I host my mail server on a VPS.

I suggest making sure you get DMARC / DKIM / SPF working, and having an anti-spam strategy (greylisting helps, but there are a few ASNs that just exist to send spam). Also make sure your IP is not on any public spam list.

The next problem you might face is that Microsoft and especially Google like to make it hard for anyone not using their services. With Microsoft, you fill in a form and jump through some hoops and they’ll start accepting your email enough to land it in spam. Unless you are regularly sending to Microsoft, it is hard to keep them accepting mail, but just sending to a free Hotmail address (owned and occasionally marked as read and deleted by you!) on cron is enough to keep occasional mail deliverable as long as none of your mail ever gets marked as spam. Google can be more of a pain to small email servers in terms of not landing in spam, but I think occasional reports of not spam will help you.

In terms of keeping down spam:

• postgrey or similar for greylisting keeps out the least serious spammers.
• The notorious spammers / bulletproof hosting is best blocked by ASN since they regularly shift IP addresses. Try a script like this on daily cron (assuming you jump to the custom BAD_AS table from your INPUT iptables rule) - please don’t run it too often since routeviews is a free public service and you should be respectful of them:

#!/bin/bash -e

TEMPDIR=$(mktemp -d)
trap 'rm -r "$TEMPDIR"' EXIT

curl https://archive.routeviews.org/oix-route-views/oix-full-snapshot-latest.dat.bz2 -Lo "$TEMPDIR/snapshot.bz2"
bzgrep -e " (15828|213035|400377|399471|210654|46573|211252|62904|135542|132372|36352|209641|7552|36352|12876|53667|138608|150393|60781|138607) i" $TEMPDIR/snapshot.bz2 | cut -d" " -f 3 | sort | uniq > $TEMPDIR/badranges

iptables -N BAD_AS || true
iptables -D INPUT -j BAD_AS || true
iptables -A INPUT -j BAD_AS
iptables -F BAD_AS

for ROUTE in $(cat "$TEMPDIR/badranges"); do
    iptables -A BAD_AS -s $ROUTE -j DROP;
done

• Despite Google being so hostile to very infrequent emails from IPs that have years of never sending spam, just because they are small, Gmail and Firebase are one of the most significant spam sources. I find client-side filtering works best for things like that which get through your other defences.
• Another spam source is Docusign. These types of companies tend to shut down individual scammer / spammer accounts, but then allow them back in for the same scam with another account.

Note that of the spam that gets through if you have the basic defences, it’s probably a similar level to big corporate hosted mail, so don’t let this deter you (I just hate spammers).

idea of requiring attribution is specifically called out in Section 7, item B.

But requiring that the logo be retained is not.

Now, it’s not entirely clear what they even are asking for. If the ask is that the OnlyOffice logo be included in a ‘credits’ page (which is perhaps a reasonable interpretation of “you must retain the original Product logo when distributing the program”) then it is much less problematic, although perhaps still beyond requiring attribution, than if they are trying to demand that, say, the favicon of the webapp must not be changed (especially if their intent is also to say that you can’t distribute the program if you don’t change the favicon because it would be a trademark violation).

Now of course, if they have written all of OnlyOffice in house, and not had any external contributors or used any external copyleft code, then they can re-license OnlyOffice on whatever terms. If they were bound to the licence by including other people’s AGPL contributions, then they have to follow the licence themselves, and cannot add arbitrary additional restrictions.

Unfortunately, scams are incredibly common with both fake recruiters (often using the name of a legitimate well known company, obviously without permission from said company) and fake candidates (sometimes using someone’s real identity).

No or very few legitimate recruiters will ask you to install something or run code they provide on your hardware with root privileges, but practically every scammer will. Once installed, they often act as rootkits or other malware, and monitor for credentials, crypto private keys, Internet banking passwords, confidential data belonging to other employers, VPN access that will allow them to install ransomware, and so on.

If we apply Bayesian statistics here with some made up by credible numbers - let’s call S the event that you were actually talking to a scam interviewer, and R the event that they ask you to install something which requires root equivalent access to your device. Call ¬S the event they are a legitimate interviewer, and ¬R the event they don’t ask you to install such a thing.

