I suppose that’s fair, as we can still row without the membership. I think the bigger issue is how this relates to right to repair and product warranty/merchantability. If you sell a product and then take away features using a software update, you should be required to either compensate owners for the lost functionality or buy back the equipment from them at purchase price.
>In NewsBlur’s case, because NewsBlur is a home of free speech, allowing users in countries with censored news outlets to bypass restrictions and get access to the world at large, the continuing risk of supporting anonymous Internet traffic is worth the cost.
This, the backups, the write-up, all make it really hard for me to want to victim-blame the dev for not catching a very silly Docker default.
That having been said
- public ip?
- no fw?
- no password on the mongod instance?
Idk, couldn't be me, not even in dev, just take the 20 seconds to plumb the pw to both sides. Modding me down won't change these facts and won't keep you from being compromised if you take the same lazy steps
The problem with the Docker default is that they did have a firewall configured but Docker will reconfigure it.
That said, some external firewall would prevent this. My VPS provider allows me to configure which ports I want to expose to the outside world which would mitigate this kind of issue.
Please, someone help me understand. Why would I want this instead of ENS or a traditional domain?
Let's assume that we are interested in decentralization for the sake of censorship-resistance and lets imagine I want to run a website to allow people to share "extreme" political opinions that might not otherwise be normally tolerated on the clearnet web. I set it up with IPFS, and then I register:
1. a traditional domain name
2. ENS (Ethereum Name Service) domain
3. a Tor Onion Hidden v3 Service
4. IPDS "IPFS Subdomain"
After attracting attention of the FBI, the traditional domain gets redirected to an FBI seizure page, presumably.
The ENS domain is governed by a contract that would require a manual M-of-N override of the ENS contract. (I'd love to see a threat analysis of ENS from this angle). I've never heard of this happening and it seems like it would be a very notable event.
The hidden service is, short of attacks on Tor, quite resistant (though usability is quite poor).
And then finally, this submission, IPDS -- I'm not sure I believe that they will be any better than a traditional domain (given the warning at the bottom, and on the interest form).
Can someone help me understand? EDIT: The more I look at this, the more I'm struck by just another sign of how immature the IPFS ecosystem is. Seemingly destined to NIH every last thing. How can you put this landing page up without any other details or acknowledgement of alternatives and expect buy-in?
EDIT2: of course they're collaborating in a cleartext Telegram room. People, get your stuff together, open source collaboration belongs on Matrix. Not Discord. Not Telegram. Period.
Hmm, I wouldn't assume the goal here is censorship resistance (esp given IPFS+ENS already fits that niche better). Looks to me like someone in the ecosystem is seeing the recent massive speed up to IPNS publishing (launched last week) and testing the waters on whether an "IPNS+DNS as a service" site would be useful to the folks that host dweb sites on IPFS.
I think this makes sense. Another sibling comment implied that this was a product-ified rollout of existing tech, which is of course a useful thing if you're into dnslink. :)
The Aviron website clearly states that the device is still perfectly functional as an exercise device without the membership.
Also, I cannot fathom that I'm considering a subscription service for something like this, and yet I am... anything to make exercising fun, I guess.