Only 5.5% of internet users are American. Don't assume everyone follows US customs. Some countries actually pay waitstaff well.
dan
joined 3 years ago
npm is finally going to disable postinstall scripts by default in the next major version at least, copying what other JS package managers like pnpm do. They also added a setting for minimum age (only install package versions that are at least X days old) which is meant to help too - the idea being that malware will have been detected and removed before anyone installs it.
People use third-party Linux package repos all the time though, and they have similar attack vectors. If I can convince you to add my Debian/RPM/whatever repo, I can create a package with the same name as a common one but with a newer version number, and apt upgrade will happily replace the official package with my malicious one.
This is intentional for several reasons (e.g. deb.sury.org has PHP packages that replace the official Debian ones) but I'm really surprised we don't see more supply chain attacks via third party deb/rpm repos.
Maybe it's because the barrier to entry is higher? With a custom deb repo (either self-hosted or using something like Packagecloud or Ubuntu PPA), you need to create the repo, create Debian packages, add them to the repo (eg using Aptly), GPG sign the repo, and convince people to add the repo. npm is just one repo with everything in it.
$10/mo to use my own modem
lolwut
Sounds like a way to hide the full price of the internet plan. Restaurants do this in some big cities like in San Francisco... They add junk fees like "5% employee health care mandate" rather than just increasing the menu prices.
Oh no. Not sure I want to look up what he did.
Rent-to-own isn't that common, even though maybe it should be. With most rentals (of anything) you have to keep paying indefinitely. That's why there's usually a cost/benefit analysis of renting vs owning.
Renting can sometimes be better for less tech-savvy people, since the company owns the equipment and is familiar with it, and will replace it at any point if it has issues
The article says you can still buy it at a retail store like Best Buy though.
All the data gathered by Cambridge Analytica was gathered through the public API though, after users had consented to share it (by logging into a quiz app that requested the permissions). That's why the API is very locked down now, and the approval process to get any sort of data access is very strict.
The main issue was that they gathered data from people whose profiles were set to be visible only to friends. If someone logged into the quiz and granted permissions, their friends' data was also accessible via the API.
With your idea, you either have to list a local IP in your public DNS record, or highjack your local DNS to point to the local IP. Both feel inelegant
The DNS records for your internal servers don't have to be public - they can be only on an internal DNS server if you want to do that. Only the _acme-challenge subdomain has to be public. Let's Encrypt does follow CNAMEs.
And you have to give your NAS write access to your API key of your DNS registrar
You can use a separate DNS server just for Let's Encrypt, as it follows CNAMEs. I use acme-dns for this. Let's Encrypt supports IPv6-only DNS servers so I have my acme-dns instance listening on an IPv6 address in the /64 range on one of my VPSes.
Makes sense - thanks.
Debian is ready - as of Debian Trixie (released in August 2025), all software in the official repo is being compiled with 64-bit time. https://wiki.debian.org/ReleaseGoals/64bit-time
For your home NAS, I'd recommend using Let's Encrypt with Certbot. You can use it for internal systems, as long as you have a real domain name. Use DNS verification instead of HTTP. Renewal isn't an issue if it's entirely automated.
Doesn't the water evaporate and become part of the water cycle? Water can't just disappear? Maybe I'm missing something.
It would be good to cut down water usage... Not just for data centers but also for things like lawns and golf courses.
The thing I don't understand is that even in states that have better minimum wages, the same tips are still expected.
California has the same minimum wage for both tipped and non-tipped jobs, yet one person working a minimum wage job can be paid significantly more than someone else also working a minimum wage job, just because they work in a position that's customarily tipped.