I have really long hair and another benefit of doing them separately is, it’s easiest to brush it right after applying conditioner, and harder when it has shampoo in it. So there’s that on top of really needing the conditioner to work well.

I would like to see some ROBOT9000 esque oddball meme communities overtly based on heavy algorithmic moderation, can be LLM but wouldn’t have to be. Weird rules strictly enforced by robots, could be fun.

Occasionally people have meltdowns and accuse/threaten other users for daring to vote a certain way, presuming specific motives for doing so

oh damn, I figured it was some kind of rubbery material but its metal

I think it’s some kind of synthetic material rather than sausages, there’s a serial number or something stamped onto one on the bottom left, they don’t look like they have any kind of skin and no oil/moisture/rot

You’ll probably be fine if you post circumvention info then

Why are they explicitly going out of their way to block GrapheneOS despite not many people using it?

Hopefully the person doing that is beyond the reach of US law and/or has very good opsec

I saw no messages for a long time, then saw a couple when I moved the radio to the other side of the room, and a lot more when I brought it with me to a more populated area.

“We must find a way to require platforms to verify the identity of accounts,” he said, adding: “There are many technical ways to achieve this.”

No need to get hung up on a minor implementation detail

Wow, that was a great talk. I liked the bit about the importance of joy to making effective software/platforms.

Yeah, I did ultimately realize this, maybe I should have written a bit more in my edit earlier but it’s a bit embarrassing tbh, I had come to some wrong conclusions. I think what I’m going to do is simply stop using Cloudflare for anything that does not have an extra layer of encryption on top of https, or that isn’t just a static, public webpage with no interactivity.

I checked just to be sure (and debugged some problems while I was at it like the certificate having been expired), the certificate is from Let’s Encrypt via certbot.

Here is how to configure Cloudflare for this (I am using the free version):

In the settings under SSL/TLS Overview, in “Configure encryption mode”, select “Custom SSL/TLS” instead of “Automatic SSL/TLS (default)”, and under that select Full:

Full Enable encryption end-to-end. Use this mode when your origin server supports SSL certification but does not use a valid, publicly trusted certificate.

Edit: looking into it more, might have been mistaken about how this works

How can they act as a proxy if they can’t terminate the connection?

Why wouldn’t they be able to? The DNS record points to Cloudflare’s IP, they forward the traffic to your server’s IP. This is a common choice for self hosting setups because it’s a free service and it is a way to avoid pointing a DNS record at your home IP, which you may not want everyone to know. That doesn’t require decrypting the traffic.

How this squares with the ddos protection and caching stuff, I’m not sure, but I know I set up SSL locally, did not give Cloudflare the keys, turned off all the options for them to handle it, and everything seems to work.

I’ll be more specific: if you set up a website on your own server, and use Cloudflare as a reverse proxy. If you do SSL yourself, on your own server, then the traffic is encrypted between the client and your server, and therefore Cloudflare cannot read it, they do not have the encryption keys, even though the traffic is passing through them. If you use Cloudflare’s https solution, Cloudflare provides the keys and decrypts the traffic before passing it on.

The former is the more secure way to do it, but they encourage you to do it the way where they get to read all the traffic, which is pretty shady of them, because if a website has https people assume that means it is end to end encrypted to the website itself, but that assumption is being violated here and a user has no way to know.

If you set up a website with cloudflare, their user interface has a lot of tracking stuff on by default to be injected into it. It also encourages you to use their https service where the traffic is not actually encrypted from the user to your server, but man-in-the-middle’d by cloudflare. But the interface makes it super easy to do and refers to it like a good and normal default option.

So yeah I think they really want your data.

I’d guess that the content and the people would be a bigger factor for someone who isn’t very into technology than understanding the underlying concept and architecture.

I am also worried about that.

There’s a limit to what you can do when the house and senate refuse to impeach a president who is obviously breaking the law constantly, and when the justice department sees itself as the president’s lawyer.

We can acknowledge that additional power granted to the executive branch of the US government cannot be said to be safe, and that limitations on its power must be more blunt in order to be reliable. Use of money that lacks buttons for them to cut people off is potentially one such blunt limitation. I also find the way people have been protesting pretty inspiring, I think it helps.

I don’t think it uses npm though, that’s got to count for something

Yes, and the failure of possible legal protections really illustrates the vulnerability I’m talking about here. This stuff took effect by default, had to be countered by a lawsuit, which hasn’t worked so far. It should be really clear why further moves away from cash and any semblance of financial privacy and autonomy are dangerous invitations to more abuse.