Reverse proxies aren’t DNS servers.

The DNS server will be configured to know that your domain, e.g., example.com or *.example.com, is a particular IP, and when someone navigates to that URL it tells them the IP, which they then send a request to.

The reverse proxy runs on that IP; it intercepts and analyzes the request. This can be as simple as transparently forwarding jellyfin.example.com to the specific IP (could even be an internal IP address on the same machine - I use Traefik to expose Docker network IPs that aren’t exposed at the host level) and port, but they can also inspect and rewrite headers and other request properties and they can have different logic depending on the various values.

Your router is likely handling the .local “domain” resolution and that’s what you’ll need to be concerned with when configuring AdGuard.

It isn’t, because their business practices violate the four FOSS essential freedoms:

1. The freedom to run the program for any purpose
2. The freedom to study and modify the program
3. The freedom to redistribute copies of the original or modified program
4. The freedom to distribute modified versions of the program

Specifically, freedom 4 is violated, because you are not permitted to distribute a modified version of the program that connects to the Signal servers (even if all your modified version does is to remove Google Play Services or something similar).

This particular scenario involves the MacOS desktop app, not the phone app. The link is showing just an image for me - I think it’s supposed to be to https://stackdiary.com/signal-under-fire-for-storing-encryption-keys-in-plaintext/

That said, let’s compare how it works on the phone to how it could work on MacOS and how it actually works on MacOS. In each scenario, we’ll suppose you installed an app that has hidden malware - we’ll call it X (just as a placeholder name) - and compare how much data that app has access to. Access to session data allows the app to spoof your client and send+receive messages

On the phone, your data is sandboxed. X cannot access your Signal messages or session data. ✅ Signal may also encrypt the data and store an encryption key in the database, but this wouldn’t improve security except in very specific circumstances (basically it would mean that if exploits were being used to access your data, you’d need more exploits if the key were in the keychain). Downside: On iOS at least, you also don’t have access to this data.

On MacOS, it could be implemented using sandboxed data. Then, X would not be able to access your Signal messages or spoof your session unless you explicitly allowed it to (it could request access to it and you would be shown a modal). ✅ Downside: the UX to upload attachments is worse.

It could also be implemented by storing the encryption key in the keychain instead of in plaintext on disk. Then, X would not be able to access your Signal messages and session data. It might be able to request access - I’m not sure. As a user, you can access the keychain but you have to re-authenticate. ✅ Downside: None.

It’s actually implemented by storing the encryption key in plaintext, collocated with the encrypted database file. X can access your messages and session data. ❌

Is it foolproof? No, of course not. But it’s an easy step that would probably take an hour of dev time to refactor. They’re even already storing a key, just not one that’s used for this. And this has been a known issue that they’ve refused to fix for several years. Because of their hostile behavior towards forks, the FOSS community also cannot distribute a hardened version that fixes this issue.

They probably have experience with Spring

Yeah, this is just an issue with the Lemmy post’s title. The article is clear that 15% are using controllers now, up from 5% in 2018.

I understand that

I’m not convinced

It’s largely the first one, at least according to The Man Who Killed Google Search.

See also the Hackernews discussion and this follow-up article by the same author (with links to an article with Google’s response, summaries of other discussions on the topic, etc.)

the proof is in the pudding with this one

It isn’t.

as you must also ask yourself why E15 is banned during summer months in the first place.

I did. And I shared that in my comment above.

Your source doesn’t share any data on the topic, even just as a summary, but it links to summertime smog, which links to “smog-causing pollutants”, which says:

Section 211(h)(1) of the Clean Air Act prohibits the sale of gasoline that has a Reid Vapor Pressure greater than 9.0 psi during the “high ozone season,” which runs from June 1 to September 15. (RVP is a measure of volatility; high-RVP gasolines release more volatile organic compounds into the troposphere where those VOCs contribute to ozone formation.) Gasoline-ethanol blends below E50 are more volatile than straight gasoline and cannot readily meet the 9.0 psi RVP requirement. Congress created a “one-pound waiver” at Section 211(h)(4) that increases the RVP limit from 9.0 psi to 10.0 psi, but—and here’s the catch—the waiver is only available to “fuel blends containing gasoline and 10 percent denatured anhydrous ethanol.” That is, only E10 can take advantage of the one-pound waiver. Although E15 is slightly less volatile than E10, its RVP still exceeds 9 psi. It needs a one-pound waiver to meet Section 211(h)’s RVP limit in the same way that E10 does, but it is not eligible for one under current law.

