Spam isn't the only challenge of going self-hosted and it's cool to tie into an existing ecosystem for identity. Also it's pretty neat that people can engage outside of your website while you still get to pick what gets surfaced on your own website.
I have a static site. Self hosted would mean I’d need a database and I think right now I want to keep the static generation. Happy to try self hosted in future and write my own solution but right now I got plenty of side projects
If they could no longer sell in the USA than they would no longer have a reason to care about US restrictions on selling chips to other countries. China would be happy to buy many of the chips the US was no longer buying.
We can use older processes if we have to. We'd be taking a step back of... maybe 5-10 years? Computers 10 years ago were not that much slower than they are today. Volume would be a bigger concern than performance. Maybe it'd force the tech industry to start writing more efficient user-facing software instead of depending on the incremental advancements made by chip designers and semi fabs.
> We'd be taking a step back of... maybe 5-10 years? Computers 10 years ago were not that much slower than they are today
There’s more to the world of computing than your laptop.
Stepping back to 10 year old GPUs and server CPUs would be a massive handicap on the country.
> Maybe it'd force the tech industry to start writing more efficient user-facing software instead of depending on the incremental advancements made by chip designers and semi fabs.
It’s not about the speed of your laptop loading Slack. Large scale compute is already squeezing as much performance as we can out of server hardware.
> Is “don’t buy stuff with TSMC chips” really a valid option we have?
Not sure that TSMC would want to do that either! We're probably their biggest market, even allowing for China.
> Isn’t that basically “stop buying high technology” to a large degree?
I think you're right, to an extent, at leastt in the near term.
However, we do have (and especially used to have) various fabbing here in the States, from Samsung to Intel. Especially the latter has been neglected, but these changes would probably accelerate on-shoring and perhaps bring some of it back here.
Don't forget that TSMC is in a country that is probably going to go through some significant instability in the next few years. From a business continuity perspective, we'd need to consider availability and supply chain management with the strong possibility of a major vendor being located in the middle of a hot warzone.
I went down the acme/HiCA/RCE rabbit hole a year or so ago and, while I don't remember the specifics, my feeling was that the RCE was not that dangerous and was put into place by greedy scammers thwarting the rules of cert (re)selling and not by shadowy actors trying to infiltrate sensitive infra ...
Is there new information ? Was my impression wrong ?
Trying removing consent to receive text messages on that number, or that it's only a land line and only phone calls are accepted.
You might even try to block incoming SMS. In fact, you might also try a forward with Twilio or free Google voice number, since a lot of SMS TOTP refuse to with with those numbers :)
I've even had success removing my phone number entirely from certain types of accounts, but sometimes I had to deliberately break the account (eBay) and then it tries to get you to confirm on each login which you can sometimes bypass by changing the URL or clicking the company logo.
Be sure to have strong security in other ways; strong, non repeated passwords.
But this is truly insane. Large banks don't even offer the option of TOTP but instead require far more insecure SMS. Maybe they'll offer RSA dongles, because they never bothered to remember when they all got completely leaked ten years ago or how they accepted $10M to completely compromise their constants.
What can you say, large enterprises are behind the security eight ball, as always! It's a tale as old as time.
If the CEO of your company empowers a team to audit your work, would you 'resist'?
And this Chief Executive was elected by the majority of the country, specifically to take these actions that he'd clearly stated he would take.
The resistance is actually the violation of federal law. It's no different from contempt of court; within the President's domain, he has a huge amount of power. The President can also modify existing policy (regulations) at any time and literally make new laws (Executive Orders have the force of law) as long as they don't conflict with current law, as well as overturning previous President's Executive Orders.
Of course, then the shoe will be on the other food someday, too, just as it was when Biden took over from Trump and then they switched places again.
As President Obama said, "I've got a pen, and I've got a phone."
> If the CEO of your company empowers a team to audit your work, would you 'resist'?
If he ordered you to break the law or professional standards, would you obey? This is not hypothetical for many people: if you’re a lawyer, professional engineer, healthcare professional, work in HR, etc. it is not at all uncommon to suggest legal ways to accomplish a goal.
According to the article, that’s exactly what happened here: they have various federal laws and regulations covering their work, but as at other agencies, DOGE decided they don’t need to follow those. This confirms that their stated purpose is not their true motivation but it remains to be seen whether there will be any consequences.
> The resistance is actually the violation of federal law.
Your misunderstanding seems to be to think that the word of the president is the law, like in a dictatorship. In the US system of separation of powers, that's not how it is supposed to work.
