Here’s the actual paper of the technology (Prio) that it’s based on.

Some problems stand out:

• It requires that the organisations (Mozilla and ISRG) not collude to decrypt the secret share (probably reasonable)
• The paper suggests registering end users to protect against Sybil attacks.
• The scheme requires the organisations to correctly withhold results from advertisers until there are sufficient results.

I’m not overly familiar with the tech stack but I’d be concerned about browsers using a persistent UUID to send impressions to Mozilla’s API.

The biggest elephant in the room is that seemingly nobody wants the damn thing. It offers nothing to users, except maybe a good feeling inside that they’re supporting AdTech. It offers AdTech less than the current deal where they can collect obscene amounts of personal information for targeted advertising.

PSA: if your financial institution/government/<other website> is using SMS codes (aka PSTN MFA) for multi-factor authentication they are practically worthless against a determined attacker who can use SIM swap or an SS7 attack to obtain the code. Basically you are secured by a single factor, your password. If your password is compromised it may be sold via black hat marketplaces and purchased by an attacker who would then likely attempt to break that second factor.

The best way to protect yourself is to use a unique password; a password manager especially helps with this. Sometimes institutions will offer “Authenticator” (TOTP) as a second factor, or PassKey authentication, both secure alternatives to SMS codes.

Here in Aus I’m working with Electronic Frontiers Australia to try and force some change within government and financial institutions (via the financial regulator). Most banks here use SMS codes and occasionally offer a proprietary app. One of the well-known international banks, ING Bank, even uses a 4 pin code to login to their online banking portal. 😖

Unfortunately SMS codes are a legacy left from old technology and a lack of understanding or resourcing by organisations that implement it. Authenticator/TOTP tokens have been around for 16 years (and standardised for 13 years), and PassKeys are relatively newer. There is a learning curve but at the very least every organisation should at least provide either TOTP or PassKeys as an option for security-minded users.

I have a bicycle crate in my rear rack (40L from memory). I can just throw my backpack and/or shopping in there and be on my way. No issues transporting when empty. I avoid riding in the rain but I guess a waterproof bag would help for that. It’s durable, the main concern is the rear rack. I had to replace the cheaper rack that I bought last year after the welding snapped in a few places over time (I had it held together with duct tape for a while). My new rack should be much more sturdy this time around.

I have access to borrow a car which I do every few weeks so I don’t need to over engineer my bike setup too much.

Yeah it is a bit of a pain. I currently only have a few users. Tooling-wise there are ways to tail the journals (if you’re using journalctl) and collate them but I haven’t gotten around to doing this myself yet.

That’s probably a fair point. I can’t say too much as I haven’t touched Windows desktop or server too much.

Could be apples vs oranges here though as we’re talking about getting started versus well established setup, but my current employer is looking at adopting Ansible + Packer for imaging and partially Ansible-managing Windows servers where it makes sense because of limitations in SCCM and GPO. As far as I can see across the divide Windows Server isn’t all smooth sailing.

I can’t say I’ve managed Linux desktops at scale (so technically I should leave it there) but I do manage several hundred Linux VMs with Ansible, and I manage all of my PCs with Ansible. Desktops are a different ballgame to servers, dealing with end users and all, but I still don’t think it would be that hard once it’s been set up.

That sucks :( I’m pretty much in the same boat. I get to use a Linux desktop at work on the proviso that I don’t raise support requests. We use Microsoft for nearly everything so naturally it’s an uphill battle. The web UI is quite buggy and “not recommended” by my org. Teams doesn’t support Firefox so I have to run a separate browser especially for it.

But aside from interfacing with Microsoft everything just works, and really nicely.

That’s awesome - great to hear about Linux desktops bring used by non-techies especially in a company.

How was it received out of interest?

At work we use separate clusters for various things. We built an Ansible collection to manage the lot so it’s not too much overhead.

For home use I skipped K8s and went to rootless Quadlet manifests. Each quadlet is in a separate non-root user with lingering enabled to reduce exposure from a container breakout.

It’s called Microsoft Clarity, and yes, Teams does it https://clarity.microsoft.com/ https://en.wikipedia.org/wiki/Session_replay

Securing proprietary hardware against peeps installing alt OSes

Technically XFS is also a CoW filesystem, but it doesn’t have the vast array of features that ZFS does like volume management, snapshots, send/recv etc. It does have reflink support which I guess is a kind of snapshot for a file.

OpenZFS is under a completely FOSS license but it’s incompatible with the GPL and can’t really ever be merged into the Linux kernel. The workaroundids to provide it as source code which gets compiled as a module every time there’s a new kernel via dkms.

More controversially, Canonical ship OpenZFS pre-compiled in Ubuntu which some lawyers believe to be infringing on ZFS’ codebase.

Honestly the OpenZFS situation on Linux is probably the biggest single reason for the growing interest in btrfs and bcachefs, the former slowly becoming default on more Linux distros over time and lots of investment from SUSE and Facebook AFAIK.

ext3 had journaling, but not ext2. Also ext3 doesn’t really exist anymore as it was merged into the ext4 driver which can read the old format.

It is fast. It’s the recommended filesystem for MinIO and default for RHEL 7 and above. XFS and ext4 are often recommended for databases if no other filesystem-level features (like snapshots) are needed. XFS has slightly more features than ext4 like CoW and reflink support.

The company behind GitLab is seeking buyout offers, so make of that what you will.

My employer uses GitLab CE and it’s pretty good, and it is FOSS. The EE version is “open core” so not really FOSS.

If I were starting from scratch I’d be looking into Gitea/Forgejo as well.

It’s not stupid. They don’t show unverified .deb packages in software centre either.

In my country that would be a civil offence, not criminal.

I’d recommend at least taking some precautions (e.g. use TLS or Wireguard, firewall if possible).

The main reason I’ve steered clear of OpenSUSE is its commercial backing as opposed to being a true non-profit community distro like Debian or Arch.

Red Hat have influenced Fedora decisions before and obviously blew up CentOS as a RHEL clone when they had the chance. Canonical constantly make bad decisions with Ubuntu.

I will add that I’ve heard nothing but good things about SUSE and OpenSUSE. SLES sounds like a decent alternative to RHEL and the OpenSUSE community distros sound pretty solid.

Windows Vista. I absolutely decked it out with free/open source software (LibreOffice, Firefox, Thunderbird, KDE for Windows) before I dual booted Windows and eventually made a more permanent switch. Never looked back.

I did have to use Windows for my old job (Win10 from memory?) but now I have a job where I can use Linux.

Next step is to switch my partner over from Windows 11 (she’s already on board with the idea).