Thanks to all of you who gave me guidance in the thread about password managers. It got me thinking I should expand the question to overall best practices regarding security, just in case I have any other important blind spots.

What are the essential do's and don'ts of digital security for the average person?

Oof Grandma... Get your head out of your ass woman.(This is in Jest, Grandma knows and thought it was funny. ya'll chill)* Where are you getting your news lately because I just sent you an article from our national news organization and you just told me you can't believe it... Why?

We live and love in the beautiful free country of Canada and despite any individual political leader, we can find comfort in the fact that we have many elected officials that listen to their constituents and ultimately intend to better the lives for our nation. Canada is a mighty developed country and she has designated important bodies to help protect us from the wolves that prey on the weak. We have the CBC a nationally funded non profit organization that has authorship and integrity to the journalists they hire and a long history of helping the truth and redacting and outright dismissing disinformation (now more commonly called fake news). In this article I've sent you, it has sources directly involved in the measles outbreak, including doctors who are licensed through a board that verifies their integrity and ethics and authority in medicine. Also sourced is the CDC; another body that was appointed by Canada herself to keep her citizens healthy and safe, these are not groups of scientists with a vested interest to lie to anyone as that would jeopardize the safety to our entire nature... Yet these highly educated and well funded scientists are refuting your hypothesis grandma.

I think in order to understand what is happening here we need to both step back and ground ourselves in a neutral territory towards a scholarly pursuit and work towards the advancement of our society. To do this we need to frame our perspective to that of a scholar to which I think you and I both agree we are proud to call ourselves anyway. Me, a university student and you an independent researcher: truth be told, as a student of an organization like Ryerson, I have access to a wider breadth of knowledge in our online resources and databases of peer reviewed articles that I can search through with ease, but our goal will be the same and can be achieved only if you think critically with everything you read - you seem well versed in this regard so kudos let's proceed.

As a critical thinker and scholar we are nothing without our authority which is provided through our knowledge-base in factual information. I don't need to be an expert in biology, medicine, or even journalism to be able to have confidence in reading the news article I sent you; but as a scholar I have the ability to verify the authority to the people making the claims in the article. Every person involved in a professionally investigated article are sourced and cited and provide proof to their authority. It's why the CBC discloses their journalists and is also why they'll happily fire them if they fuck up - their integrity is on the line - same with every scientist working for the CDC. Canada does not have a vested interest in the perpetuation of fake news and disinformation, this isn't fucking Russia! (or the U.S. for that matter - Fox news is GOP run television FYI).

This is critical thinking and needs to be understood before you assume authority to the Facebook posts you read. Think of the platform you are getting your news from - Facebook: an American company with a vested interest in advertising to its users. They are NOT a news agency and have zero regulation in verifying the authority of authorship. Anyone can write any shit they like, and the more clicks they get, the more money Facebook makes. In-fact they will happily sell any message you like so long as you're willing to pay for it. I can post just about anything under the guise of "free speech" so long as it does not contain "hate speech" (technically a crime in Canada) and then pay Facebook a couple hundreds of dollars to get that post higher up on my friend's walls. It's how their platform works and regardless of whether a post has been promoted by Facebook themselves or not they are in the business of clicks. In this age of terrorism and fear mongering, the posts, articles, links, and videos that induce the most controversy and fear will gain the most clicks - this is human nature! Facebook doesn't care, they got their money as they are now one of the largest messaging services in the world, second only to WeChat which is a government controlled chinese messaging app linked to their social credit system meant to repress their citizens... hmm...

As Canadian philosopher Marshall McLuhan famously said in his thesis Understanding Media, “For any medium has the power of imposing its own assumption on the unwary… But the greatest aid to this end is simply in knowing that the spell can occur immediately upon contact, as in the first bars of a melody.” unfortunately the advent of social media has only perpetuated the scaling of the media, the importance of the messages, and the shallow knowledge-base of its users to apply the unwary en masse.

To quote a larger bit of McLuhan to drive this point home:

“The American stake in literacy as a technology or uniformity applied to every level of education, government, industry, and social life is totally threatened by the electric technology. The threat of Stalin or Hitler was external. The electric technology is within the gates, and we are numb, deaf, blind, and mute about its encounter with the Gutenberg technology, on and through which the American way of life was formed. It is, however, no time to suggest strategies when the threat has not even been acknowledged to exist. I am in the position of Louis Pasteur telling doctors that their greatest enemy was quite invisible, and quite unrecognized by them.” (McLuhan was a man before his time., this was written in 1954) “For the “content” of a medium is like the juicy piece of meat carried by the burglar to distract the watchdog of the mind. The effect of the medium is made strong and intense just because it is given another medium as “content.” The content of a movie is a novel or a play or an opera.
The effect of the movie form is not related to its program content. The “content” of writing or print is speech, but the reader is almost entirely unaware either of print or of speech.”