Let’s start with a prior: Pr(S) = 0.1 - maybe 10% of all outreach is from scam interviewers (if anything, that might be low). Pr(¬S) = 1 - Pr(S) = 0.9.

Maybe estimate Pr(R | S) = 0.99 - almost all real scam interviewers will ask you to run something as root. Pr(R | ¬S) = 0.01 - it would be incredibly rare for a non-scam interviewer to ask this.

Now by Bayes’ law, Pr(S | R) = Pr(R | S) * Pr(S) / Pr(R) = Pr(R | S) * Pr(S) / (Pr(R | S) * Pr(S) + Pr(R | ¬S) * Pr(¬S)) = 0.99 * 0.1 / (0.99 * 0.1 + 0.01 * 0.9) = 0.917

So even if we assume there was a 10% chance they were a scammer before they asked this, there is a 92% chance they are given they ask for you to run the thing.

Maybe they figure if you can’t fix the form to make it submit, you wouldn’t be up to their standard :-)

I think there is some value to MBFC, even though there are also cases where it is problematic - I don’t think a blanket rule would be right.

The issues (& mitigating factors):

• Some of the ‘mostly analytics’ sources still have ‘bias by omission’ problems or misleading headlines, even if the facts in the articles are accurate. But I think on the fediverse, we aren’t beholden to algorithms or their editorial choices in terms of the balance of what we see, so the impact of this is limited.
• Opinion pieces have a place, although arguably not on World News. At the very least, factual pieces from outlets that also publish opinion have a place. But MBFC downrates outlets for having an opinion at all even when clearly labelled as such.
• The attempt to categorise every bias on a left to right scale when really there are so many dimensions any bias could be along isn’t as helpful.

So I’d suggest:

• Only mentioning it when an outlet has a history of publishing things that are factually incorrect (or there is reasonable doubt over it). Not every fact can be verified from first principles (and sadly often articles don’t name their primary sources - in a better world having no source would reduce credibility, but it is often hard to find articles that meet the well-sourced bar). People deliberately muddying the waters create think-tanks to cite with fake facts, fake scientific journals, and cite other unreliable sources - fact checking often requires on the ground investigation, asking reliable experts, and so on; it is simply impossible to be in expert in everything you read in the news to spot well-executed fake news. I think of the approach like a tree - there are experts in an area who can genuinely apply critical analysis to decide if something is fact or bogus. But there are also bogus experts. Then there are aggregators of facts (journals and think-tanks, etc…) that try to only accept things reviewed by genuine experts. But there are also bogus aggregators. Then there are journalists and outlets that further collect things from genuine aggregators and experts, and refine them. But there are also bogus outlets. Sites like MBFC try to act like a root to the tree and help you identify the truthful outlets, who have a good record of relying on truthful aggregators, who rely on truthful experts.
• The left / right bias part means very little - I’d suggest ignoring it if you’re looking at a single article.
• Any of the higher tiers of factual reporting should be fine and not worth a mention.

If there are reliable sources countering some facts, posting those instead of (or as well as) complaining about the source is probably better.

That’s a false dichotomy though. There are ways to prevent cheating that don’t rely on the security of the client against the owner of the device on which the client runs (which is what both of what your ‘ways’ are).

For one thing, it has long been a principle of good security to validate things on the server in a client-server application (which most multi-player games are). If they followed the principle of not sending data to a client that the user is not allowed to see, and not trusting the client (for example, by doing server-side validation, even after the fact, for things which are not allowed according to the rules of the game), they could make it so it is impossible to cheat by modifying the client, even if the client was F/L/OSS.

If they really can’t do that (because their game design relies on low latency revelation of information, and their content distribution strategy doesn’t cut it), they can also use statistical server-side cheat detection. For example, suppose that a player shoots within less than the realistic human reaction time of turning the corner when an enemy is present X out of Y times, but only A out of B times when no enemy is present. It is possible to calculate a p-value for X/Y - A/B (i.e. the probability of such an extreme difference given the player is not cheating). After correcting for multiple comparisons (due to multiple tests over time), it is possible to block cheaters without an unacceptable chance of false positives.

