Every system in an RPG should be designed and tailored to max the possible immersion you can get from the game.
Having to deal with inventory management doesn’t always improve immersion. Inventory optimization doesn’t immerse me; rather, it gives me a puzzle to solve.
At that point, you could say “male characters.”
Oh 100% agreed - in this instance, it’s clear that OBS has a well maintained package that should be prioritized. But they could keep their repo first and remove OBS (and other known-to-be-well-maintained apps) from it to accomplish that.
They put their repo first on the list.
Right. And are we talking about the list for OBS or of repos in general? I doubt Fedora sets the priority on a package level. And if they don’t, and if there are some other packages in Flathub that are problematic, then it makes sense to prioritize their own repo over them.
That said, if those problematic packages come from other repositories, or if not but there’s another alternative to putting their repo first that would have prevented unofficial builds from showing up first, but wouldn’t have deprioritized official, verified ones like OBS, then it’s a different story. I haven’t maintained a package on Flathub like the original commenter you replied to but I don’t get the impression that that’s the case.
Why did Fedora make their packages take priority? Is it because the priority is otherwise random and if you don’t have a priority set, that leads to the issue they mentioned? Because if so, that sounds like a reasonable action by Fedora and like the real culprit is Flathub.
A paid skillful engineer, who doesn’t think it’s important to make that sort of a change and who knows how the system works, will know that, if success is judged solely by “does it work?” then the effort is doomed for failure. Such an engineer will push to have the requirements written clearly and explicitly - “how does it function?” rather than “what are the results?” - which means that unless the person writing the requirements actually understands the solution, said solution will end up having its requirements written such that even if it’s defeated instantly, it will count as a success. It met the specifications, after all.
You can self-host Bitwarden, too. My understanding is that VaultWarden is much simpler to self-host, though. Note that VaultWarden isn’t a “fork”; it’s a compatible rewrite in Rust (Bitwarden’s codebase, by contrast, is primarily C#).
I also use Bitwarden and strongly prefer it over every other password manager I’ve tried or investigated, for what that’s worth. I’d recommend it to 99% of non-enterprise users (it’s probably great for enterprise use as well, TBF).
The only use case I wouldn’t recommend it for is when you don’t want your passwords stored in the cloud, in which case KeePass is the way to go. To be clear, that recommendation does not apply if you’re syncing your vault with a cloud storage provider - even one you’re hosting, like SyncThing - even if your vault is encrypted. At that point just use Bitwarden or VaultWarden, because they’re at least audited with your use case in mind (Vaultwarden has only been audited once afaik, though).
Sure, but mortgage interest can easily be enough to make that worth it without any other deductions. With $300K principal and a 5% loan, that’s $15K - about the same as a single taxpayer’s standard deduction and roughly half of a married couple’s standard deduction.
Clearly they’re cosplaying as a Canonical engineer whose internal explanation and pleas for them to not take this approach fell upon deaf ears /j
If you’re a C developer who doesn’t know Rust, yes.
And it’s I who should take a course in encryption and cybersecurity.
Yes. I was trying to be nice, but you’re clearly completely ignorant and misinformed when it comes to information security. Given that you self described as a “cryptography nerd,” it’s honestly embarrassing.
But since you’ve doubled down on being rude, just because I pointed out that you don’t know what you’re talking about, it’s unlikely you’ll ever learn enough about the topic to have a productive conversation, anyway.
Have fun protecting your ignorance.
Nice try FBI.
Wouldn’t “NSA” or “CIA” be more appropriate here?
Well, if my pin is four numbers, that’ll make it so hard to crack. /s
If you’re using a 4 number PIN then that’s on you. The blog post I shared covers that explicitly: “However, there’s a limit to how slow things can get without affecting legitimate client performance, and some user-chosen passwords may be so weak that no feasible amount of “key-stretching” will prevent brute force attacks” and later, “However, it would allow an attacker with access to the service to run an “offline” brute force attack. Users with a BIP39 passphrase (as above) would be safe against such a brute force, but even with an expensive KDF like Argon2, users who prefer a more memorable passphrase might not be, depending on the amount of money the attacker wants to spend on the attack.”
If you can’t show hard evidence that everything is offline locally, no keys stored in the cloud, then it’s just not secure.
If you can’t share a reputable source backing up that claim, along with a definition of what “secure” means, then your claim that “it’s just not secure” isn’t worth the bits taken to store the text in your comment.
You haven’t even specified your threat model.
BTW, “keys” when talking about encryption is the keys used to encrypt and decrypt,
Are you being earnest here? First, even if we were just talking about encryption, the question of what’s being encrypted is relevant. Secondly, we weren’t just talking about encryption. Here’s your complete comment, for reference:
I have read that it is self hostable (but I haven’t digged into it) but as it’s not a federating service so not better than other alternative out there.
Also read that the keys are stored locally but also somehow stored in the cloud (??), which makes it all completely worthless if it is true.
That said, the three letter agencies can probably get in any android/apple phones if they want to, like I’m not forgetting the oh so convenient “bug” heartbleed…
Just so you know, “keys” are used for a number of purposes in Signal (and for software applications in general) and not all of those purposes involve encryption. Many keys are used for verification/authentication.
Assuming you were being earnest: I recommend that you take some courses on encryption and cybersecurity, because you have some clear misconceptions. Specifically, I recommend that you start with Cryptography I (by Stanford, hosted on Coursera. See also Stanford’s page for the course, which contains a link to the free textbook). Its follow-up, Crypto II, isn’t available on Coursera, but I believe that this 8 hour long Youtube video contains several of the lectures from it. Alternatively, Berkeley’s Zero Knowledge Proofs course would be a good follow-up, and basically everything (excepting the quizzes) appears to be freely available online.
it wouldn’t be very interesting to encrypt them, because now you have another set of keys you have to deal with.
