Federated Republic of Sean @freakazoid@retro.social

This would ALMOST work using git's built-in server, but signed commits or tags aren't what I want, nor do I want GPG; I want a metadata file signed with minisign.

I'm probably overthinking this. Is knowing to the second how far behind you are really worth having to keep an unencrypted private key available to the server to sign metadata on the fly?

To handle directories that can be updated in more than one place, the signed message should also include the current vector clock, since seeing an empty update from one source doesn't actually mean there hadn't been updates on other sources. Or just use Git and have the master branch be an automatically-merged version of all sources.

I should just sit down and implement this for a set of manually configured peers over Tor.

If you're getting updates about a directory through gossip, it would be helpful to know if the lack of an update is due to replication lag or because no updates have been made. Therefore I propose that servers always exchange a signed, timestamped message on every sync that can be kept with the directory. That way you can always know how far behind your copy is, even if your machine only ever hears from untrusted third parties.

Update: Never mind. Despite there being a lightning bolt next to the USB-C port, it can't actually charge that way. The lightning bolt is between the power port and the USB-C port.

I suspect that, assuming it isn't already happening, it won't be long before we see attacks on developer tools (not libraries; that's already happening and is a direct supply chain attack) with the intent of inserting exploitable bugs into the software they're working on. The tool could even check against Git to see if there are already big diffs to increase the chance that its change will go undetected.

Even when companies start managing their third-party dependencies well, a lot of tools used by developers also come from the security nightmares known as NPM, RubyGems, and DockerHub. And with the number of developers on any given project, it's much easier to squeeze something in that won't get caught quickly.

There have been attacks on developer tools, but the ones I know of have been targeted at the developer themselves, going after crypto wallets etc...

@thegibson I'd try VirtualBox but I know Docker for Windows only works with Hyper-V so I'd rather stick with Hyper-V (I'm trying to make Vagrant work ATM).

@thegibson Any experience with Symantec Endpoint Protection and/or Hyper-V? I suspect the former may be interfering with the latter; I get "Hyper-V encountered an error trying to access an object... because the object was not found." The virtual machine management service is running. I tried enabling Control Flow Guard like some answers online suggest, but it hasn't helped (and enabling DEP as well prevents the Symantec Endpoint Protection console from coming up but that's another story).

I am pretty sure the only reason HP EliteBooks still have their proprietary power connector despite having USB-C is so that enterprise IT departments can continue to make use of their huge stashes of HP power supplies. The power supply this client gave me is even an older one with an adapter to make it fit the smaller port. I've plugged the laptop into my 30W USB-C brick instead.

Of course, there's just the one port, and it probably doesnt support video.

I would really love to just take the TV off the WiFi and play everything through Kodi on the RPi 3+, but neither Kodi nor VLC is able to play video for some reason. Maybe something related to the hardware decoding support.

In fact, I can make them watch better videos on YT for a while just by playing a bunch of decent ones, potentially after clearing their watch history. But if I let them have control of the TV for a while it doesn't take very long until YT is only recommending utter garbage to them.

We can't lock down YT or even block the app because I declined all the agreements on the TV, which breaks a bunch of features while also getting rid of the more obnoxious advertising.

When my kids choose what they watch on Netflix they generally pick shows with some redeeming value, and they'll watch episodes all the way through. If they're watching YouTube, they go straight to complete garbage and often don't even watch episodes all the way through. Any time they use Prime Video lately they go straight to shows that are also on YouTube. I suspect the main issue is that both YT and Prime use recommendation systems that tend to produce echo chambers.

The more I rewrite history in Git, the more I become convinced that its use should be very limited, because any work that crosses branches completely loses the benefit of history if you rewrite (for example by rebasing), and you end up having to try to find common commits by looking at the log messages.

Found this FAQ that covers much of what my earlier black hole thread was about. One of the things I missed that seems obvious in retrospect is that someone falling into a black hole won't see the universe end. If you could somehow hover just outside the event horizon you would, but that would require as much energy as accelerating to a speed that would give you a similar time dilation in flat space. https://apod.nasa.gov/htmltest/gifcity/bh_pub_faq.html

It takes place in a fictional universe in which some cops aren't bastards.

I am pretty sure everyone has used that phrase with me on here, I've immediately blocked them. That's one of those phrases where if I have a lot of respect for someone and they know me reasonably well it will make me listen, and if not it's just going to convince me they're an idiot or trying to gaslight me.

And of course he ended his gaslighting reply with "you're better than this".

I am way fucking better than that. Just not in the way I imagine he meant.

If I seem to be being a little ungenerous, that could be because I've left out his gems of arguments for why the "ra ra Europe" post he shared wasn't white supremacism:

1. Poster has criticized Trump so can't be a white supremacist
2. The Roman Empire was multicultural
3. There have also been non-European colonizers

After that he turned to full-on gaslighting, saying I was seeing things that weren't there, that I've done it multiple times, and so on. That was when I blocked his ass.

Err I mean they literally asked to follow me. I didn't because I knew I'd unfollowed them before even though I'd forgotten why. I am pretty sure at this point it was because they post and boost a lot of idiotic garbage. I said as much, though more diplomatically, when they said they thought they'd followed me previously, *and I promised to give them feedback instead should I consider unfollowing them again*.