I don't disagree, but I think there is a distinction between "everything is e2ee, but specific conversations may be MiTM without detection" and "nothing is e2ee and can be retrospectively inspected at will" that goes a little beyond security theatre - makes it more analogous to old fashioned wiretaps in my mind.

Obviously it involves trust that it isn't actually "we say it's e2ee but actually we also MiTM every conversation"

Even with closed source clients, MitMing every conversation would likely be detected by some academic soon enough - various people take memory dumps of clients etc and someone would flag it up soon enough.

I like to follow conventional commit style, and some repos I work on have CI checks for it. It's been fixed now, but for a long time the validator we were using would reject commits that included long urls in the body (for exceeding the width limit).

It was enraging - I'm trying to provide references to explain the motivation of my changes, all my prose is nicely formated, but the bulleted list of references I've provided is rejecting my commit.

I generally think it's in the category of a social problem not a technical problem - communicate the expectations but don't dogmatically enforce them

Personally I'm using haproxy for this purpose, with Lego to generate wildcard SSL certs using DNS validation on a public domain, then running coredns configured in the tailnet DNS resolvers to serve A records for internal names on a subdomain of the public one.

I've found this to work quite well, and the SSL whilst somewhat meaningless from a security pov since the traffic was already encrypted by wire guard, makes the web browser happy so still worthwhile.

> I used to throw every scrap of code onto GitHub in the vague hope of “sharing knowledge”

I looked at a random repo today, and used some of its (MIT licensed) code as a starting point.

It was an expo plugin for managing android key stores, I didn't need most of what it did, and I went a different direction in the remaining bits - but it still helped me do that quickly. That won't show up in any stats the author can see, but I appreciate their contribution

We've only raised a handful of support cases with GCP the past 5 years, but we happened to raise one this week and they've put us onto a preview feature that solves the problem we were facing - I'm suddenly wondering if we should be trying our luck with support more often instead of figuring it out ourselves.

Preview, as in no sla [1] and they could cancel it or remove features any time in the future?

1: yes, I know the sla’s are usually a joke

Heh, that's my PR. Initially I thought it would be a trivial change, but then I realized I hadn't considered how it should interact with MDM / device posture functionality - these aren't features I'm personally using with the Android client, but are understandably important to enterprises.

I still hope to get back to that and try to get it to a state where it can be merged, but I need to figure out how to test the MDM parts of it properly, and ideally get a bit of guidance from the tailscale team on how it should work/is my implementation on the right track (think I had some open questions around the UI as well)

I think the interface breaking on newer screens is a key point - AOE2 definite edition looks great on a 4k screen now, but when I tried one of the other variants beforehand the UI didn't scale properly and so all the elements were tiny to the point of being unplayable without adjusting the resolution

I had a similar idea as a teenager - calculate md5 hash and store that plus a hint/offset to then brute force the original content. I had dial up and wanted a more practical way to get large files.

Anyway I emailed the Winrar developers about my idea and they politely explained why they didn't think it was feasible (appreciate they even took the time to respond!)

The licence terms / variation on MIT is interesting - unless this file is part of some standard I'm unaware of I'd expect it still shows as plain MIT for most automated SBOM collection/licence checks which feels problematic.

(https://github.com/rustrum/apate/blob/main/LICENSE-TERMS)

Ouch, why even involve the MIT license if you're gonna do custom terms anyways? Just put "Copyright me" and be done with it instead of ending up with some weird half and half solution. Net effect ends up the same anyways.

I just thought that MIT for subset of users is better than "My Own License"

Well the point here is that if I created it by myself I can make whatever license I want. But I do not want to write my own license. AFAIK even if you grant something for subset of users for "free" you have to define legally terms of this "free" usage.

Yeah, that kills adoption by most people I'd imagine. Non-standard license terms are always a huge red flag IMO, regardless of actual license terms.

It is simple. If you do not like it - do not use it. I do not care. Have no plans to conquer the world with this project :)

I mean you must care a little bit right? Why publish it and share it here otherwise? :) Maybe you're looking for people to just review and learn from the code, rather than use it in their projects?

From license terms you can see that any independent developer and small teams could use it without any issues.

And yes I do not want it to be "free stuff" for big corporations. I just do not know any existing license that can define such terms.

> From license terms you can see that any independent developer and small teams could use it without any issues

Right, until they cannot, and that choice won't be made from their own agency, and most people will try to avoid ending up there, hence not using the project in the first place.

Not saying "it's doomed to have zero users", but you'll probably find it slightly strange when people seemingly would have perfect use for your project, yet find other options anyways.

> And yes I do not want it to be "free stuff" for big corporations. I just do not know any existing license that can define such terms.

Guess BSL would fit you, but yeah, if you want any sort of restrictions, what you want is something else than Free and Open Source Software, and that's fine of course, just be aware it'll be a hard sell to developers used to FOSS. Again, a fine choice to be making and understandable.

One of the more annoying things I've found moving country is the unavailability of keyboards / laptops with the layout I grew up with. I find it especially annoying as the country I'm from uses a US layout which I naively assumed would be easily available everywhere (and it is available but not without a long delivery and a premium price)

Side note: helping my French housemate with his uni assignments was an experience, none of the symbols were where I expected them to be

Meh, takes you like some days to get used to another layout being visible on the keys, while your OS (and brain) actually using another layout.

I've used US keyboard layout since I started programming (my first mentor essentially forced me to switch to it, he was right about it being easier), but throughout the years been using Swedish, Norwegian, British, Spanish and French physical keyboards, never cleanly mapped to the actual layout I've used on the OS, and never been an issue.

The last part though, is a real one, trying to pair program with Spanish programmers always have at least one moment of holding Shift and sliding the finger across all numbers to see where that specific symbol actually is.