

On a sales call, a prospect asked me explain security precautions I take with our servers. I struggled for a moment for a response that would make sense to someone totally unfamiliar with devops and then mumbled something about strong passwords. It worked. She signed up. 🤷‍♂️

Are there any good reasons for servers that support HTTPS to allow HTTP connections without TLS? My site currently forces HTTPS. Intuitively that seems like the right choice to me. Is there a reason I shouldn't do this?

WhatsApp Shows "From Facebook" in the splash screen now. I hope they add ads soon and people stop using the app.

1959
The physicist Edward Teller tells the American Petroleum Institute (API) a 10% increase in CO2 will be sufficient to melt the icecap and submerge New York. “I think that this chemical contamination is more serious than most people tend to believe.”

Inferences I'm taking from what I can see about the Discord/GCP outage:

1.) Discord's database and storage is effectively single homed. If they had a hot failover it woulda failed over. If they had a cold failover its cost to fail over is probably high or else they would have.

2.) Discord's DB is intolerant of single-region networking issues. Google reports 8% packet loss in one cluster in one DC, and that knocked Discord offline.

3.) Discord may or may not have backups (they better) but the restoration time for a dataset of their size would be days since it's single-homed.

4.) Discord is reliant on Google Cloud. If they had their infrastructure striped across multiple providers, see point 1.

5.) Discord has no response process for if Google Cloud just completely soils the bed, as noted by their updates saying "All we can do is wait for GCP to fix itself"

6.) Discord has no way to gracefully handle a failure between API service nodes and their monolith DB/cache. Granted the nature of the app limits what could be done, but "Wait and hope the message doesn't redline" isn't good and just increases load in a fragile situation.

Synthesis.) A major incident could knock Discord offline for days, or permanently, depending on the reliability of their backups. Absolutely have backup methods for reaching your important contacts.

I think the three R's (Reduce, Reuse, Recycle) are missing a critical fourth R. (Reduce, Reuse, Repair, Recycle)

Concorde Flight Engineer's Panel

I would use PixelFed more if, you know, posting a photo wasn't an ever-changing abysmal experience. I dislike to poo-poo on a solid FOSS project, but the lack of focus on getting something so critical to the core functionally is alarming.

I guess you can tell that Facebook has issues when you check out the “Criticism of Facebook” Wikipedia page and find it's 34,000 words long. That's 2,000 words longer than The Time Machine by H. G. Wells 😂

Times I've invoked Google Chrome's "Pull to Refresh" page:

87,569

Times I've done so intentionally:

0

Times I've lost state invoking Google Chrome's "Pull to Refresh Page":

87,569

Times I've wished Firefox's Android performance was sufficient to be able to ditch Chrome:

11,587,569

Times I've wished for a viable tablet full-Linux Android alternative:

211,1587,569

BRB expanding FOIA to private corporations

That's cool!!!!!! 😂

@alcinnz I mean, Usenet had MMF:

https://en.wikipedia.org/wiki/Make_Money_Fast

My general view is:

- Focus on *behaviour* rather than *features*

- Recognise that *complexity* enables both more bad behaviour, and can mask it.

- Reputations matter. Rather than identify *content*, track the *creators*, both good and bad.

Effective trust networks tend to be *small*. A few tens, *possibly* hundreds, of actors. Trust scales poorly.

pinebook pro day one:
it's hosed. we tried to upgrade it to debian 10, and this immediately resulted in a horrific dependency knot that not even all our strength could rip out. tomorrow, we will try to reflash it.

nice hardware, though.

Is it just me or is Safari in iOS 13 _extremely_ buggy? Especially if you have a service worker?