Oof, that is really not a good look. This should have been clearly disclosed and probably with a per-notification for the patch release.

There are a few main benefits.

1. For hardware-backed keys they can’t be stolen aside from physically stealing the hardware. So unless your machine has malware there is no way for an attacker to authenticate using them.
2. Even for software keys the site you authenticate to doesn’t learn enough to impersonate you. For example if for some reason your bank leaked some logs with PW + MFA someone could use that to log in as you (although admittedly short timeouts on MFA validity makes that window very small).
3. The browser ensures that you only authenticate to the correct domain. So it prevents phishing. (Although a password manager that only fills into the correct domain also accomplishes this.)

So I think if you are using unique passwords with an automated password manager the effective benefit is quite small. However for the “average computer user” who likely has less than 5 passwords that they use for everything it forces a pretty high base level of security.

Please be civil and polite. This type of aggressive comment insulting people because of the tools that they use isn’t welcome here.

No, but you can still choose to choose software that doesn’t steal and sell your data. You can also support laws that make doing this illegal.

The idea that putting this on your phone is bonkers is bonkers to me. Why would you want to carry around a journal or paper when you have everything on your phone? It can also be more easily backed up and synced.

It shouldn’t be normal that this data is stolen and sold. That is 100% the problem, not the fact that people track things on computers.

Please be polite. If you don’t like a post you can downvote it. If you would like to comment please be more civil.

It’s also super locked down. You are only allowed to use it if Google or Apple says that your device is authorized. So no root, no custom ROMs. Unless your phone is owned by a corporation and that corporation is blessed by Apple or Google you are out of luck. (There are currently ways around this but the gaps are slowly being closed as older devices are phased out.)

Reverse DNS is different than static IP.

But yes for outbound email, if you can’t control reverse DNS you will have pain. (Inbound is totally fine) You can in theory just use whatever hostname the ISP’s reverse DNS resolves to however you will get some spam score (or be rejected) as it doesn’t match your “from” domain.

Outbound email is a huge pain really no matter what. Unless you have a long-term lease on the IP and it isn’t in a bad network you really have to pay someone else if you want reliable delivery.

Its a problem but it isn’t a major problem. I am using rspamd without any sort of exotic configuration (basically just enabling things that are provided, not my own rules) and I only get a few spam messages leaking through a week. Maybe slightly worse than GMail but not considerably slow.

IMHO the only real missing thing out of the box is contacts checking. Which is a huge thing because it is great to have reliable delivery from contacts. But my false-positive ratio is so low anyways that it isn’t a big issue and things like the known_senders module mostly mitigates it.

Yes, blocking port 25 outbound is incredibly common by default. Even on some server connections. It is probably better overall for exactly the reasons that you mentioned.

Or just don’t self-host email

IMHO this is a bit overblown. Hosting inbound is fairly easy. Mail senders (probably for the worst) are very forgiving even if your TLS cert is expired you will probably get mail. Plus senders are supposed to retry for days if you have downtime.

However it is unfortunately true that due to spam sending is a huge pain because IPv4 reputation is a huge component. Sure you can get GMail to trust your domain after a month or so of sending if you have decent volume. But other providers who you may mail once a year are just going to go off of IP reputation. However email was basically designed for forwarding and you can use a service like AWS SES to forward your email from a trusted IP pretty easily. If you are low volume (like personal mail) there are tons of services that will do this for free.

Of course nixpkgs has it. It was added a few years ago, I can’t vouch for if it is up to date or still working.

The owner of the domain owns DKIM. It offers no protection against that.

The only actual protection would be PGP because it provides your key as an identity rather than the domain itself.

The purchaser of that domain will be able to send and receive email from your addresses.

The biggest concerns here are probably:

1. The new owner taking over accounts that use the old email (either via password reset or email or by contacting support).
2. Sensitive personal information intended for you being sent to the new owner.
3. Someone spearphishing people you know from your old email address.

Yeah mp4s with h264 will play basically anywhere if the audio format is a common one. Must be the most supported setup.

I’m pretty surprised that all of the audio formats work. I’m not so surprised that the TV has h265, although maybe a bit surprised that it is exposed to the browser. The container support is also pretty surprising. Unless your MKVs are so simple that they are effectively WEBM.

Or maybe it pops the link out of the browser into a dedicated media player which has decent codec support.

iDevices do expose h265 in the browser, but the container support is still a bit surprising. But then again WEBM is basically MKV, so maybe that is why it tends to work.

There are a handful of common reasons.

1. The client doesn’t support the formats. Browser clients are notoriously picky not supporting some common video (for example few browsers support h265 and it isn’t generally considered web-safe) and audio formats. But embedded devices may also cause trouble if they don’t have enough CPU to do non-accelerated playback and don’t have hardware support for the codec used.
2. Playing at a lower bitrate. In that case you can transcode at the fly.
3. Remuxing. This is things like the moov atom where the actual codecs are supported but not the container or exact packaging of the file.

But yeah, especially if you are using a player with wide format support you may not need it.

IMHO for 2 drives you don’t want redundancy. (I assume that is what you want RAID for, mirroring?). The per-drive failure rate is so low that you are unlikely to encounter it and nothing you are running seems particularly availability sensitive. Having a bit of downtime to rebuild in the very rare case of a drive failure is fine. The extra storage space is way more valuable.

lol, I assume he means 1000 Mbps aka 1 Gbps which is reasonable. Maybe even a little low as transferring files around fast is nice.

IMHO this isn’t really worth it.

1. x264 is very fast at lower profiles. Especially if you aren’t streaming across the internet often the size hit from the fast profiles is fine. Even if you are streaming over the internet it is probably fine. Getting a slightly faster CPU will also get you super far and is more useful to have lying around than a GPU as it will benefit most things that you do on the server. And worst-worst case a bit of CPU usage isn’t going to hurt much of the things that he is running (except maybe a game server if people are playing at the same time and you are really maxing out all of your cores).
2. Integrated GPUs are fine for a handful of concurrent streams. Especially the Intel ones which have amazing media engines.
3. Even if you are going for a dedicated GPU I would go with an Intel ARC. They are way better at media encoding and cost less.
4. You can always add a GPU later. Wait until you have a need and are seeing problems without.

Actually I would pick GIMP.

1. Says what it is, an image editor.
2. No popups and random interruptions.
3. Not only AI editing examples which makes me thing the tool is AI only.
4. An overview of the variety of major features it has rather than just AI editing.
5. Links to helpful documentation rather than endless marketing pages that say nothing.

Really think only thing I would like to see is some screenshots and examples of using the tool, rather than just info on what it does. But the Photoshop page barely has this, just a few examples of the AI tools.