The article’s justification for why E15 isn’t legally permitted is that there’s a law against it, which is circular logic. From the environmental protection perspective, it doesn’t sound like there is data suggesting that E15 on its own is worse for the environment than E10. If the only argument is a legal one, it’s not a good argument.

If you can answer that question you’ll likely find the information you’re looking for.

I did, and I shared that answer in my comment above, too - but it’s not the answer you seem to think it is.

Do you disagree that the US isn’t supporting Israel, then, or do you disagree that what Israel is doing to Palestinians amounts to genocide?

Some reading for you in case you’re somehow not familiar with the topic:

• https://jewishcurrents.org/a-textbook-case-of-genocide
• https://en.m.wikipedia.org/wiki/Palestinian_genocide_accusation
• https://www.ohchr.org/en/press-releases/2023/11/gaza-un-experts-call-international-community-prevent-genocide-against
• https://worldwithoutgenocide.org/genocides-and-conflicts/israel-palestine-conflict-history-causes-and-international-law
• https://news.un.org/en/story/2024/03/1147976
• https://www.972mag.com/lavender-ai-israeli-army-gaza/
• https://www.bbc.com/news/world-middle-east-67922346

Even if the international courts don’t rule that Israel is committing genocide, that will necessarily have been influenced by the United States’s close ties to Israel, so that they haven’t yet said whether it is or isn’t genocide is irrelevant. According to the evidence we have, it is.

That said, see also the intro of https://en.m.wikipedia.org/wiki/Native_American_genocide_in_the_United_States

Others, like historian Gary Anderson, contend that genocide does not accurately characterize any aspect of American history, suggesting instead that ethnic cleansing is a more appropriate term.

I’ve seen that same statement by people opposed to the use of the word “genocide” when talking about Israel’s genocide of Palestine, and it’s just as credible there as when “historian Gary Anderson” said it. At best, such a stance is pedantic; at worst, it supports Israel’s genocide by denying and enabling it.

Afaict from reading that (and one of the sources, and its source) it boils down to the fuels’ “RVP levels” (which have an impact on volatility and the amount of VOCs given off) being past a particular threshold. E10 is also past that threshold, but it has an exception that E15 doesn’t have. However, by that same measure, E15 is less volatile than E10.

The author also expressed concern about expanding corn production as a result of expanded E15 and that there haven’t been sufficient studies on the impact of E15 on the environment (particularly in the summer months). But that’s also paired with a statement saying that “consumers don’t want E15,” which detracts from the previous arguments; if true it means their impacts, if any, would be minimal.

I didn’t read every link from that page but none gave a better reason.

My takeaway is that it sounds like we don’t have any data showing that E15 is worse than E10, so the obvious move is to actually start funding those studies.

I also found https://foe.org/blog/2012-05-understanding-e15/ which is very anti-E15; however I wasn’t able to verify their claims because none of the linked articles loaded for me.

Looks like we found the target audience for that app!

If your Java dev is using Jackson to serialize to JSON, they might not be very experienced with Jackson, or they might think that a Java object with a null field would serialize to JSON with that field omitted. And on another project that might have been true, because Jackson can be configured globally to omit null properties. They can also fix this issue with annotations at the class/field level, most likely @JsonInclude(Include.NON\_NULL).

More details: https://www.baeldung.com/jackson-ignore-null-fields

“Glue is not pizza sauce” seems like a common fact to me but Googles llm disagrees for example.

That wasn’t something an LLM came up with, though. That was done by a system that uses an LLM. My guess is the system retrieves a small set of results and then just uses the LLM to phrase a response to the user’s query by referencing the links in question.

It’d be like saying to someone “rephrase the relevant parts of this document to answer the user’s question” but the only relevant part is a joke. There’s not much else you can do there.

Third, a redirect is obvious

A redirect isn’t necessary if you control the DNS servers. If you control the DNS servers, you can MITM the website for any visitor because you can prove that you own the domain to a certificate authority and generate a new, trusted HTTPS cert. (Depending on specifics this may or may not foil the anti-phishing capabilities of Passkeys / U2F.)

If everyone has solar panels on their roof, you can still have the central grid and you can still share power from house-to-house, though.

Generally speaking, decentralized solar refers to a centralized grid that is heavily augmented with decentralized solar, not “truly decentralized” solar.

