I could see it being an issue for more privacy-oriented sites. I imagine some Lemmy and Mastodon users might be less inclined to have to login to Apple, Google or Microsoft to be able to interact with others even if the vast majority of users are fine with it. Would be nice for somebody to come up with an open-source service that handles some more basic age verification so other services can just self-host it instead of each platform implementing their own logins. By basic age verification I mean things like matching user behaviour to users with a known age and maybe some face scanning. Nowhere near perfect and it’s a constant cat and mouse game, but maybe enough to be compliant with the law.

If age verification wasn’t being made mandatory in Australia for social media sites I think it could be a great idea for some services especially if the verification is done by the government with the same level as photo ID. Think dating apps, finance and marketplace sites where having a higher level of confidence that the person you are talking to is who they say they really matters, especially if law enforcement need to be involved down the line. Even if you the user can’t verify the identity of the other person, law enforcement could, and the site might be able to block alt accounts. The credential theft problem still exists of course so it’s no silver bullet, but it’s a lot better than what we have now.

Could be a money maker for them. Let the AI slop through, make some money off it for a bit, ban the creator for a violation then delete the video. Far more space efficient than having to deal with real channels that have hundreds of GBs of legacy videos you need to keep around forever and fans who actually care about said creator and legacy. I’m fully expecting the jump where they start producing the slop themselves instead of having to share a percentage with the creators.

It’s not morally good of course. That slop is cancer.

Even after working with servers with hundreds of GBs of RAM it still amazes me how much RAM you chew through running even a small number of VMs. I built a new machine to do VMs and run a gaming VM with GPU passthrough not long ago and am already considering jumping from 64GB to 128GB on the host.

I was able to stick to 16GB on my Windows 11 gaming VM for ages. Only recently cracked because I was using the OBS replay buffer that was using 2-4GB so I upped to 24GB.

I would never recommend somebody build a new gaming system with less than 32GB now though since you will need an upgrade at some point. If you’re already running 16GB then it’s probably fine to just wait until you do a full re-build.

That said, 16GB is probably the new standard for normal PCs if you’re hoping to get 5 years out of them.

You can work around it in both cases. SecureBoot will only prevent you from running non-signed boot loaders. If that breaks then you just turn off SecureBoot while you work on the issue (assuming SecureBoot failing isn’t due to a compromised boot loader) and the machine will boot normally minus any data stored in the TPM such as the encryption key. For the encryption key, this is something you are supposed to keep a copy of outside the TPM for scenarios like this. On Windows consumer PCs, this is stored in your Microsoft account or the place you specify when enabling it. For Azure or AD-joined PC’s this can be stored in Azure or AD.

The only ways SecureBoot and encryption will burn you are if there is data stored in the TPM that you don’t have a backup of or way of re-creating, or if the encryption headers on the drive are lost. That said, if you aren’t using a TPM some Windows features will break regardless and if the drive is so messed up that the encryption headers are lost then you’re probably back to backups anyway.

As somebody who often ends up using Reddit like Stackoverflow and in some cases needing the Internet Archive (IA) to find the original post after it’s been deleted or garbled, I think this is a wakeup call for those go to Reddit both to get technical help and to post it. More than ever, Reddit is becoming an unreliable place to find answers for old obscure issues and if they are going to lockout places like the IA then I think it’s time people stopped contributing their solutions to Reddit.

Sounds like this is not the same as S mode but only related to it based on the article. I hope Microsoft kill the cancer that is S mode.

What about second broken web office suite?

Just hope they (Facebook and friends) give you the choice to delete OR verify those accounts and not require verification to delete it.

Same in Australia. From memory the law has already passed, it’s just got a delay on it to give companies a chance to implement it.

This seems a bit convoluted as an explanation if I’ve understood it correctly. If Telegram as using a compromised hosting provider then you could have the strongest crypto in the world to prevent a man-in-the-middle from seeing the unique identifier for each device and it wouldn’t matter since they already who which user is which IP from the servers they control. They don’t stand to gain anything by exposing the unique string to MiTM attacks when they already control Telegram’s servers unless their goal is also to allow other countries to see which user has which IP too. It just seems like an incompetent implementation.

I might be mistaken, but isn’t using a mixer considered money laundering in the US?