Do not kid yourself, social media is no different than any other media. The content of the message is NOT the message. Who is posting the dribble and fake news and WHY? understand the author and their authority and you will begin to think critically again. You wouldn't pick up a history book without knowing who authored it would you? Facts are facts, and fake-news is disinformation by another name.

Now to return to our CBC article about measles and your claim that there is a connection to the MMR vaccine which has the potential to cause autism (despite how fucking stupid this shit is, I'll entertain your hypothesis for a moment).

1. Where are your critical sources and statistics to prove any semblance to propose such an outlandish hypothesis? Because I can't seem to find any real ones in my databases here and every time I've asked you for your proof you've failed to provide any.

2. If the vaccine were to cause autism you accept that there is a chance this vaccine may put a child at harms risk. The reality is you are saying you'd rather risk your child potentially getting a deadly disease and potentially becoming maimed and permanently injured through contact with the disease and worse contaminating others and spreading the harmful pathogens to others just out of fear of potentially could get autism... again, supported without any fact or evidence? Janet's post from Antivax-moms facebook group is non an authority of fact and no medical body has rightfully confirmed a case of autism to the MMR vaccine... so where is our proof again? Big-vaccine is out to give autism to our children?

3. By not immunizing your children you are immorally upholding your child's life over that of your nations and against those you interact with on a day to day basis. You are no longer in a small town - we are a massive country with very loose borders so we can invite friends and family to visit. But when we don't protect our basecamp, the wolves will get in. That goes for fake news just as much as it goes for measles. We already have guards on duty to protect our children, our sick, our immune deficient elders and infants from harmful diseases. These treatments work and you and I are the proof in the pudding. Where is this form of tribalism coming from where you would rather "protect" from autism but not measles, mumps, and rubella? These are the wolves we must fight, and we can't let our guard down just because a post of Facebook has a few thousand clicks.

We are in the age of disinformation and globalization, whether we like it or not there are a select few who are controlling the messages we perpetuate online. Unfortunately it's the confusion and lack of authority to the messages that has guided us towards a harmful future that is now killing children all over the world.
https://medium.com/the-method/anti-vaccination-is-killing-children-in-europe-658415c54a04

stop spreading misinformation and think critically. You are better than that... you are a scholar!

I love you, and I hope you take this to heart.

EDIT*
Seeing that the post was more appropriately moved to ~talk I'm hoping I can start a bit more of a dialogue that has unraveled from talking with the rest of my family. I told my internal family about my conversation with Grandma which we've all had by now, we bring fact, she still isn't sure there isn't a bigger picture that she isn't seeing. She's been fed too many stories to really believe the true ones. How are we meant to respond to this? My dad kinda pissed me off, he said it's like pushing on rope and said it wasn't even worth the effort - especially since someone like my Grandmother doesn't intend to have anymore children and all her family members are well ingrained in the Ontario health system... despite his position, we get issues where families are believing information and causing significant harm to our society... what do?

My bad argument style aside, has anyone else felt like they've been pushing on rope lately?

Hey, all. First actual post here!

In another post on the site (having trouble finding it at the moment, alpha is alpha), someone mentioned a virtual tabletop that was more asynchronous and focused on storytelling rather than battlemaps like roll20. Does anyone happen to know what it is? I'd definitely like to explore something like that for starting a game for busy folks, and also because my interests in tabletop gaming are definitely more focused on the story rather than combat (I'm a spade / heart rather than a club). Thanks!

edited to clarify: It was definitely not Tabletop Simulator, it was something relatively new, so not e.g. Maptools.

I know I'm late to the party, but do you have any recommendations, hidden gems? What's your favorite lately?

I've played most of the big games on console, so I would be looking for something that isn't on PS/Xbox.

Thanks!

Edit: I usually like puzzly games such as Limbo, Inside, Little Nightmares or story-driven epics like RDR2, God of War.

In today’s age, we have a wealth of knowledge available on the fly, and a wealth of misinformation too. Every day I see someone on the internet either mis-informed or ill-informed, even with google and research at their fingertips. What is something you wish the general public would actually take the time to learn about beyond a very surface level interpretation?
Many issues can’t be solved based on just surface level knowlege.

