Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)JA
Posts
0
Comments
573
Joined
2 yr. ago

  • Id feel weirdly awkward and embarassed seeing my computers innards posted in a YouTube video, and I don’t know why. Like if my middle school yearbook photo showed up on Facebook.

    That actually happened to me recently. My grade school best friend posted a pic from a field trip like 30 years ago and I’m naming off every person in it like I just saw them yesterday…then I see one person in it and I’m like “who the fuck is that hideous looking child? Is that me??? Shit that’s me”

  • Pfft like hell it is. Friend of mine, her body has gone completely through the wringer, between bad genes and motor accidents. She can barely stand for long periods of time and she’s only like 39, can’t lift considerable weight, and can barely lift more than a few pounds above her shoulders.

    Add to that, PTSD from being the one who discovered her dads suicide, anxiety over dooming genetic diseases her dad would’ve gotten and she’s watching her mom fight, and the anxiety over not being able to afford healthcare because she can’t perform full time work, her husband makes enough to disqualify them from Medicaid but his employer doesn’t offer insurance to spouses, and they are 8 months behind on their mortgage.

    She’s been trying to get on disability for 18 months. Thats when she stopped working because the pain was too much.

    Crazy thing is, she’d be eligible for a ton of programs…if she also were pregnant. But they don’t want kids. And for good reason (no money, pain, they’re now in their late 30s which is a bit late for starting a family, aforementioned genetic disorders, etc)

  • People are already teetering on the edge. Mental health treatment and awareness in this country is replaced by toxic masculinity and the idea that taking care of your head is for cucks.

    Was he radicalized for it, or is it what finally set him over? These are two very different things, even if they may immediately appear “the same”.

  • Kinda tough when the controlling party of half of Congress sticks their fingers in their ears whenever a Democrat talks.

    Would you prefer he used his EE magic wand to complete his agenda? You could say a lot of things about him but being able to work across the aisle is a one of his strong suits no matter who you ask, and tbh it’s kind of impressive he’s accomplished as much as he has given the climate in DC.

  • I would change the last point to being aware of the mental health of yourself and those close to you.

    Talking about mental health in general is so damn stigmatized but I think if more people were aware of how to identify your everyday mental health concerns (anxiety, depression, eating disorders, mania, OCD, etc) and spoke more openly about our issues and our treatments, we’d be able to build better social support networks.

    In fact, you could probably fold a few of your points into that.

  • Went out to a pizza place the other night. Thought it was a brewery (one of my favorite local brews, actually), and had been there before and enjoyed flights from them…only to find out the place was a joint between the brewmaster and the restaurateur. Brewmaster took his share, his recipes, and dipped a couple days prior.

    Anyways while the food was pretty good, I mostly went for the beer and that’s a big part of why I won’t go back (they only had a couple cans from the brewery left and nothing on tap, only some other regional breweries).

    But the other part is that my wife put a tip down on the slip for our party of four (us and two kids) and asked me to doublecheck her math. I thought it seemed high and it turned out they already put a tip on the bill. For a party of four. Never saw that before.

  • I essentially just said the same thing in another reply before I read this one.

    I don’t think growing more trees for sequestering is, alone, going to work, due to the sheer scale. Growing trees itself is great. We should totally do that. But for the purpose of sequestering carbon long-term, it’s not that great.

    Best we could hope for is a method to discover some new building material that we could manufacture directly from captured atmospheric carbon. Then there is a downstream market for it and the carbon gets “sequestered” as part of our economy of durable goods. Like an alternative to wood, or copper, PVC/PEX, or cement, or steel studs, or rubber, or concrete, or plastic, or hell even girders.

    That also would buy us a decade or two, at least, to figure out how to effectively recycle said materials, and be free of a lot of industrial sources of ancient carbon.

  • Then there still is still a need to expend tons of energy disposing it in a way to not have it re-release in a few hundred thousand years.

    The scale is insane to comprehend. We would essentially have to manufacture the equivalent of every pound of coal that’s ever been burned to get to pre-industrial levels, while also consuming as little fossil fuels as possible. I do not think it is possible to do so with trees alone unless we have a lot of cheap green power. Because ultimately some entity, be it government or corporation or philanthropist, will have to pay for it.

