I’m not sure how much actual effort it takes to make sure Plasma keeps compiling for X11, but based on the wording from the blog post it sounds like they’re exerting pretty much as little effort as possible. I would say with the recent uptick in leading-edge distros moving to Wayland it’s only a matter of time before almost no one is left on X11, which will deprioritize it even further. Pulling the plug on X11 today is premature given how many people are still running it (SteamOS uses it by default, for example), but I think their ~2 year estimate sounds about right for letting off the gas and putting a hard stop on support.

Okay, but I did just find this game, and it’s a free game that I’m pretty sure already hit mega-popularity back a year ago, so I don’t know what advantage astroturfing on the tiny threadiverse would serve. I’ve just been having fun with it today and wanted to post about it somewhere.

Also consider that you’re adding another party that you need to trust to the chain, and also adding another point of failure if iodéOS stops releasing.

I’ve been using this a lot lately, and it’s been great after a bit of a learning curve. It even incorporates some of the functionality from the addons and userscripts that I needed for YouTube, like getting rid of clickbait titles/thumbnails and blocking specific channels. Since you never really have a tracking profile when using YouTube this way, it’s very obvious when YouTube is trying to shoe-horn in political channels and clickbait, and you can just continually keep blocking those channels in the recommended section until you get all of them. I’m still missing a way to boost the volume on certain videos that are too quiet for me, though. I use LibRedirect to auto-open YouTube links in FreeTube. FreeTube has occasionally broken because of YouTube API updates, which requires them to figure out the problem and push a new FreeTube release (which could take a day or more), but other than that I’m fairly happy with it.

I don’t have any experience with iCloud Private Relay, but I’d be surprised if enabling it will make you un-fingerprintable (in which case what are you really trying to accomplish by using it?). Also, who are you trying to stay private from? Do you personally believe that Apple and/or Cloudflare aren’t selling or trading your data? Would you be okay with them being the only ones that control your data if they’re not selling it? It’s a nuanced topic, and likely you’re the only one that can answer your position on that. It’s cliché, but defining a threat model can help a lot with deciding how many conveniences you are okay with giving up. I would likely argue that an Android phone with LineageOS can be made more private than an iPhone, but at the cost of security. Does your threat model need to sacrifice privacy for security?

Regarding iPhone vs Android, I’ve only ever used Android, but my friends with iPhones and Macs never seem to have access to the open-source software that I use and recommend, so I feel like that’s a big part to consider also. You’ll get roped into a proprietary ecosystem where it seems like every little app is trying to charge you money and won’t show you what it’s doing behind the scenes. If you already have an iPhone I’d understand if you need to weigh the economic feasibility of buying an entire new phone just for privacy as well.

Personally, I don’t really trust anything unless I’m given infallible reason to trust it, e.g. cryptographic proofs, audits, zero-trust models etc.; in this world it seems inevitable that someone will take advantage of your trust either today or tomorrow. If someone is truly on your side, they will do everything they can to take the need to trust them out of the equation, and failing that they should make it as clear as they can what trust is still mandatory and why. If you want to trust someone that doesn’t meet these standards, you do so basically at your own risk, and you’ll have to start doing some mental calculus on what they could get from you, what they might want it for, and how eager you think they would be to start misusing it (e.g., if you pay for a service, the servicer may feel less compelled to subsidize their income by selling your data).

I’m speaking from an American POV on credit cards: getting a good credit score requires doing a lot of things that don’t really make sense. I’d just make your peace with that and play the game. Opening as many credit cards as possible, never missing a payment, and sending a small payment through each one once a year to keep them active is an extremely good way to build a solid credit score. Before you read further, please note that opening credit cards temporarily dips your credit score due to hard inquiries, but all forms of credit score dings are removed after a specific amount of time based on their severity; generally you can expect hard inquiries to go away after ~12 months.

The system encourages you to have a lot of accounts, and it encourages you to have a long average account age. People who never use credit cards may have a poor credit score due to lack of history, and people who only have ~one long-running credit card will have a fragile credit score due to the average account age being prone to literally breaking in half as soon as they open any other credit account. Opening as many accounts as early as you can will temporarily dip your score, but it will come back much stronger. Sometimes you’ll get rejected for a credit card and will still have to eat the hard inquiry, so it’s a delicate game of trying to open accounts and also trying not to appear too desperate. Having a lot of income also helps credit card companies be more amenable to your thin history.