While someone’s political beliefs are highly multi-dimensional, there are two axes that are commonly used to define where someone sits:

• Economy - Left is favouring social responsibility for people receiving economic support (supporting people to meet their basic needs is everyone’s collective responsibility), while right is favouring individual responsibility (meeting your basic needs is your responsibility, and if you die because you can’t, even if it is due to something outside of your control, tough luck).
• Social liberties - Social Libertarian is favouring individual decisions on anything not related to the economy / rights of others, while Social Authoritarianism supports government restrictions on social liberties.

Since there are independent axes, there are four quadrants:

• Socially liberal, Economic left - e.g. Left Communism, Social Democrat, most Green parties, etc…
• Socially authoritarian, Economic left - e.g. Stalin, Mao. Tankie is a slang term for people in this quadrant.
• Socially liberal, Economic right - Sometimes called libertarian. Some people with this belief set call themselves Liberal in some countries.
• Socially authoritarian, Economic right - e.g. Trump. Sometimes called conservatives.

That said, some people use tankie as cover for supporting socially authoritarian, economic right but formerly economic left countries(e.g. people who support Putin, who is not economically left in any sense).

And apparently enforcement of foreign judgements in the US is state-by-state, and the US state doesn’t need personal jurisdiction over the person. So any US state court can decide to recognise a foreign jurisdiction, under local state laws, and all other states will recognise it. So if OFCOM can find one state that will recognise the judgement, then they are in trouble.

I am not sure why anyone would use an AI code editor if they aren’t planning on vibe coding.

Vibe coding means only looking at the results of running a program generated by an agentic LLM tool, not the program itself - and it often doesn’t work well even with current state-of-the-art models (because once the program no longer fits in the context size of the LLM, the tools often struggle).

But the more common way to use these tools is to solve smaller tasks than building the whole program, and having a human in the loop to review that the code makes sense (and fix any problems with the AI generated code).

I’d say it is probably far more likely they are using it in that more common way.

That said, I certainly agree with you that some of Proton’s practices are not privacy friendly. For example, I know that for their mail product, if you sign up with them, they scan all emails to see if they look like email verification emails, and block your account unless you link it to another non throw-away email. The CEO and company social media accounts also heaped praise on Trump (although they tried to walk that back and say it was a ‘misunderstanding’ later).

IANAL, but it is an interesting question to consider whether it would be illegal in Australia (if anything, as a test to see if the right laws are on the books to block this kind of thing). The laws are likely different in the US, and it might vary from state to state.

The Fair Work Act 2009 (Commonwealth), s325 provides that:

An employer must not directly or indirectly require an employee to spend, or pay to the employer or another person, an amount of the employee’s money or the whole or any part of an amount payable to the employee in relation to the performance of work, if:

(a) the requirement is unreasonable in the circumstances; and

(b) for a payment—the payment is directly or indirectly for the benefit of the employer or a party related to the employer.

I think you could imagine the employer arguing a few lines:

• The employee is not required to spend, it is only a factor in promotions and not retaining the same role. OP said you can “get in trouble for not using this” - countering this defence perhaps depends on proving what kind of trouble to show it is a requirement. In addition, under s340, employers are not allowed to take an adverse action against an employee for exercising or proposing to exercise a workplace right, and adverse action includes discriminating between and employee and other employees of the employer.
• That the employee is not required to pay any particular person, they can choose what to buy as long as the select from a prescribed list. However, I think that could be countered by saying this is an indirect requirement to spend, and the “or another person” attaches to the “pay” part, so I don’t think that argument would fly.
• The the requirement is reasonable - however, that could be countered by arguing the privacy angle, and the fact that this is for personal shopping, far outside the reasonable scope of an employment relationship.
• That the payment isn’t for the benefit of the employer. I think that could be countered firstly by arguing this is a requirement to spend not pay, and event if it was to pay, it is indirectly for the employer’s benefit since it allows them to attract and retain clients. The way they are pushing it could further prove this.

