Readit News logoReadit News
Timshel commented on Vaultwarden commit introduces SSO using OpenID Connect   github.com/dani-garcia/va... · Posted by u/speckx
DoctorOW · 10 days ago
Most of the comments seem to confirm (all but one at time of writing) that this feature is more intended for corporate/business environments. Does anyone know if Vaultwarden has commercial users? By no means am I arguing against the inclusion of this feature, I'm just curious. Everywhere I've worked that was big enough to use SSO was also wary of selfhosting FOSS tools. I should clarify I don't consider myself working in tech, fwiw.
Timshel · 9 days ago
Started working (based on previous work already done) then maintaining the PR for my personal self-hosted stack.

Had then some fun adding roles/groups support (not yet merged).

Timshel commented on F-Droid build servers can't build modern Android apps due to outdated CPUs    · Posted by u/nativeforks
wongarsu · 12 days ago
At our supplier $2k would pay for a 1U server with a 16 core 3GHz Epyc 7313P with 32GB RAM, a tiny SSD and non-redundant power.

$3k pays for a 1U server with a 32 core 2.6GHz Epyc 7513 with 128GB RAM and 960GB of non-redundant SSD storage (probably fine for build servers).

All using server CPUs, since that was easier to find. If you want more cores or more than 3GHz things get considerably more expensive.

Timshel · 12 days ago
Yes but thoose are Zen 3 Milan cpu released in 2021 I believe.

Not that they are bad and would not be way better than what they have, just that I though the parent was quite the optimist with his Zen4/Zen5 pricing.

Timshel commented on F-Droid build servers can't build modern Android apps due to outdated CPUs    · Posted by u/nativeforks
csdreamer7 · 12 days ago
This means their servers are very old ones that do not support x86-64-v2. Intel Core 2 Duo days?

https://developers.redhat.com/blog/2021/01/05/building-red-h...

Think of how much faster their servers would be with one of those Epyc consumer cpus.

I was about to ask people to donate, but they have $80k in their coffers. I realize their budget is only $17,000 a year, but I am curious why they haven't spent $2-3k on one of those Zen4 or Zen5 matx consumer Epyc servers as they are around under $2k under budget. If they have a fleet of these old servers I imagine a Zen5 one can replace at least a few of them and consume far less power and space.

https://opencollective.com/f-droid#category-BUDGET

Not sure if this includes their Librapay donations either:

https://liberapay.com/F-Droid-Data/donate

Timshel · 12 days ago
$2-3k ? That’s barely the price of a lower end Threadripper bare cpu not a full Epyc server ???
Timshel commented on Perplexity offers to buy Google Chrome for $34.5B   theverge.com/news/758218/... · Posted by u/ndr
hackrmn · 12 days ago
I'd argue that depends on what you mean by "innovation" -- Google has been pretty busy, meaning specifically developers on their payroll, churning out more or less useful Web API implementations, certainly at a far more frantic pace than people traditionally _blamed_ browsers of yester-decade for. Nevermind that some of these APIs are more haphazardly designed than others, truth be told most of them are okay and are aptly designed so it's not a critical issue (for Web developers or Chrome's market share). Google co-authors most Web standards and implement them often _before_ the "standard" is published (for better and for worse; anti-trust allegations, I am looking at you). But they're not idle, one thing's for sure. Markedly different than how I remember Microsoft resting for months if not years on their IE laurels, like a CO2 blanket in a room that evacuated all the air.

So yeah, how would you describe this lack of innovation you're referring to?

There can always be more innovation that isn't of the sort I described above, but Web _is_ made of Web APIs -- if a website cannot "do" it, you as a user of the site, won't be able to experience it, is my crude opinion. But I'd love to hear examples to the contrary, illustrating innovation that isn't Web APIs.

Removing tab-based browsing (an anti-pattern if you ask me)? Optimizations (speed, size, etc)?

Timshel · 12 days ago
I mean in term of user facing change. Vertical tabs is still presented as an innovation ...

Tabs groups are barely explored, and let's not dream too much of isolation Firefox containers are probably over ten years old and still almost unused :(.