UBI doesn’t give any power to those who own the means of automation, nor does it take power away from laborers. Automation does that. Automation reduces the leverage of the laborer by reducing the capitalist’s reliance on labor.

We have the same leverage regardless of whether we have UBI or not, but the leverage of employers is reduced with UBI. That said, if more people opt not to work thanks to UBI, then the people who choose to work will see their leverage increased.

Having centralized solar doesn’t preclude a homeowner from also installing solar, and decentralized green energy has other advantages over centralized green energy.

less wasteful

Where’s the waste? If you collect more than you use, you can store it or send it back to the grid. If this is an efficiency concern (“you’re collecting less energy than the same amount of paneling would”), then it’s not really relevant as by that same logic, not having solar is “more wasteful” than having it.

The WHO recommended a minimum indoor temp of 18º C (and a max of 24º C) for health purposes (and assuming appropriate clothing) back in 1987 (and they still stand by the lower bound, though the upper is locale dependent - e.g., 21-22º in Boston vs 30º in Thailand), so I’m not surprised that dipping below that is unpleasant.

They aren’t. From a comment on https://www.reddit.com/r/ublock/comments/32mos6/ublock_vs_ublock_origin/ by u/tehdang:

For people who have stumbled into this thread while googling “ublock vs origin”. Take a look at this link:

http://tuxdiary.com/2015/06/14/ublock-origin/

"Chris AlJoudi [current owner of uBlock] is under fire on Reddit due to several actions in recent past:

• In a Wikipedia edit for uBlock, Chris removed all credits to Raymond [Hill, original author and owner of uBlock Origin] and added his name without any mention of the original author’s contribution.
• Chris pledged a donation with overblown details on expenses like $25 per week for web hosting.
• The activities of Chris since he took over the project are more business and advertisement oriented than development driven."

So I would recommend that you go with uBlock Origin and not uBlock. I hope this helps!

Edit: Also got this bit of information from here:

https://www.reddit.com/r/chrome/comments/32ory7/ublock_is_back_under_a_new_name/

TL;DR:

• gorhill [Raymond Hill] got tired of dozens of “my facebook isnt working plz help” issues.
• he handed the repository to chrismatic [Chris Aljioudi] while maintaining control of the extension in the Chrome webstore (by forking chrismatic’s version back to himself).
• chrismatic promptly added donate buttons and a “made with love by Chris” note.
• gorhill took exception to this and asked chrismatic to change the name so people didn’t confuse uBlock (the original, now called uBlock Origin) and uBlock (chrismatic’s version).
• Google took down gorhill’s extension. Apparently this was because of the naming issue (since technically chrismatic has control of the repo).
• gorhill renamed and rebranded his version of ublock to uBlock Origin.

Is it possible to force a corruption if a disk clone is attempted?

Anything that corrupts a single file would work. You could certainly change your own disk cloning binaries to include such functionality, but if someone were accessing your data directly via their own OS, that wouldn’t be effective. I don’t know of a way to circumvent that last part other than ensuring that the data isn’t left on disk when you’re done. For example, you could use a ramdisk instead of non-volatile storage. You could delete or intentionally corrupt the volume when you unmount it. You could split the file, storing half on your USB flash drive and keeping the other half on your PC. You could XOR the file with contents of another file (e.g., one on your USB flash drive instead of on your PC) and then XOR it again when you need to access it.

What sort of attack are you trying to protect from here?

If the goal is plausible deniability, then it’s worth noting that VeraCrypt volumes aren’t identifiable as distinct from random data. So if you have a valid reason for having a big block of random data on disk, you could say that’s what the file was. Random files are useful because they are not compressible. For example, you could be using those files to test: network/storage media performance or compression/hash/backup&restore/encrypt&decrypt functions. You could be using them to have a repeatable set of random values to use in a program (like using a seed, but without necessarily being limited to using a PRNG to generate the sequence).

If that’s not sufficient, you should look into hidden volumes. The idea is that you take a regular encrypted volume, whose free space, on disk, looks just like random data, you store your hidden volume within the free space. The hidden volume gets its own password. Then, you can mount the volume using the first password and get visibility into a “decoy” set of files or use the second password to view your “hidden” files. Note that when mounting it to view the decoy files, any write operations will have a chance of corrupting the hidden files. However, you can supply both passwords to mount it in a protected mode, allowing you to change the decoy files and avoid corrupting the hidden ones.