So I think it would probably be contrary to s325 of the Fair Work Act in Australia.

Another angle could be the right to disconnect under s333M of the Fair Work Act:

An employee may refuse to monitor, read or respond to contact, or attempted contact, from an employer outside of the employee’s working hours unless the refusal is unreasonable.

If someone has a work and a personal phone, and has the app on the work phone, but refuses to use take the work phone or install an app on their personal phone so they can respond to tracking requests from the employer, then maybe this also fits.

I also wonder if in Australia this could also be a form of cartel conduct - it is an arrangement of where purchases (other than those the company should legitimately control) are directed centrally under an arrangement by an organisation.

Under s45AD of the Competition and Consumer Act 2010,

(1) For the purposes of this Act, a provision of a contract, arrangement or understanding is a cartel provision if: (a) either of the following conditions is satisfied in relation to the provision: (i) the purpose/effect condition set out in subsection (2); (ii) the purpose condition set out in subsection (3); and (b) the competition condition set out in subsection (4) is satisfied in relation to the provision.

So the purpose condition has several alternatives separated by ‘or’, one of which is:

(3) The purpose condition is satisfied if the provision has the purpose of directly or indirectly: … (b) allocating between any or all of the parties to the contract, arrangement or understanding: (ii) the persons or classes of persons who have supplied, or who are likely to supply, goods or services to any or all of the parties to the contract, arrangement or understanding; or

It sounds like there is a solid argument the purpose condition is met - they are allocating where people who are part of the arrangement (employees) shop.

They’d also need to meet the competition condition for it to be cartel conduct. For this to be met, the arrangement might need to include the clients of the company:

(4) The competition condition is satisfied if at least 2 of the parties to the contract, arrangement or understanding: (a) are or are likely to be; or (b) but for any contract, arrangement or understanding, would be or would be likely to be; in competition with each other in relation to: … © if paragraph (2)© or (3)(b) applies in relation to a supply, or likely supply, of goods or services—the supply of those goods or services in trade or commerce; or

So it could be argued that this is a cartel arrangement between the company, its clients, and its employees, and so attract penalties for cartel conduct.

It is possible for all of the following to be simultaneously true:

• The Israeli War Cabinet are war criminals and terrible people for slaughtering civilians in Palestine and Lebanon.
• The Houthis are war criminals and terrible people for targeting civilians in Israel.
• The US Trump Administration are war criminals and terrible people for killing civilians in Houthi-controlled areas.
• Hamas are war criminals and terrible people for targeting civilians.

While all of the above crimes are of roughly the same type (albeit for different reasons), they do differ in extent - the Israeli War Cabinet is responsible for the most suffering by a wide margin.

I think it is a morally consistent position to condemn all of the war crimes above, although perhaps to prioritise efforts condemning the bigger ones.

To save on costs, QAs could be paid in exposure.

As an experiment / as a bit of a gag, I tried using Claude 3.7 Sonnet with Cline to write some simple cryptography code in Rust - use ECDHE to establish an ephemeral symmetric key, and then use AES256-GCM (with a counter in the nonce) to encrypt packets from client->server and server->client, using off-the-shelf RustCrypto libraries.

It got the interface right, but it got some details really wrong:

• It stored way more information than it needed in the structure tracking state, some of it very sensitive.
• It repeatedly converted back and forth between byte arrays and the proper types unnecessarily - reducing type safety and making things slower.
• Instead of using type safe enums it defined integer constants for no good reason.
• It logged information about failures as variable length strings, creating a possible timing side channel attack.
• Despite having a 96 bit nonce to work with (-1 bit to identify client->server and server->client), it used a 32 bit integer to represent the sequence number.
• And it “helpfully” used wrapping_add to increment the 32 sequence number! For those who don’t know much Rust and/or much cryptography: the golden rule of using ciphers like GCM is that you must never ever re-use the same nonce for the same key (otherwise you leak the XOR of the two messages). wrapping_add explicitly means when you get up to the maximum number (and remember, it’s only 32 bits, so there’s only about 4.3 billion numbers) it silently wraps back to 0. The secure implementation would be to explicitly fail if you go past the maximum size for the integer before attempting to encrypt / decrypt - and the smart choice would be to use at least 64 bits.
• It also rolled its own bespoke hash-based key extension function instead of using HKDF (which was available right there in the library, and callable with far less code than it generated).