More recently Arc and Zen are trying to innovate (I’m not using either), but they probably have almost no chance as long Chrome stay as dominant and financed by ad tracking.

Using Firefox on linux I’m facing more and more capchas and broken or innacessible websites. Ladybird is making great progress but unless they start posing as chrome they’ll face the same challenges :(.

Edit: > churning out more or less useful Web API implementations

Probably part of the problem since it makes maintaining a browser engine absurdly expensive and out of reach for almost everyone ...

Timshel commented on Perplexity offers to buy Google Chrome for $34.5B   theverge.com/news/758218/... · Posted by u/ndr
biosboiii · 12 days ago
I dislike tech monopolies but Chrome leaving Google would be most terrible thing ever, security wise.

Google has become the benevolent dictator of the web, if you like it or not. We get secure browsers, performance improvements, stable implementations at the cost of one bad feature being shipped a year (like Manifest V3).

Mozilla/FOSS community has fucked up Firefox, big time, which is not even their fault as they cannot hire thousands of six-figure developers.

Timshel · 12 days ago
> the benevolent dictator of the web

Lol it's more like a death grip since nobody can compete with their ad business model. There is almost no innovation in the browser space outside of more and more tracking ...

Timshel commented on The Nvidia AI GPU black market: smuggling, arrests, & high-tech crime   store.gamersnexus.net/bla... · Posted by u/Timshel
Timshel · 16 days ago
The announcement video for the documentary (out next week): https://www.youtube.com/watch?v=ltgyS8oJC8g
Posted by u/Timshel 16 days ago
The Nvidia AI GPU black market: smuggling, arrests, & high-tech crimestore.gamersnexus.net/bla...
Timshel commented on AWS Restored My Account: The Human Who Made the Difference   seuros.com/blog/aws-resto... · Posted by u/mhuot
colmmacc · 18 days ago
Without prejudging the COE; it won't surprise anyone to learn that there are bad actors out there who try "every trick in the book" to have accounts that they don't pay for, and lying to customer support is absolutely one of those tricks, as is trying to be creative with changing payment instruments.

In these cases, it's also really important that customer support stick to a script and can't be abused as part of social engineering, hijacking, or fraud check bypass. "No we can't reset your account" is a very important protection too. I agree that there is an obligation to escalation, but I suspect the focus of the COE will be on how we could have detected this without human judgement. There's got to be a way.

Timshel · 17 days ago
I love the irony that an issue caused by a failing automation was solved due to human escalation but let's not try to improve the escalation process but add more automation ...
Timshel commented on AWS Restored My Account: The Human Who Made the Difference   seuros.com/blog/aws-resto... · Posted by u/mhuot
colmmacc · 18 days ago
Every week at AWS we have an account protection meeting; it's got the teams who handle fraud and abuse detection, compromised accounts (e.g. when a customer has a security issue on their side), non-payment, forgotten creds, as well as our support team. You'll find the most junior members of those teams, all the way up to VPs, in the same meeting diving into the nitty gritty. Every week.

Disabling a legitimate in-use account is one of our absolute nightmares, and I don't care if it was an account paying $3/month we would be having a review of that with our top level management (including our CEO - Matt Garman) no matter how we found out about it. For us, there is not some acceptable rate of this as a cost of doing business.

Timshel · 18 days ago
> Disabling a legitimate in-use account is one of our absolute nightmares

Might be your nightmare but at the same time there is no way for your customers to report it or your own support agents to escalate that something wrong might have happened and someone should look again ...

Timshel commented on I'm Archiving Picocrypt   github.com/Picocrypt/Pico... · Posted by u/jaden
tromp · 19 days ago
How does "a very small (hence Pico), very simple, yet very secure encryption tool" come to depend on OpenGL, threatening its future on MacOS?
Timshel · 19 days ago
> It's not easy to fix in the code either because it'll require major changes to the GUI library which can get messy, especially since GUIs were never a strength of Go.
T

u/Timshel

KarmaCake day1896April 1, 2011View Original