• 16 Posts
  • 40 Comments
Joined 6 months ago
cake
Cake day: July 18th, 2024

help-circle



  • McVoy first blustered and threatened, but ultimately chose to go home and take his ball with him: he withdrew permission for gratis use by free software projects, and Linux developers will move to other software.

    If I remember it right, he did a lot more than that. He tried to say that one particular kernel developer who he viewed as disobedient to him would be punished by no longer being allowed to use the software. When people pointed out that this behavior was insane and would cause significant disruption to the project, he didn’t care. Then, they made the absolutely predictable choice to abandon him. Then he took his ball and went home, after everyone had already moved to a nearby park and started a new game without him.

    I might be misremembering, but that’s how I remember it happening. Instead of using git, we could all be using BitKeeper, and paying McVoy our $5/month or whatever for the privilege, because it was just as much better than everything else as git is now. But he didn’t want that, if it involved not having everything exactly the way he wanted it.


  • I know of no faster way to relegate your project to the dustbin of history.

    It happened with X. XFree86 was the graphics system you used on Linux. One developer had constant friction with the core XFree86 people, but he was also a guy who kept coming up with good and innovative ideas and making them happen, and had a lot of respect from the wider community, and so for a long time there was this uneasy tension. Finally, things came to a head:

    https://www.zdnet.com/article/dispute-divides-key-open-source-group/

    I think it took about a week after that before Keith was leading a new core group of developers and sensible people, and everyone was simply totally ignoring XFree86. All the distributions switched to Keith’s fork, xorg, which they continued to use for about 15 years, until Wayland came along.

    It stands alongside Larry McVoy telling the Linux developers they needed to jump through hoops to use his version control system, because they had no alternative, in the absolute hall of fame of completely unforced own-goals that changed the landscape of software in ways that are still felt today.

    Edit: Typo





  • I think you should share this way of looking at security with some security professionals, and see what they say about it.

    I know some people who recently wrote an article, for example, which said among some other things:

    The simple answer is that you can’t and shouldn’t trust either free or paid VPN providers. … For some, using a VPN can be as dangerous as not using one.

    And your government can seek grounds to demand access to your browsing data anytime it wants — including retroactively — which can also include demands to access data from VPN providers, defeating the very point of the privacy you sought.

    Security experts consider the Tor network the gold standard of private browsing because it allows you to access the internet without censorship or surveillance.

    Instead of relying on a single tunnel to hide your internet traffic, Tor works by encrypting and routing users’ internet traffic through thousands of servers around the world, shielding their activity from other servers and the outside world. Because of Tor’s implementation, no single Tor server can see your browsing data. That means even if a Tor server is compromised, the attacker still cannot access the users’ browsing data within.

    Because Tor is open source, anyone can inspect its source code to ensure that it’s safe to run.

    And so on.

    You’re not wrong that a VPN will shield your non-web traffic, and if you’re doing something sensitive outside of HTTPS and the associated DNS, then Tor won’t help. It also won’t prevent someone from stealing your car or breaking into your house. And, the same very serious vulnerabilities that apply to free or commercial VPN providers will apply to all of that non-web traffic.

    The same article with the above useful tidbits of information also includes a guide to setting up your own VPN, which can be made actually extremely secure against some threats, if you do want to secure non-web traffic. Tor is still much better at protecting your web traffic, assuming that you’re doing something for which it is suitable.

    Hope this helps. Let me know if you have any questions.


  • Tor is for oppressive countries where anonymity and misdirection are more important than performance. It’s literally worse than a VPN in every single way unless you’re concerned with a major country coming for your head.

    So it’s… … more secure? I generally agree with this statement. The performance is worse, which makes it unsuitable for some things.

    VPN is not “a browser”, it’s a network stack. It is separate from whatever you use for a browser. If you use Tor, you still use a browser.

    Yes, which makes it kind of silly that you originally highlighted a vulnerability in the browser as a problem with Tor. Tor is also a network stack, but it’s most often used through a bundled-in specific Tor browser, which sometimes has vulnerabilities. Most VPNs don’t bundle a browser, but the browser that’s using the VPN still sometimes has vulnerabilities. They stand in exactly the same relationship, in terms of vulnerabilities in the browser. Neither one is better than the other. That’s the point that I was making. I can absolutely assure you that I understand the technologies involved.




  • I typed up a long sarcastic response as to why this isn’t true, but I think I’m going to let you keep believing these things. If you think VPN-using browsers do not have vulnerabilities that need updates to fix actively exploited vulnerabilities, or that data is protected between the exit node of a VPN and the end path, then I’m going to let you keep thinking those things. I’ll never stand between a person and their dreams.


  • You shouldn’t use it for torrenting

    True.

    it’s frequently targeted by intelligence agencies for IP unmasking

    I would take issue with “frequently,” in the grand scheme of things, but yes. It is a sufficient level of protection that state intelligence agencies have to have specific methods, which sometimes work and sometimes don’t, to try to specifically attack one specific actor on Tor if they care enough to do it. In contrast to a VPN, which any bumbling fuckhead in more or less any jurisdiction can generally defeat with a single subpeona, and even a fairly stupid intelligence agency can defeat without blinking.

    Tor sucks

    Your axioms don’t add up to your theorem. There are cases where a VPN is better, torrenting being one of them, that part is true.



  • I like how the article boils down to, “Except for some isolated use cases, Tor is far superior to a VPN in both cost and safety,” and a lot of the comments boil down to “YEAH VPNS ARE GREAT GET A VPN.”

    It is okay to read the article before writing a comment, guys. In some circles, it’s even encouraged, because you might learn something.








  • PhilipTheBucket@ponder.cattoSelfhosted@lemmy.worldMy thoughts on docker
    link
    fedilink
    English
    arrow-up
    33
    arrow-down
    3
    ·
    1 month ago

    It’s hard for me to tell if I’m just set in my ways according to the way I used to do it, but I feel exactly the same.

    I think Docker started as “we’re doing things at massive scale, and we need to have a way to spin up new installations automatically and reliably.” That was good.

    It’s now become “if I automate the installation of my software, it doesn’t matter that the whole thing is a teetering mess of dependencies and scripted hacks, because it’ll all be hidden inside the container, and also people with no real understanding can just push the button and deploy it.”

    I forced myself to learn how to use Docker for installing a few things, found it incredibly hard to do anything of consequence to the software inside the container, and for my use case it added extra complexity for no reason, and I mostly abandoned it.


  • It’s part of a longstanding tradition of abandoning our less powerful allies once their usefulness to us is at an end. Our South Vietnamese friends, then the Afghans, then the Kurds, the Iraqis, the Afghans again, and now I’m sure there are some people in Syria whose day is coming due.

    The difference is that Trump is planning to do it to everyone, on purpose, before their usefulness is even at an end, for no reason at all. Not just people who were forced into their alliance in a desperate time of need, but people who were doing perfectly fine in their civil society in whatever corner of the world, who opted on their own to help us out, are now going to be getting killed because they did. Maybe along with their families.