Also as a last note since you seem like someone who “takes money seriously” enough to not be in debt: at least in America, credit cards are great for your finances as long as you pay them off. Credit cards do not charge you any interest or fees as long as you pay your balance on time, and generally you shouldn’t be applying for any credit cards that have an Annual Fee charge. It’s not too hard to get an unconditional 2% cashback card, which means they will give you 2 cents back for every dollar you spend (this doesn’t count as taxable income). You can further diversify to get specific 5% cards for your most-used categories like gas and utilities.

I’m not a security expert by any means, but here are a few things I know as a regular user:

Always keep your system up-to-date and only download and execute software from the official Arch repository if you can help it. Malware often takes advantage of outdated systems that don’t have the latest security patches, so by staying as up-to-date as possible you’re making yourself a very difficult target. The AUR is a user-based repository and is not inherently trusted/maintained like the official Arch repos, so be careful and always read PKGBUILDs before you use AUR software. Don’t use AUR auto-updaters unless you’re reading the PKGBUILD changes every time. Ideally try not to use the AUR at all if you can help it; official Arch Linux is usually quite stable, but AUR software is often responsible for a lot of the “breakages” people tend to get with Arch. If you have to run sketchy software, use a virtual machine for it, as a 0-day VM escape is almost certainly not going to happen with any sort of malware you’d run into. ClamAV or VirusTotal may also help you scan specific files that you’re wary of, but I wouldn’t trust that a file is clean just because it passes an AV check. Also, never run anything as root unless you have a very specific reason, and even then try to use sudo instead of elevating to a full root shell.

Don’t open up any network ports on your system unless you absolutely have to, and if you’re opening an SSH port, make sure that it: isn’t the default port number, requires a keyfile for login, root cannot be logged into directly, and authentication attempts are limited to a low number. If you’re opening ports for other services, try to use Docker/Podman containers with minimal access to your system resources and not running in root mode. Also consider using something like CrowdSec or fail2ban for blocking bots crawling ports.

As far as finding out if you’re infected, I’m not sure if there’s a great way to know unless they immediately encrypt all your stuff and demand crypto. Malware could also come in the form of silent keyloggers (which you’d only find out about after you start getting your accounts hacked) or cryptocurrency miners/botnets (which probably attempt to hide their CPU/GPU usage while you’re actively using your computer). At the very least, you’re not likely to be hit by a sophisticated 0-day, so whatever malware you get on your computer probably wants something direct and uncomplicated from you.

Setting up a backup solution to a NAS running e.g. ZFS can help with preventing malware from pwning your important data, as a filesystem like ZFS can rollback its snapshots and just unencrypt the data again (even if it’s encrypted directly on the NAS). 2FA’ing your accounts (especially important ones like email) is a good way to prevent keyloggers from being able to repeat your username+password into a service and get access. Setting up a resource monitoring daemon can probably help you find out if you’re leaking resources to some kind of crypto miner, though I don’t have specific recommendations as I haven’t done this before.

In the case of what to do once you’re pwned, IMO the only real solution is to salvage and verify your data, wipe everything down, and reinstall. There’s no guarantee that the malware isn’t continually hiding itself somewhere, so trying to remove it yourself is probably not going to solve anything. If you follow all the above precautions and still get pwned, I’m fairly sure the malware will be news somewhere, and security experts may already be studying the malware’s behavior and giving tips on what to do as a resolution.

They could be you! They could be me! Admittedly, there’s a higher chance that it’s me.

I haven’t used Arch in a while but from this news bulletin it looks like the [Community] repository doesn’t even exist anymore, which is where the OP article supposedly says rye-init resides.

That makes a lot of sense, thanks.

Ugh, that’s really unfortunate. I will probably just disable voting buttons for myself if that ends up being the case.

I don’t really know what’s stopping someone from creating 100 alt accounts without private voting though? If the voting ID is consistent and you can take punitive action on the voting ID, it seems the same as if the person had a cleartext name. The real problem is that an instance is allowing these 100 alt accounts to sign up and manipulate votes, which I assume there are already solutions/measures for?

Don’t mind me though, I’m fairly new to all this, and I’m sure everyone’s thought of all these vectors before. I just hope that there is some sort of middle ground that doesn’t inevitably allow mass data harvesting.