My biggest answer is politics in general, because it controls our world yet it feels like 70%+ of people don’t know what they are talking about beyond layman knowlege, and we’ve seen what happens when tons of people set themselves on a belief and even argue for it when they don’t know what they don’t know.

I don’t know anything about politics but even I can see that people are talking out of straight emotion most of the time.

So, i ask you nice tildes’ers Tilderds Tilderotatoes, what’s something you wish to inform us about that most people don’t read into very much? Can be political or otherwise.

It’s a broad question I know, but that leaves room for a lot of discussion.
Thanks for reading

Hi guys,

I'm really stumped and looking for a nudge in the right direction for how to utilise the ghoneycutt/pam module in puppet. Relatively new to this but got what I'd like to think as most the basics down.

I've configured a few things using modules such as NTP, SSSD and NSSWITCH but I'm just stuck on how I can use this module and pull info from Hiera into it.

So, lets start with

.yaml file:

        ### nsswitch.conf authentication configuration

        nsswitch::passwd:     'files sss'

        nsswitch::shadow:     'files sss'

And then looking at the nsswitch.pp file:

        ### nsswitch.config setup

        class profile::linux::base::nsswitch {

        # Get heira values

          class { 'nsswitch':

            passwd    => [lookup('nsswitch::passwd')],

            shadow    => [lookup('nsswitch::shadow')],

Simple enough to call the values I want and works how I want, now I'm trying to do the same type of thing for PAM using the ghoneycutt/pam module and there doesn't seem to be much info on how to use it, or it's just not sinking in for me.

Some of my PAM Heira values:

        pam::pam_auth_lines:
          - '# Managed by Hiera key pam::pam_auth_lines'
          - 'auth        required      pam_env.so'
          - 'auth        sufficient    pam_fprintd.so'
          - 'auth        sufficient    pam_unix.so nullok try_first_pass'
          - 'auth        requisite     pam_succeed_if.so uid >= 500 quiet'
          - 'auth        sufficient    pam_sss.so use_first_pass'
          - 'auth        required      pam_deny.so'
        pam::pam_account_lines:
          - '# Managed by Hiera key pam::pam_account_lines'
          - 'account     required      pam_unix.so'
          - 'account     sufficient    pam_localuser.so'
          - 'account     sufficient    pam_succeed_if.so uid < 500 quiet'
          - 'account     [default=bad success=ok user_unknown=ignore] pam_sss.so'
          - 'account     required      pam_permit.so'
        pam::pam_password_lines:
          - '# Managed by Hiera key pam::pam_password_lines'
          - 'password    requisite     pam_cracklib.so try_first_pass retry=3 type='
          - 'password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok'
          - 'password    sufficient    pam_sss.so use_authtok'
          - 'password    required      pam_deny.so'

Some things I've tried:

1:

        class profile::linux::base::pam {
          # resources
          class { 'pam':
            password-auth-ac  => [
              lookup('pam::pam_auth_lines')],
              lookup('pam::pam_account_lines')],
              lookup('pam::pam_password_lines')],
              lookup('pam::pam_session_lines')],
           }

2:

	
	      passwd  => [
	
	      lookup('pam::pam_auth_lines'),
	
	      lookup('pam::pam_account_lines'),
	
	      lookup('pam::pam_password_lines'),
	
	      lookup('pam::pam_session_lines'),
	
	      ],
	
	  }

        include ::pam

	class profile::linux::base::pam {
	
	  # resources
	
	    include ::pam

	         lookup('pam::pam_auth_lines')
	
	}

I've tried a few other ways and can't get it to work as I want it to. Can anyone help?

Thanks

It's friggin amazing.

Who knew that keeping a site clean of ads, trackers, and all kinds of other garbage could make the internet feel fast again? Tildes is not only a place for great discussion, but it's a site that doesn't get in the way of its content and I love it for that.

Sorry if this isn't "interesting, informative, or have the potential to start a good discussion".

Thank you @Deimos for creating such an amazing site! I'm not in a position to donate at this point, but I see it in the future.

I've recently accepted a new developer role for a small tech company where everyone works remotely. I've had experience of working from home as a freelancer in the past and slightly more recently working for a distributed company, although there I was working in a small shared office with one other colleague.

I wondered if anyone has any tips or advice on how best to remain productive as well as avoid distractions and try to keep a work/life balance?

