Mr Beast's videos have at least a spanish audio track, which funnily enough NewPipe defaults to (or did the last I checked) and NewPipe doesn't support changing the track as far as I can tell
When I first noticed this, I thought it was cool that dub-spiderman[0] migrated to using that right away, since he already went so hard with the mrbeast spanish and other dub channels. I assume it's preferable to have all of your subscribers on the one channel.
0: Jimmy's voice in the spanish dub of his channel is the same actor who dubs spiderman.
Archive.ph et al is run by a russian fellow so probably the third one, especially now that Russia doesn't seem to care about something like this at all
I have the cheapest M1 Air model for personal use and it's been great. Although I wouldn't have gotten it if my old XPS 13 (Intel i5 gen 8 I think) didn't have such a bad touchpad and a bad feeling keyboard compared to this.
One thing that I didn't see mentioned yet is that for Podman to work there is some fiddling required. At least when installed through Homebrew in a non-standard directory (my homebrew dir is under my user home), qemu just wasn't able to start the container VM and I had to find a way to install Podman with an older qemu version (pre-7.x) for it to work at all which involved downloading the homebrew formula and stabbing it with a fork
I've done it from work computers where the USB ports are disabled but I want to hit my personal dev machine at home to get at my notes and calendar.
I've established impromptu SSH tunnels from other people's machines to my local network so that I could watch my media on their TV.
If you dropped me naked on the other side of the planet I could get a copy of my identity documentation and access my email, bank accounts, etc from any internet connected machine I find.
You get that passwords over first-time SSH from untrusted computers or untrusted networks aren't safe at all, right? That posting those passwords is literally a sport at hacker conferences, and has been for over 2 decades?
You get that waking outside isn't safe at all right? Mugging is as old as civilization and don't get me started on cars.
Life is about trade offs, if someone really wants to spend the time to get access to my home dev box then I may have to spend a couple days on the phone with the bank and restoring from my offline backups. Big whoop.
Your home is likely insecure from my standards. Do you have a firearm at the ready? Do you know how to use it? Does your family have codewords to communicate without letting others on to your plan? How hard is it to kick in your doors? Not just the front door, but the bedrooms. Do you have a dog to wake you in the night? How stocked are you, can you last a month with no resupply? Do you even have a panic room?
I protect what matters beacuse you can't protect everything.
How are we still talking about this? SSH doesn't work the way you appear to think it does. Passwords don't solve the first-use problem; in fact, the first-use problem makes passwords much less safe than keys.
Yes and your cheap hollow core door doesn't solve the ending the life of everyone you care about problem. Why are you more concerned about passwords than that?
I know the risks well, I don't find them to be worth the hassle of avoiding them.
No, it's not analogous to TLS. TLS has trust anchors: the key exchange in a TLS handshake is secure, even on first contact with a server. The key exchange in a first-contact SSH handshake is trivially MITM'd. An attacker with control of your network (or, obviously, your machine) can simply steal your password.
I'm sorry I should have said it uses diffie hellman key exchange. And you are correct it can be mitm. I see that as its primary intrinsic weakness. (Password entropy, storage, are separate problems)
I would contrast this with the weakness of keys being that if the devs keys are compromised so are all the other servers he has access too. (I can memorize my passwords, or write them on a note card. Say what you will about that, it's out of band.)
In light of that the question as to what's best is your threat model. Poor opsec per dev or an upstream network sniffer.
Thanks for all your input all over this thread. I'm revisiting my convictions.
But you've now swapped out part of the authentication. If you want to claim that, for some threat models, "One password per server" is better than "One key" then, sure, so use "One key per server" and now keys are better again.
Also - I suspect this Caddy server doesn't support it, but OpenSSH does - you can use FIDO and then the keys physically are objects in the real world, from say Yubico or a dozen other vendors so now "losing the keys" is like losing your office keys, except that when they give you a new one they can trivially make the old one stop working.
Not just that but they want to do independent validation work. They have dipped into it a little on the main channel already with cable and display testing but it seems they intend to go much further.
I wish Linus good luck, but I have a suspicion that it won't be like Anandtech. May be I am biased by the image of Linus and his crowd. I watched the Labs pitch, and it is very gamer oriented.
I've been reading Anandtech for ~20 years. It has stayed virtually the same [1]. Linus has turned his venture into a giant media and entertainment house. I hope LTT labs is completely different but it is hard to imagine it given Linus' vision and business interests.
[1] This aspect is basically unheard of these days. Hard to find anything that stayed the same ~20 years, they refined their vision instead of slowly destroying it.
Fortunately this is a server distro, and there definitely aren't enough of those around (stable trustworthy ones).
While your experiences with the desktop are unfortunate, on most common laptops (cheap and expensive ones) most Linux distros run well, even if some very specific devices have issues with the kernel drivers
Seems no one has mentioned it yet but what bothers me about most of these stylesheet hacks is that they never get the font right. Granted I don't know what it would take to make the old font (MS Sans Serif?) browser-compatible, possible copyright issues aside(?)
