Recurring incidents like these raise the question, how does one strike a balance?

Relentlessly reporting theoretical vulnerabilities can leave open-source developers, many of who are volunteers, exhausted from triaging noise.

On the flip side, would it be ethical if security practitioners, including novices, sat on what they thought was a security flaw—so as not to inconvenience the project maintainers?

This was already answered in the article: verify your security findings. Make a POC that actually exploits the vulnerability, then submit it with your report.

Polite

I like getting Bee-link boxes - they can be upgraded to 64gb RAM, have plenty of CPU, and can have two drives. I run Proxmox on them and make VMs that then run my services in docker.

There’s been a lot of talk about N100s as well. I haven’t looked into them much, but I assume they should be similar. Looks like their max memory is 16gb. I’d stick with Bee-link.

I’m in this comment.

And you can self host it!

Also as a side note I hate how lots of places just assume you want to download their shitty spyware ridden apps or hand over your phone number or an email.

Or want notifications. No, recipe site, I don’t want desktop notifications from you.

How are you persisting Immich’s database?

I really love Proton, but I’m only using Mail, VPN, and Calendar. I kept BitWarden - already had it for a bit before Pass came about.

Oh: I’m also using SimpleLogin. Love that.

Sanity supporters mostly back Sanity in 2024 election because they oppose Dumpster Fire, poll finds

Fuck all these men who think they own the women in their lives. The women are not the ones bringing shame on your families; you are.

I feel like intent should matter? And authority? You can’t just leak information and say it’s licensed now. The person who published it both didn’t intend to do it and didn’t have authority to release it.

I think you dropped this: \

I definitely trust Proton much more than I trust myself.

If you’re not paying for a service, you’re likely being monetized by watching ads or providing personal data to companies that don’t necessarily have your best interests at heart.

This is a bit out of date. Nowadays, you pay for the service and are monetized by watching ads and providing personal data to companies that definitely don’t have your best interests at heart.

You typically image directly onto the SD card for a Raspberry Pi, not off a bootable drive.

Note that the people verifying that picture are not the people who set the policies or systems in place. You abused an innocent who’s just trying to earn some bread, you didn’t send NSFW materials to Zuck.

Why would you need to continue using the self-signed certificates for the Cloudflare connection? Just use the valid certificate for all connections.

Connections nowadays…

We never weren’t (apparently).

1. Touchscreen. Needs physical buttons.
2. Has too much functionality. Not good for sleep hygiene.