The president is currently ignoring a Supreme Court order, not explaining why they’re ignoring it, and even if they tried to charge him, last year the Supreme Court ruled that he has immunity from everything anyway. So where exactly is it different from a dictatorship now?
As I understood it, this "immunity" is granted for POTUS doing things in the course of their responsibility as POTUS. Could it be argued that breaking laws & orders which bind the activity of POTUS is _inherently not_ the work someone in that role?
Isn't the point of immunity that it's immunity from prosecution on actions that are / would potentially be illegal? You don't need immunity if what you are doing is legal anyways.
Immunity is generally scoped. Challenging the determination of scope is not the same as challenging the action.
Immunity also isn't absolute. For example police in the US typically enjoy broad immunity but that doesn't imply not getting dragged into court. They just have sweeping legal defenses available to them that other people don't.
What would you do if your CEO tells you to do something illegal? What would you do if your CEO then tells you to intimidate people who refuse to carry out the illegal requests by tailing them and then taping the surveillance footage to their door as a threat?
>And this Chief Executive was elected by the majority of the country,
Except said "chief executive" was not elected by "a majority of the country."
He wasn't even elected by a majority of those who voted (~35-40% of the population), but rather a plurality of those who voted (~20% of the population).
Note that I am not claiming that there was anything nefarious (I have no evidence to support making such a claim), just that those who voted for that person represent only ~20% of the US population, not a "majority of the country."
The CEO of the company is bound by laws and rules that the same country enacted. We the people are the board. The CEO answers to the board.
There are procedures to do the things that he said he wanted to do, because we are well aware of how an unchecked executive can destroy our government by doing what they want however they want.
The only agencies the President gives orders to like this are the military ones. We don't have a dictator that dictates from on high. That is why we have the Administrative Procedures act, the executives 'executiving' needs to be consistent and based on logical reasons.
We used to have a government like this, a spoils system, and it didn't work. So both parties created the civil service. Both parties passed things like that Administrative Procedures act.
You seem to underestimate the power that is vested in the office of the President as the Chief Executive.
> have been invalidated by courts
As have many, many legislatively-passed laws; this is simply checks-and-balances and allows the judiciary to act on other laws (which originate from Congress) and regulations (which originate from the Executive Branch).
Chief Executive officer does not mean dictator other than to military agencies. Please read the history of the bipartisan creation of the civil service, of the Administrative Procedures act, all created bipartisanly to reinforce that the President is not a dictator/king.
The executive has discretion in how funds are disbursed, but they have to fulfill all the obligations laid out by Congress. Impoundment is expressly illegal, not just due to Article 1, but also the Impoundment Act to avoid any ambiguity. The Dept of Education, for example, is created by act of congress and has a list of obligations in the congressional budget and the president has no authority to deny that. They have discretion in terms of how it is fulfilled and who gets paid when, but they are assuredly not allowed to just cancel programs or agencies that explicitly funded by congress.
If the CEO brought in their friends as temps to screw around? Which they were only allowed to do until the next board meeting when they will very likely not be approved? Yeah, I'd probably resist any royal fuck ups until then.
"Would be nice if you use your.. financial stability of a Google job to build an open-source protocol"
Well, sure, it'd be nice if we could all spend our time building things to give away for free, but it's just not always possible. Life happens and people shouldn't have to explain or apologize for it.
How does this compare to Userify's plain-jane SSH key technique?
That agent (Python, single-file https://github.com/userify/shim) sticks with decentralized regular keys and only centralizes the control plane, which seems to be more reliable in case your auth server goes offline - you can still login to your servers (obviously no new users or updates to existing keys). It just automates user and sudo configuration using things like adduser and /etc/sudoers.d. (It also actively kills user sessions and removes the user account when they're deleted, which is great for when you're walking someone out in case they have cron-jobs or a long-running tmux session with a revenge script.)
This project looks powerful but with a lot of heavy dependencies, which seem like an increased surface area (like Userify's Active Directory integration, but at least that's optional)
I believe the idea of this scheme is so that the NSA tailored access operations staff embedded in organizations such as google and cloudflare can authorize access without having to individually intercept each server (or jumphost) you own.
You benefit from more reliable shipping delivery times, no more mysterious city-of-industry->ftmeade->sanfrancisco detours or hardware that fails prematurely due to uncleaned flux or whiskers from implant installations.
It also looks like squinn is the clear leader for most but not all of the benchmarks.
Even though it's "not scientific", is still very useful as a baseline - thanks for taking this effort and publishing your results!
Also taking a look at monibot.io , looks cool
reply