I do intend to eventually find a co-working space but immediately I plan to work from home for at least the first few months.

Thanks!

Like many on here I've been moving away from cloud services. I used to think that the open-source-heads that grumbled about loss of control were just out of touch. Just "get-off-my-lawn-types" but now I'm one of them. One of the things that pushed me over the edge was Amazon removing a bunch of tracks I had in my workout mix. Just so not cool.

So I'm done with Amazon but hesitated to stop paying for Prime because I couldn't figure out a good way of getting music onto my old iPhone 5S that didn't involve the absolute steaming pile of garbage that is iTunes sync. Why oh why does ti have to be so hard? And the answer is DRM. It's always DRM. Fuck DRM.

I have mp3s from hundreds of CDs I bought and burned to my computer back in the 90s and early 00s. These have largely sat unused. But not now! Now they are free!

And that is all thanks to the magical open source media player VLC. I've long used it on my laptop and desktops but didn't even know there was a mobile option for iOS. I stumbled across it while struggling to find the default iPhone Music app in Apple's app store. I never found it - I found one that looked like it could be it but it talked about an online store to buy music from so I wasn't sure. Anyways, up popped VLC.

The VLC app is awesome! I can get audio/video to it so, so easily in a variety of ways. I can drag-and-drop across my network, use a number of different kind of online services like dropbox, etc (which is not what I did, but that's cool). In theory, I could sync through iTunes as well, but F that noise!

So now I have 5-10 of my favorite albums, including good music to work out to. And best of all, I have "you are my sunshine" which I was able to download off of Youtube. I play that every night for my daughter and ever since they nerfed the YouTube app to prevent it from playing music while other apps were open, well it's been a pain to just sit an listen to it while she falls asleep each night without doing anything else. But not now! VLC isn't trying to market the shit out of me and lock me into their app. I can put on a song and finally use other apps.

So if you are one of those "get-off-my-lawn" types like me, I invite you to check it out. I don't know if there is an Android version but I sure hope so.

This is all stream of consciousness so forgive my typos and likely poor grammar. I'll clean it up after a I get tired of rocking out to these awesome tunes (maybe...)

This is, of course, all anecdotal.

Spiteful downvotes are a common occurrence on Reddit. Sometimes I'm arguing in a deeply nested thread with a single person, and every one of my responses receives an immediate combo of reply and downvote. It's clear that the person arguing with me is the one making the downvotes, which doesn't seem fair. That's not an indication of my contribution to the debate, they just wanna "win".

In other occasions, when I go against the hive-mind, subjective interpretations of my phrasing renders a torrent of downvotes. I'm not talking about active belligerence on my part, but subtle differences that indicate minor defiance to the norm.

Upvoting seems less toxic. Some subs can use it to brigade /r/all, but that's easily addressable by the admins (I'm not saying they do). While downvotes can easily go unnoticed, upvotes are public by nature, they attract lots of attention, so if something vicious is upvoted the backlash it receives is frequently enough to put the author in their right place.

Tildes lack of downvotes is liberating. Not that I have the urge to post controversial stuff, but the lack of an easy "fuck you button" makes it possible for me to speak with nuance. I'm more preoccupied with what I wanna say than with the 300 implicit rules [1] I must follow to avoid being buried for offending the intricate biases of every sub.

And before this gets political, please notice that I never post on those subs. I'm speaking of "silly" places like /r/aww, /r/DunderMifflin/, /r/howyoudoin and /r/programmerHumor/.

So yeah: thank you, Tildes!

[1] I have no trouble following explicit ones.

I've been programmer for past 4 years and signs of sedentary life, not being active and overconsuming certain stuff is showing... what do you do to stay healthy?
I plan on signup for a swimming pool, I started IF but I fail too many times.. Also i'm trying to cut sugar as much as possible but today was a really bad day in this regard...

