MentalEdge

That’s handled by nginx, which strips out the menu items when serving to external IP. Basically serving an html file that doesn’t contain them to begin with.

Yes I did.

I just wrote my own.

It’s a single html file with links to all my services, served at the root of my nginx server.

This is like v12, I’ve edited it over the years as what I host has changed. Adding the embedded searxng bar, as well as links to uptime kuma and openspeedtest.

I’d be happy to let you copy it, provided you know how to edit it for your needs.

Thank fuck.

For now.

I’d like you to realize that “the USA who is the least likely country to implement these laws” is literally the opposite of current reality.

They are making some of the greatest efforts to make legally mandated user and age tracking a thing, as well as legally mandated user identity based content-gating.

…

So this is not a concern to you?

The fact that there are people in leadership positions that want this, and have reasons why they want this, is below note. And not worth opposing?

This will lead to infrastructure, that should not exist, existing.

That it can be avoided is not a solution. It should not be built in the first place.

Is your argument really “this won’t affect linux, so it doesn’t matter” ? At the very least, FOSS development by anyone in California will be a problem, as the law quite literally names “persons” as potentially liable.

The reality remains, the US is the most thirsty for this kind of thing. Not the least.

And they are already working on an even more overreaching version that will close loopholes in the current legalese.

Windows, and any other OS will be illegal in California unless it implements this.

Apple, for one, is headquartered in California.

So, the OS wont work until the user verifies their age somehow.

Moreover, even if an OS somehow could know the users age - that doesn’t automatically mean all other software that exists automatically reads it and responds to it as necessary. Does the law compel anyone making software to recognise this?

Did you not read my comment? Anyone writing software for an OS that implements this, can be sued (in California) if their application ignores the API signals from the OS and allows access to age-restricted content.

Or is your argument really “this won’t affect linux, so it doesn’t matter” ? At the very least, FOSS development by anyone in California will be a problem, as the law quite literally names “persons” as potentially liable.

The reality remains, the US is the most thirsty for this kind of thing. Not the least.

You may want to look into what the legal requirements actually are, and how it changes who is liable. It is outright draconian.

Essentially, it requires the OS to find out the age of the user, and then inform ALL software that is run by API. Any software that theoretically could use the data, and still allows a child to see something they should not have, will be liable.

You claimed that the US was the least likely to do this sort of thing…

Instead, despite the incompetence, they are clearly spearheading this globally along with the UK. Making it most decidedly the first place that will have to deal with this crap.

Not the last.

Not even two weeks later, California is making OS level age verification a thing.

Nice ragebait.

If you genuinely still think that was my point in its entirety, you are truly obtuse.

No.

I’m saying 99.999999999999999999999999999999999999999999999999999999% ≠ 100%

For some people that’s close enough. For some of us it’s not.

Prove otherwise. I dare you. I’m done putting in effort explaining the obvius to you. Your turn.

…

4

Explain to me how they couldn’t. Without simply stating “it’s encrypted”.

On the B2 plan you can use open source solutions like Kopia, and literally look at the code, to KNOW that data is encrypted on your system with keys only you have, before Backblaze ever sees it.

Explain to me, how the personal plan using their closed source application achieves the same.

Linking to a page where they say “it’s secure” is not sufficient. Elaborate. In detail. To at least an equal extent I already have.

…

Sure they can. How else do they enable providing access to the content without the user password?

The data is secured against unauthorized access, but unlike zero-knowledge setups where the chain of custody is fully within user control, the user is not the only one authorized. And even if you are supposed to be, you cannot ensure that you actually are.

OF-FUCKING-COURSE the physical drives, and network traffic are encrypted. That’s how you prevent unauthorized physical access or sniffing of data in-flight. That’s nothing special.

But encryption is not some kind of magic thing that just automatically means anyone who shouldn’t have access to the data, doesn’t.

For that to actually be the case, you need solid opsec and known chain of custody. Ways of doing things that means the data stays encrypted end-to-end.

The personal backup plan doesn’t have that.

With what?

That self hosting admins on lemmy probably care about their backups not being accessible to third parties?

I don’t think you can claim that they wouldn’t.

You can claim that YOU don’t mind. But that’s a sample size of one. And I’m not denying there are people who don’t care.

I just don’t think they’re the type to be self-hosting in the first place.

And that still doesn’t answer why the fuck you set out on this series of “well achuallys”?

It seems to me, you’re still looking for something to correct me on.

Yeah. It’s almost like I literally said that in my second comment.

Which some people are ok with, but not what most of us would want.

What gap in my knowledge are you trying to fill here?

I didn’t even mention encryption in my second comment. Just that their backup plan isn’t zero-knowledge.

No shit. But encryption isn’t the same as zero-knowledge. Where by the time they handle the data in any way whatsoever, it’s already encrypted, by you.

Do you not know what zero-knowledge means? Or are you so focused on my mentioning they’ll ship data to you physically that what I actually said went over your head?

From the page you just linked:

2. Implement encryption transparently so users don’t have to deal with it

3. Allow users to change their password without re-encrypting their data

4. In business environments, allow IT access to data without the user’s password

It’s not zero-knowledge!

Also doesn’t mean it is. Or in a way where only you can decrypt it.

The chain of custody is unclear either way. You’re not in control.

You can do that with B2. Just use an application to upload that encrypts as it uploads.

The only way to achieve the same on the backup plan (because you have to use their desktop app) is to always have your entire system encrypted and never decrypt anything while the desktop app is performing a backup.

Did you not read what I said? You use their app, which copies files from your system as-is. Ensuring it never grabs a cleartext file is not practical.

Yes. That’s not mutually exclusive with Backblaze having access to your backups.