The link I shared with you has 6 keys (stretched_key, auth_key, c1, c2, master_key, and application_key) in a single code block. By encrypting the master key (used to derive application keys such as the one that encrypts social graph information) with a user-derived, stretched key, Signal can offer an optional feature: the ability to recover that encrypted information if their device is lost, stolen, wiped, etc., though of course message history is out of scope.
Full disk encryption also uses multiple keys in a similar way. Take LUKS, for example. Your drive is encrypted with a master key. You derive the master key by decrypting one of the access keys using its corresponding pass phrase. (Source: section 4.3 in the LUKS1 On-Disk Format Specification (I don’t believe this basic behavior was changed in LUKS2).)
I can’t use signal.
Why? Do you not have a phone number? Is it blocked in your country? Are you legally prohibited from using software with end to end encryption?
Also read that the keys are stored locally but also somehow stored in the cloud (??),
Which keys? Are they always stored or are they only stored under certain conditions? Are they encrypted as well? End to end encrypted?
which makes it all completely worthless if it is true.
It doesn’t, because what you described above could be fine or could have huge security ramifications. As it is, my guess is that you’re talking about how Signal supports secure value recovery. In that case:
The main criticism of this is that you can’t opt out of it without opting out of the Registration Lock, that it necessarily uses the same PIN or passphrase, and that, particularly because it isn’t clear that your PIN/passphrase is used for encryption, users are less likely to use more secure pass phrases here.
But even without the extra steps that we can’t 100% confirm, like the use of the Secure Enclave on servers and so on, this is e2ee, able to be opted out by the user, not able to be used to recover past messages, and not able to be used to decrypt future messages.
You can use a controller. I got further in Dead Cells on my phone with the Backbone One than I did on my Steam Deck. Maybe the same would be true with Hades - it’s a shame the Netflix version doesn’t (or didn’t; I haven’t checked in months) support cross-save.
That’s worth considering, but it also needs to be weighed against possibly impacting their friendship if she’s not interested. I also wouldn’t recommend saying he “really likes her” if he doesn’t already like her a lot that way, but even just “I like you” would work just as well.
Liking multiple people at once is super common. The love triangle is a trope for a reason.
If you don’t like her then don’t worry about it (other than to maybe pay attention to how you’re acting around her and avoid flirting unintentionally) but if you’re interested in her, maybe try pursuing that? Flirt with her a bit and see if she reciprocates. If she likes you, there’s a good chance she’s been flirting with you and you’ve just been oblivious.
If you’re too shy to intentionally flirt, you could ask her outright, but it’d probably be better to ask her something that hints at your interest, like “I like this girl but I can’t tell if she’s into me - what sorts of signs should I be looking for?” Should be pretty obvious what you’re both saying and asking.
Learn, understand, challenge, repeat.
Learn as much as you can about all sorts of topics, even if you don’t have specific plans for those topics
Learn enough that you don’t just know the facts, but that you actually understand why things are the way they are. You should be able to predict things you haven’t yet learned if you understand the concepts. If you don’t understand something yet, keep learning.
Learn your fundamentals: language skills, math, logic, statistics, the science of research, history, politics, basic psychology, and the physics of whatever realm you’re operating in (meaning that in today’s day and age, you should learn about both real-world physics and about how information flows on the Internet).
A lot of people don’t know how to teach themselves, so it’s probably important to point out that learning to do so effectively is a big part of thinking for yourself. Learning how information is presented, as well as what’s often left unsaid, is important. Learn how to read graphs and charts and statistics. Improve your information literacy: Learn how to find credible sources, how to judge the credibility of a source, and what “credible” actually means. It doesn’t mean infallible.
As a general rule, don’t accept a fact until you have multiple credible confirmations of it. That might not be possible, but when information comes from untrustworthy sources, remember that. Learn the difference between something that you’ve learned and accepted and something that you’ve just heard on social media a few dozen times. This is easier when you have an understanding of what you’re learning. True things fit in better with other true things.
Don’t assume things are false just because the source isn’t credible, either. Just do extra research to verify. Do your own experiments to confirm, if possible.
Sometimes you’ll realize something you’ve accepted might be wrong, possibly because it conflicts with something else that you learned. When facts don’t add up, challenge them. You’re not infallible. Replacing a fact you accepted long ago isn’t a failure; it’s a victory. Many people are incapable of doing so.
Learn to distinguish between facts, inferences, theories, and opinions. (Note that established, accepted scientific theories often fall into the “fact” category.) Facts are verifiable. Inferences are based on facts; they’re evidence-based conclusions that can help to build theories. Theories are explanations, and they can be disproven but haven’t been proven (else they would be facts). Information presented as facts can be false. Theories and inferences can be poorly formed, even if the facts are sound (and especially when they are not). “Opinion” is a word people use to defend flawed theories. If the opinion isn’t a preference, there’s a good chance it isn’t an opinion at all and is just intentional misinformation. “You can’t argue with my opinion” isn’t applicable when the “opinion” is provably false - then it’s just a failed fact, inference, or theory. And even when it is an opinion, it can still be criticized.
Learn about logical fallacies. Even if you don’t call out the person using them, try to notice them in the wild, both by people you agree with and people you disagree with. But especially by people you agree with. Learn how to notice other ways people are misled.
You can control that with a setting. In Settings - Privacy, turn on “Query in the page’s title.”
My instance has a magnifying glass as the favicon.
Do you mean a Docker container registry? If so, here are a couple options: