I attempted a similar effort, and found my router had critical ipv6 vulnerabilities including binding the admin and SSH to the WAN on ipv6 (not on ipv4) , and disabling IPv6 firewall altogether so the LAN services were exposed to the internet.

I had the vendor publish their GPL drop, and their upstream vendor did not even have IPv6 support in the product ( the firmware init scripts & admin UI) . So the IPv6 support in the finished product was a rushed copy-paste of IPv4 setup.

I encourage full black box testing of your IPv6 setup, as IPv6 is not in the critical path for QA or consumers, so vulns can persist for years.

I’m a Windows fan, and I could see this being a pain for OEMs and installers / IT guys – but I don’t see why people are making a huge deal . Windows quality is a much bigger issue: latency, reliability issues, inconsistencies in the UI, etc.

Windows account login provides decent value: Bitlocker recovery, device management, Onedrive sync (even the free version), simpler RDP & remote RPC authentication.

You won’t even defeat telemetry with a local account. Windows TOS grants telemetry consent.

Why do you guys care so much about this? It feels like a bikeshed – something easy to complain about with little nuance. What will be won if MS concedes?

I care about this because I don't want to have to get permission from a third party to log into my local computer. It seems like a fundamental part of owning a computer, to me. It's really that simple. If Microsoft made the default to setup or login to a Microsoft Account but had a pretty easy way to opt-out and make a local account, I don't think anyone would care (well maybe some people would prefer the default to be local, but then I'd be with you on asking why they care so much if the bypass is right there a click away). But, they don't let you do that. They require you to get permission to use your own computer, and that's a feel bad.

It's a fair concern. And I believe you can add local accounts once you init windows with your Microsoft account.

Try to think about it from a vendor perspective. How much more difficult it is to maintain support for local accounts, now that so many activities depend on online support. It's preferrable to have a universal/ online credential you assume to be authenticated, rather than having each app test for identity. This applies to consumer experiences (e.g. cloud storage, AI inferrence), and vendor service (telemetry, crash reporting, etc)

For your main PC, are you really using it anonymously (like you would with TAILS or other secure OS)? In practice most people are immediately logging into email (google), Microsoft, facebook , github etc the moment they set up their PC. So it seems to be overcomplicating things for Microsoft to deny them the credential, when it carries so much more value for both the consumer & the vendor.

It's fair for them to refuse to support local accounts. And that's why I left the Windows ecosystem. I don't demand they cater to my needs, I go get my needs met elsewhere.

Its not about anonymity. It's about control. I don't want to ask permission to login to my computer. It's that simple.

With it, can you use your laptop offline?

yes, as long as you signed in once while online. windows caches the creds locally and afaik they do not expire

What happens if you disable the account online, then, or change its password? I haven't worked through this before and I'm curious about it.

password changes or deleting the account will lock out the local credential .

How, if the computer's offline?

yes it would wait for the next online check. But what are offline computers doing these days?

the real lesson is that Jsonata should have been written in C so anyone could link to it and keep the parser resident in memory, to avoid $300k vCPU costs spent on marshalling & RPC

Think of the gigawatts wasted on this nonsense.

You’re right this is the proper way to use git. And I encourage developers to use their own cloud storage (or remote volume) for their primary remote.

Even with the best habits, there will be the few times a month where you forgot to push everything up and you’re blocked from work.

Codeberg needs to meet the highest ability levels for it to be viable.

Like many endeavors, the most vocal in favor or against aren't really doing much. The people actually succeeding with AI probably aren't interested in giving away their secrets.

AI is especially sensitive to this. Unlike coding, where giving away the secret sauce also makes you look smart, divulging AI secrets only demystifies you -- revealing the shriveling man behind the Wizards curtain.

So anyone boasting about AI is likely not doing anything useful with it.

Similar to finance tips, btw.

great tool! I found it useful for challenging "lies my teacher told me".

It would be nice to support collections of claims, with a table of summaries. I would love to list out a few dozen phony concepts from school, and have a sharable chart of the rejections, that expand.

I really like the UI. It's nice to read the expanded results.

But how do you afford the tokens?

Thank you, and fun use case. Yea this is just v1 I have an open question version, but the UI is not as sleek. But what you can do is download the transcript, put it into claude and generate a chart. Which when I think about it would also be a nice UI idea for the page, custom charts based on the model output data. Will report back on this! And RE costs, most questions are very cheap so I created a credit pool anyone can use. if people keep having fun, I'll keep on filling it up, and it looks good so far

I liked lies my teacher told me a lot. I always thought it’d be fun to generate a “get up to speed” pamphlet for every year in every school district depending on who was supplying the text books to the zip code + year you went to school, so you could find out what misinformation you carry with you (since so few people are in the business of retroactively fact checking what they were taught as kids)

I'm sure a lot of parents would support you on that. A lot of PTAs have been struggling with curriculum mandates passed down from the state. there's little control over the content in schools at the School Board / School District level.

use this if you want a corporation to use your content & IP to make money, while offering nothing to you (or the community) in return.

I recommend scanning all of your projects with osv-scanner in non-blocking mode

   # add any dependency file patterns
   osv-scanner -r .

as your projects mature, add osv-scanner as a blocking step to fail your installs before the code gets installed / executed.

so they can fire the IT department and save $500k+ / year

The reporting and headline are even worse. “Best launch week ever” says nothing about sales.

From your point of view it is, but the headline is what Apple is giving them, and it works perfectly well for them: Lots of attention for Apple, zero interesting data.

from the point of view of a high school journalist.

Doesn’t it mean that it sold more units in its first week on the market than any past Mac? How does that say nothing about sales? It’s literally about sales numbers, they are just using a relative metric instead of an absolute metric.

They announced a sales record where the metric is "sold to somebody that never ever had a mac before" combined with "in the first week of availability". The headline is worse than Cook's tweet quoted in the article.

To get this record you need to have a long time were your costumers were buying something else from you (like Phones) and have a lot available inventory in a lot of places in the first week combined with a great media coverage. 3 things that Apple has an advantage in.

As @ibero above points out it is more important for apple to tap into the vast demographic of relatively young iPhone/iPad customers - the older Mac customers are buying different machines.