SMillerNL

Senator Hanson mocked and vilified an entire faith, a faith observed by nearly a million Australians ... I've never seen someone be so disrespectful to (the parliament).

Maybe not updating bot mitigation fast enough would cause an even bigger outage. We don’t know from the outside.

It wasn’t an unintentional update though, it was an intentional update with a bug.

5 minutes of uninterrupted DDoS traffic from a bot farm would be pretty bad.

Yes, because scale is not the same as redundancy.

Scale, they need worldwide coverage.

https://mastodon.world/@Mer__edith/115445705126997025

That might be true, I don’t know much about GrapheneOS. But I do know that users of open source projects expecting changes to come out of thin air, and filing bugs when they don’t, is hurting the volunteers behind open source projects. So we should all make sure to volunteer some of our own time or money to keep the projects we love going, instead of just expecting them to fix the things we dislike.

Theoretically it might be, but it’s another patch you’ll have to maintain

But if Graphene chooses not to do this, they diverge from the Android project. Which will take more time to maintain the project which will ultimately lead to more developers burning out and dropping out of the project.

It doesn’t need to be affected, but most open source projects don’t have the resources to keep going against big companies when most of their users aren’t contributing.

Does that contradict what I said? Sure, HTTP 1 is still widely used, but without TLS you can’t use anything else.

For SMS we don’t have a choice, but if you configure your own web server you do have a choice.

It's my understanding that https provides encryption for the data sent between you and the server. If you're not sending any sensitive data, then the encryption shouldn't be necessary.

As others have pointed out, everything can be sensitive. If I’m self hosting nextcloud instance with chat that under British law should check for age… self hosting is now sensitive.

In addition to that, without a secure connection you’re stuck with HTTP/1.1 from 1999 instead of the modern 2 or 3 versions.

I also believe it's possible to set up HTTPS encryption without a domain name, but it might result in that "we can't verify the authenticity of this website" warning in web browsers due to using a self-signed certificate.

You can: https://letsencrypt.org/2025/07/01/issuing-our-first-ip-address-certificate

It’s used for cooling, so in the atmosphere.