It sucks that rural Australia’s part of the NBN got kneecapped down to Skymuster. I’ve played with Starlink quite a while ago and unless it’s really heavy rain it works really well up to the point of being able to stream games on GeForce NOW. Obviously a fast wired connection is preferable but as you say Starlink really is the only good option for a lot of people.

If you only care about having a static IPv6 address take a look at TunnelBroker by Hurricane Electric. They give you free /48 IPv6 blocks tunnelled through their network. Words of warning though: 1) some ISPs block using this service (prevent the tunnel from working), 2) in my experience I’ve seen high latency due to weird routing, 3) those IPs ending up on blocklists due to abuse and 4) the tunnel is unencrypted so traffic between you and Hurricane Electric is trivially intercepted, though if that was a problem in the first place then you wouldn’t be hosting from your home network anyway so this is mostly moot.

IP blocklisting is still very much a thing as well so you can expect any mail originating from a residential IP to be rejected due to their /24 or larger having previously sent spam, and that assumes you can send server-to-server mail (destination port 25/tcp) in the first place since many ISPs and server providers block traffic destined to that port by default to prevent users from getting their IP blocklists. My home ISP blocks outbound SNMP traffic (or at least did 10 years ago) presumably to also prevent abuse. That said, things like blocking inbound port 80/tcp and 443/tcp is purely a measure to prevent people running servers at home which I’m not a fan of.

Same is true for any tech thing. Sure, you can buy a perpetual licence for something but if you’re running it on anything but an isolated device then you will at minimum need security updates or the source code to fix it yourself. Same is true for things like console games where eventually the hardware will just die and it may become too expensive to replace it. Even emulation is case-by-case since some games use obscure calls which have no adequate emulation. Software doesn’t exist in isolation. For that, you have to revert to pen, paper and some analog tech.

Ah you’re right about the GDPR part in the article! My bad. Signing might be the best bet in that case since it avoids storage IF you were to try and implement this kind of system.

The idea of having them send an e-mail to an address containing their IP is clever, however you need to authenticate that the person who sent the e-mail is either somebody who queried your site, or somebody that got the address from somebody who queried your site or else you could just figure out how to generate that base64 yourself and impersonate somebody else’s IP address which could have catastrophic results if you then fed these IPs into something like a block list and suddenly you’ve blocked Microsoft/Office 365. To be fair, I doubt anybody is going to try and reverse engineer one person’s code to then figure out how to impersonate who sent spam, but if this became a widely distributed program you could just pull off Github then it would be more concerning.

A couple ways to solve this:

1. Sign the information before encoding it in Base64 so you can verify it came from your site and wasn’t just spoofed. This has the upside of being stateless since you don’t need to keep a record of every e-mail you’ve generated but comes with the disadvantage of spending CPU time signing the text which could be exploited as a DDoS.
2. Spit out a random e-mail address and record which e-mail address was given to each IP. Presumably you wouldn’t hold on to this list forever since IPs change owners frequently and so an IP that was malicious 1 month ago could be used by a completely different person now and so you can trim this list down once a month to avoid wasting disk space. You’d probably also want to keep some amount of these requests in memory (maybe 10Mb or so) to avoid ruining your IOPS.

All this said, I think your time is better spent with the using unique e-mail aliases as the author suggested but with 2 changes: 1) use aliases which are not guessable to prevent somebody from making it look like somebody else was hacked (e.g. me+googlecom@ gets compromised, but the spammer catches on and sends from me+microsoftcom@ instead to throw off the scent) and 2) don’t use me+chickenjockey@, use chickenjockey@ or else the spammer can just strip “+chickenjockey” from the address to get the real e-mail address.

Eh it depends. I’m fortunate enough to be in a good IP block so I don’t get my e-mails dropped purely on that. It’s been a good learning experience and I’ve leaned on my own server a number of times for troubleshooting at work since I can see the whole mail flow. The only problem I have is the free Outlook/Hotmail will not accept my e-mails. Everybody else seems fine. All that said, I don’t host anybody else’s e-mail so I haven’t had any spam come out of my IP, and I would never in a million years host e-mail for a customer.

The spam filtering is painful. I kinda work around it by giving a unique e-mail for everything and of one starts getting spammed I just rid of that e-mail. Tends to give you advance warning of data breaches too since you’ll start seeing the spam come in before the announcement.