    And then there is the issue of land rights for where you’re gonna dump all of the captured carbon. That’s a problem either way. I hope we start discovering some new post-space-age reclaimed-carbon-based building materials. That’s probably the best we could hope for. Then there is a huge downstream market for captured carbon which means way less ancient carbon being pulled up into the cycle, and hopefully we can get start regrowing back some old-growth forests and continue to sustainably harvest old wood.

    I’m not poo-pooing this technology. It’s super important for us to invest and scale up carbon capture methods. But it can’t be expected to be immediately economically viable. It’s still very immature. Thats not a bad thing. That just means it needs time (and funding) to mature.

  • I actually thought of that but no, not quite. I mean the point is everyone has to have a validated identity and post under their real name with their real, unedited, government ID-styled photo next to it.

    No validation, no ID…no account. No exceptions.

  • Is it honestly that surprising? Just because they are sexually attracted to kids does not mean they cannot love kids on an emotional level. I don’t think it’s impossible that there would be pedophiles who both love children and recognize that sexual and intimate contact is reprehensible.

    Put differently, I would much rather hear “child psychiatrist caught with computer-generated CSAM modeled after his patients” than “child psychiatrist caught with nude photos of his patients” or “child psychiatrist charged with sexual assault of a minor”. Comparatively speaking, the first is really just computer-assisted thoughtcrime, while the others mean there was actual direct harm to a child.

    Although in this particular instance, child psychiatrist is a bit too close to the child, in my opinion.

  • Ngl I would love to have at least one social media experience where everyone has to use their real, validated identity.

    Probably not financially viable, because ironically, privacy would be chiefly important. It’d have to be a paid service, not use ads or sell data at all, posts and profile visible to nobody by default, connections made by direct in-person/text/email invitation or by mutual introduction…very different from most modern social media. It’d also have to have pretty insane security, and mandatory MFA for every user at least on every session, if not on every page transaction.

    Could be technologically viable if we had digital government ID’s like drivers licenses printed on smartcards. But we can’t even get the states to agree on implementing common requirements for official state IDs.

    I’d really love to see how it’d play out, in the real world, if it could reach enough of a mass of users to be financially self-sustaining, and what the environment would be like at that point. For the sake of science.

  • No. Carbon neutral isn’t enough. We are going to have to go carbon negative.

    We can’t just take hundreds of millions of years worth of sequestered carbon and dump it into the atmosphere and leave it there to re-sequester itself. That’s going to take a long time to reverse enough to even buck the current trend of global warming, if we were able to just go carbon neutral today.

    Trees also don’t really sequester carbon for long. They die, and the carbon gets eaten by organisms and the cycle continues. Or it burns and most of the carbon is released instantly and only ash remain.

    Coal only got there specifically because there was nothing evolved to eat lignin for a long time and dead trees piled up so high that dead trees on top ended up compressing their ancestors into it.

    Crude only got there because plants and algae in shallow water died, mixed into sediment, rinse, repeat times a few million years, get compressed by the weight of all the layers above, and turn to crude.

    The sequestration of ancient carbon wasn’t just by virtue of being plants, but what happened after those plants died.

  • Honestly I recently switched to vyvanse and I don’t actually smoke to get high (at least not until the kids are in bed). I just microdose a bit throughout the day and it balances out the vyvanse. Like, the stimulants alone are just a little bit too much for me. The combo, though, I can dial in just right.

    But weed alone always made me fixate on arithmetics. And then stims turn that up to 11.

  • You are missing half the purpose of PKI. Identity is equally, if not more, as important as encryption.

    Who gives a shit if your password is encrypted if somebody intercepts DNS and sends yourbank.com and makes it go to their own server that’s hosting a carbon-copy of the homepage to collect passwords?

    And DNS isn’t the only attack vector for this. It can be done at the IP level by attacks that spoof BGP. It can be done by sticking a single-board computer in a trashcan at a subway stop. Have it broadcast a ton of well-known SSIDs and a ton of phones in the area will auto connect to it and can intercept traffic. Hell, if not for trusted CAs, it’d be very easy to just MITM all the HTTPS traffic anyway.