my goal is not to get thiner. (i don't consider myself fat where it would be determinal to my health).
my problem is that I feel like my muscles are always tired (can't explain, like I could be strecthing them all day long and they would feel tired), my right side of body starts hurting everyday after 14:00 (+/- few hours, depends on what I am doing). I have regular lower back pains... :(

edit2:
wasn't on computer for the whole day after posting. thanks for all the responses.
My plan for the following weeks is:
-Waking at regular hours (6:30)
-Going to beed at regular hours (22:00 - 22:30)
-My morning routine will be:
some water, wimhof breathing, stretching, shower, coffee -> work.
I'll signup for a swimming pool and try to get my active hours in by going to swimming pool 3-5 times per week.
Regarding food:
Intermitting fasting between 12-20, no sugar, only tea,coffee,water.
Will be cooking my own meal every day / meal prep for the whole week.
all above should be simple to implement and not too hard to give up. On days when I will not feel energetic I'll take some modafinil in the morning.
Also I'll be abstaining from alchocol and any drug... also I'll try to smoke weed on weekends only in small quantites.
all the above shouldn't be hard to do because I allready do some of the things above...
I try to do wimhof breathing when I can, I cook 2-3 times per week. so the biggest ones will be:
giving up daily weed, signing up for swimming pool, going to sleep and waking up at regular hours.

I don't know what is the correct word in English, but I'll be one of those guys who will teach a "class" consisting on answering questions and guiding them through the exercises.

The content is very basic algorithms in C, so things like functions, pointers, and structs are off the scope. Here is the repo I made with the solutions for last semester. I'm starting in the second semester, so I have everything fresh in my memory.

I welcome anything you can give but I'm not necessarily seeking technical advice since the teachers have that covered. What I'd really like to know is what you consider to be some good examples, attitudes, and approaches for this particular position. Thanks.

So I was at a concert this evening and when it was over and people were leaving the concert hall, I went up to a guy and said that I thought the tattoo he had on his neck of the band's logo was really cool and showed dedication. He simply nodded and said thanks, and then his mother (or girlfriend, I have no idea) poked my shoulder and showed me an identical one. It was in sort of between her breasts, but also underneath them. So she had to pull down her top and show a not insignificant amount of cleavage to show it to me. All I could say was "wow, very nice" with a stupid smile on my face. She just laughed and walked away, and it made my night!

Was a pretty good concert too by the way. Behemoth are an amazing band! :)

I just watched the clip to this. It left me perplexed. Starts out with an absurd self-flattery, then name dropping multiple (and actual) ex boyfriends of the singer. Then the clip, it's something totally different and unrelated. It's as if clips (which are somewhat sexist againt almost all sorts of gender out there) collected from a stock media site.

Then the lyrics. A list of someone's ex-SOs. Then self-flattery. Then, let's put a few buzzwords here and there. She's in a lesbian relationship, and her dad is transsexual. Apparently queer people reduced to pure stereotypes. It all comes off to me either as an exploitation of the current atmosphere among the youth, or something so personal would better be a vlog.

There is a strong contrast between the video and lyrics. Objectification of male genitalia sprinkled towards the end of the song. An "eww" at people with missing teeth. Women in sexualised outfit.

Am I too out of touch with mainstream pop stuff? I mean something like Nicky Minaj doesn't come of this "dissonant" to me. There's lots of sexuality in her stuff, but I don't think that's a problem per se. I just don't like her stuff (or swathes of stereotypical male rappers and pop singers) and move on. But this entire combination of clip and song comes off as literally repugnant to me. Is there something I'm missing?

Edit: just to clarify, it's not sexuality or queer stuff that is the problem for me (I don't have any problems with these things and them being depicted), but a strong sense of exploitation and dishonesty that I get.

so i've just recently learned about this guy, and his work is quickly becoming a favorite of mine.

i'm admittedly crazy poorly-read (is that the antonym to well-read?) when it comes to...

well, anything besides self-help books released up to "The Subtle Art of Not Giving a Fuck" by Mark Manson.

and his work has been concise and just fucking accurate enough for me to enjoy.

so i present you all,

a journey through love, with Richard Brautigan.

-2

Everybody wants to go to bed

with everybody else, they're

lined up for blocks, so I'll

go to bed with you. They won't

miss us.

in this first stage, we see that little Richie's met himself someone special, and off they go arm in arm to live happily ever after.

Romeo and Juliet

If you will die for me,

I will die for you

and our graves will be like two lovers washing

their clothes together

in a laundromat

If you will bring the soap

I will bring the bleach.

and here we see something that, personally, i found surprising from a poet who got his start in the 50s.

this piece emulates the incendiary, passionate, limitless love that some of us have been lucky enough to experience in the early years of our lives. the love where it's the both of you against the world. the love where the most mundane tasks seem incredulous solely because they're done together. the love that i have only seemed to find in life, through trauma bonding.

their love is powerful. their love is radiant.

I Feel Horrible, She Doesn't

I feel horrible. She doesn't

love me and I wander around

like a sewing machine

that's just finished sewing

a turd to a garbage can lid.

their love is over.

the crass yet poignant imagery somehow simultaneously flashing feelings of uselessness, self-loathing, and loss.

you are here.