I am paid a fuck-ton so my answer is definitely yes, but I really think it would vary person-by-person. “Should” people need to work 5 days per week to get that pay? My answer is probably no.

This might be the funniest possible direction for this to go. Purported savior of X11 and anti-DEI dogwhistling developer writes X11 code so bad, asked to leave commit history.

My corporate job is one of the better ones in terms of pointless BS and people pretending to be their corporatesonas, but every time I take time off I’m reminded that we’re wasting our entire lives with work. I take a few 4-day work weeks and suddenly my house is clean again, I’m cooking more interesting meals, writing code for fun, hanging out with friends, catching up on shows, etc. Imagine how much progress, art, and innovation we could have if everyone’s natural talents and interests were given space to exist. Long-term we would have so much more of everything, and everyone would be happier and healthier. Unfortunately, short-term we’ve gotta layoff 4% of our workforce again because Mr. AI said it might make the line go up.

How so? I feel it is an example of the effect because customers are drawn in with a low price and are surprised by a plethora of seemingly-sneaky fees, which take up a large portion of the total bill. Customers feel negatively about the long list of fees and the implication that they’ve been tricked, but they wouldn’t think twice if the fees were just included in the base price. It is against their best interest to be automatically and opaquely charged for all regular services (i.e. normal airlines) instead of being transparently given the option to forego those that they do not care about (i.e., fee-based airline).

I was under the impression that it’s intentionally #1 so that other instances can still track malicious voting behavior (e.g. mass-downvoting posts in a community) of an anonymous account without knowing the real identity. But yeah I’m guessing we would need some clarification somewhere on the specifics; I tried looking for documentation on how the private voting works but couldn’t find any, and I didn’t feel like digging in the code or hitting the API just yet.

If the voting ID is static in any way, it’s still inevitably trivial to de-anonymize a user’s votes, but it would at least require a more heuristic approach (e.g. finding a thread that the user is in and checking to see if they have upvoted/downvotes any comments they’re replying to). As well, the instance tag (@piefed.ca for example) on the voting ID can narrow things down significantly when trying to figure out which user is voting.

I’m mainly just thinking about how these systems can be scraped for mass data collection by e.g. advertisers/big tech in the future. Upvotes and downvote behavior can really paint a detailed picture of someone when all data is combined.

I think the best would be disabling the ability to vote your own comment/post with your voting account.

Actually yeah this is pretty easily the best option. Just make it so that every post/comment is upvoted once with your real account, and leave any other votes to the private voting account. This feels so obvious that I’m guessing it already works this way.

I remember someone talking about an airline that advertised very low prices up-front but then added tons of fees for every individual thing, and when adding all the fees up for the service you’d expect with any other airline the end price would be the same. However, given that all the services/fees are technically optional, this is actually an ideal pricing model since you don’t have to pay for any services you don’t want.

It’s just a label that you can pick up and drop off whenever you feel like it’s convenient. The “furry” umbrella is so gigantic that calling yourself a furry doesn’t really mean anything in particular. I think this aspect is rather utilitarian as well, since all the furry subgroups are stronger and more connected under this general identity. It reminds me of how LGBTQIA+ bands together instead of fighting for “gay rights” and “trans rights” individually.

One of the more interesting perks of including yourself in the furry fandom is that everyone is welcome and usually furries are happy to help each other out just for wearing the label. Most furries lean left politically, a vast majority are queer to some degree, and usually they’re quite tech-literate, so there’s a good chance you’ll have good personality compatibility with any given furry. It’s an easy way to make friends, especially in a time when the world is so closed-off and cynical.

It’s worth noting that some people feel like they’re “born furry”, but others pick it up intentionally or just as a passing interest, so don’t be afraid that putting the label on is some sort of commitment or reveals something about you as a person. In practical terms, I would guess you probably have a pretty good idea of what specific corner of the furry fandom interests you, and I would explore more in that direction to see if there’s anything else that you might like.

It’s important to use services with a workflow that works for you; not every popular service is going to be a good fit for everyone. Find your balance between exhaustive categorization and meaningless pile of data, and make sure you’re getting more out than you’re putting in. If you do decide that an extensive amount of effort is worth it, make sure that the service in question is able to export your data in a data-rich format so that you won’t have to do it all again if you decide to move to a different tool.