    In reality, you would tofu the first website you went to and not know if it got intercepted or if they just rotated keys (which is also a common security practice and is handled by renewing certificates and part of the reason why publicly-issued CAs are trending down the life of certificates and it’s not a big deal for admins because of easy automation technology. HSTS and cert pinning is more of a PITA but really barely any effort when you consider the benefits of those).

    Now, what certificates don’t protect, nor claim to protect, is typosquatting. If you instead go to yorbank.com, that’s on you, and protecting you from a malicious site that happened to buy it is the job for host-based security, web filters, and NGFWs.

  • But you only really need one to say it’s authentic. There are levels of validation that require different levels of effort. Domain Validation (DV) is the most simple and requires that you prove you own the domain, which means making a special domain record for them to validate (usually a long string that they provide over their HTTPS site), or by sending an email to the registered domain owner from their WHOIS record. Organization Validation (OV) and extended verification (EV) are the higher tiers, and usually require proof of business ownership and an in-person interview, respectively.

    Now, if you want to know if the site was compromised or malicious, that’s a different problem entirely. Certificates do not and cannot serve that function, and it’s wrong to place that role on CAs. That is a security and threat mitigation problem and is better solved by client-based applications, web filtering services, and next-gen firewalls, that use their own reputation databases for that.

    A CA is not expected to prevent me from hosting rootkits. Doesn’t matter if my domain is rootkits-are.us or totallylegitandsafe.net. It’s their job to make sure I own those domains. Nothing more. For a DV cert at least.

    Public key cryptography, and certificates in particular, are an amazing system. They don’t need to be scrapped because there’s a ton of misunderstanding as to its role and responsibilities.

  • Yeah, except you aren’t supposed to TOFU.

    Literally everybody does SSH wrong. The point of host keys is to exchange them out-of-band so you know you have the right host on the first connection.

    And guess what certificates are.

    Also keep in mind that although MS and Apple both publish trusted root lists, Mozilla is also one of, if not the, biggest player. They maintain the list of what ultimately gets distributed as ca-certificates in pretty much every Linux distro. It’s also the source of the Python certifi trusted root bundle, that required by requests, and probably makes its way into every API script/bot/tool using Python (which is probably most of them).

    And there’s literally nothing stopping you from curating your own bundle or asking people to install your cert. And that takes care of the issue of TOFU. The idea being that somebody that accepts your certificate trusts you to verify that any entity using a certificate you attach your name to was properly vetted by you or your agents.

    You are also welcome to submit your CA to Mozilla for consideration on including it on their master list. They are very transparent about the process.

    Hell, there’s also nothing stopping you from rolling a CA and using certificates for host and client verification on SSH. Thats actually preferable at-scale.

    A lot of major companies also use their own internal CA and bundle their own trusted root into their app or hardware (Sony does this with PlayStation, Amazon does this a lot of AWS Apps like workspaces, etc)

    In fact, what you are essentially suggesting is functionally the exact same thibg as self-signed certificates. And there’s absolutely (technically) nothing wrong with them. They are perfectly fine, and probably preferable for certain applications (like machine-to-machine communication or a closed environment) because they expire much longer than the 1yr max you can get from most public CAs. But you still aren’t supposed to TOFU them. That smacks right in the face of a zero-trust philosophy.

    The whole point of certificates is to make up for the issue of TOFU by you instead agreeing that you trust whoever maintains your root store, which is ultimately going to be either your OS or App developer. If you trust them to maintain your OS or essential app, then you should also trust them to maintain a list of companies they trust to properly vet their clientele.

    And that whole process is probably the number one most perfect example of properly working, applied, capitalism. The top-level CAs are literally selling honesty. Fucking that up has huge business ramifications.

    Not to mention, if you don’t trust Bob’s House of Certificate's, there’s no reason you can’t entrust it from your system. And if you trust Jimbo’s Certificate Authority, you are welcome to tell your system to accept certificates they issue.