To be fair, I didn’t really expect it to work well. Some kind of security auditor agent that does a pass over all the output might be able to find some of the issues, and pass it back to another agent to correct - which could make vibe coding more secure (to be proven).

But right now, I’d not put “vibe coded” output into production without someone going over it manually with a fine-toothed comb looking for security and stability issues.

The awkwardness here actually works in favour of abolishing tips and replacing them with the pay being factored into higher prices.

No one wants to be the sucker - human nature is that people are generous if they think everyone else is generous, but if they feel that others are not ‘pulling their weight’ on generosity and are instead taking advantage, that’s the fastest way to dry up other people’s generosity. Right-wing media use this fact to undermine support for social welfare - e.g. if 0.001% of welfare payments are fraudulently taken, they set editorial policy that makes it seem like beneficiaries are rorting the system instead of being truly needy.

But when it comes to tipping, the dynamic actually works the other way - people feel generous by tipping, even though it is harmful long term. If a few people ahead of someone in the line don’t tip, should they be the sucker who does tip? And for the employee, you want them to be the advocate on the inside for forcing people to pay their share instead of taking advantage - by having the displayed price be the total upfront price that includes the compensation for employees, instead of an optional tip.

There is a minimum amount of total money the employee could make before they’d go and work somewhere else instead. So if, hypothetically, everyone in a country where tipping is common even for non-exceptional service just stopped paying tips, hospitality employers would be forced to pay more to stay competitive with other non-customer-facing industries.

Of course, a drastic shock to the economy like that would probably cause a lot of upheaval, as some employers struggle to accept the new norm.

However, the same thing would work even if the change was slower - e.g. if 5% of people didn’t tip, and did it very obviously and vocally, and then the practice spread as it reached 10% and so on.

Obviously it sucks for the employees who get hit by the first few non-tippers, but over the long term it would be for the better for worker rights. So I could absolutely see it working.

That said, I say this from a country where tipping is not the norm (except maybe the occasional ‘keep the change’ for exceptional service), and the law and expectation is that the most prominent displayed price is the total price you pay - and people react very negatively towards businesses seen as trying to bring in American style tipping culture.

I believe nothing in the podman rm family worked because the container was already gone - it was just the IP allocation that was left.

Google released the stable version of Chrome, and funneled significant resources into marketing it. This was the first stage of their strategy - they focused on firstly making a good product, and the squeeze on users only came later (and is probably only just starting in the scheme of things).

But don’t you see the benefit - the data on your flushes helps our Trusted_† FlushMe Partners ® provide more relevant service to you, and also helps us partially offset the cost of our running our flush servers, allowing us to provide service to you for only $29.99 monthly_††!

†: All FlushMe partners have undergone creditworthiness checks. ††: Limited time one month introductory offer. FlushMe may, but is not required to, provide you with a personalised monthly price for renewal of the service.

Why not donate to a local charity that might not receive as much, rather than a US based one?

By population, and not land area, certain more remote geographic places are well known but have quite a low population. ‘Everyone’ is a high bar, but most adults in Australia would know the following places (ordered from smaller population but slightly less known to higher population):

• Wittenoom, WA - population 0 - well known in Australia for being heavily contaminated with dangerous blue asbestos (which used to be mined there until the 60s), and having been de-gazetted and removed from maps to discourage tourism to it.
• Coober Pedy, SA - population 1437 - well known in Australia for its underground homes and opal production.
• Alice Springs, NT - population 25,912 - well known for being near the centre of Australia in the rangelands (outback) - most larger population centres in Australia are coastal.