Haiku Ambulance

A piece of green pepper

fell

off the wooden salad bowl:

so what?

the sheer stoicism here is inspiring to me.

this is the mindset that i want - and don't have the emotional energy to cultivate.

were Brautigan still around and kickin' today, i'd buy the man a shot of the best whiskey i could get with $7 and thank him for emulating the exact mindset i want, need, and desire

in four lines.

it's simple - the green paper is a fraud, illusory. from afar or even from near with a quick glance - the green paper is another leafy green of the salad. a leaf of lettuce, a bit of cabbage. even if you press your face into the bowl and smell, the paper will smell of salad and nothing but.

it falls onto the floor, you pick it up to throw it away. you notice the texture inapropos with more roughness, and frailty than a leaf of a vegetable. you test it - you tear it.

it was paper.

it was not the spinach you'd desired.

it was not real.

it was not what you wanted.

regardless of the time you've spent preparing the salad, chopping your veg, blending your dressing, tossing it all, and fixing it for presentation,

if you throw this paper out - it will be no loss, and your salad will only be better for it.

a green piece of paper fell off the wooden salad bowl.

so what?

Love Poem

the piece that brought Brautigan in to my attention in the first place.

It's so nice

to wake up in the morning

all alone

and not have to tell somebody

you love them

when you don't love them

any more.

resolve.

clarity.

peace.

the earlier bleach has gone unsipped. she has come, she has gone. he has suffered, he has grown.

and now, he is at peace.

his world back to...

normal.

this has been a journey through love with Richard Brautigan.

Preface

Software security is one of those subjects that often gets overlooked, both in academia and in professional projects, unless you're specifically working with some existing security-related element (e.g. you're taking a course on security basics, or updating your password hashing algorithm). As a result, we frequently see stories of rather catastrophic data leaks from otherwise reputable businesses, leaks which should have been entirely preventable with even the most basic of safeguards in place.

With that in mind, I thought I would switch things up and discuss something security-related this time.

Background

It's commonplace for complex software systems to avoid unnecessarily large expenses, especially in terms of technical debt and the capital involved in the initial development costs of building entire systems for e.g. geolocation or financial transactions. Instead of reinventing the wheel and effectively building a parallel business, we instead integrate with existing third-party systems, typically by using an API.

The problem, however, is that sometimes these third-party systems process requests over a long period of time, potentially on the order of minutes, hours, days, or even longer. If, for example, you have users who want to purchase something using your online platform, then it's not a particularly good idea to having potentially thousands of open connections to that third-party system all sitting there waiting multiple business days for funds to clear. That would just be stupid. So, how do we handle this in a way that isn't incredibly stupid?

There are two commonly accepted methods to avoid having to wait around:

1. We can periodically contact the third-party system and ask for the current status of a request, or
2. We can give the third-party system a way to contact us and let us know when they're finished with a request.

Both of these methods work, but obviously there will be a potentially significant delay in #1 between when a request finishes and when we know that it has finished (with a maximum delay of the wait time between status updates), whereas in #2 that delay is practically non-existent. Using #1 is also incredibly inefficient due to the number of wasted status update requests, whereas #2 allows us to avoid that kind of waste. Clearly #2 seems like the ideal option.

Method #2 is what we call a webhook.

May I see your ID?

The problem with webhooks is that when you're implementing one, it's far too easy to forget that you need to restrict access to it. After all, that third-party system isn't a user, right? They're not a human. They can't just give us a username and password like we want them to. They don't understand the specific requirements for our individual, custom-designed system.

But what happens if some malicious actor figures out what the webhook endpoint is? Let's say that all we do is log webhook requests somewhere in a non-capped file or database table/collection. Barring all other possible attack vectors, we suddenly find ourselves susceptible to that malicious actor sending us thousands, possibly millions of fraudulent data payloads in a small amount of time thanks to a botnet, and now our server's I/O utilization is spiking and the entire system is grinding to a halt--we're experiencing a DDoS!

We don't want just anyone to be able to talk to our webhook. We want to make sure that anyone who does is verified and trusted. But since we can't require a username and password, since we can't guarantee that the third-party system will even know how to make use of them, what can we do?

The answer is to use some form of token-based authentication--we generate a unique token, kind of like an ID card, and we attach it to our webhook endpoint (e.g. https://example.com/my_webhook/{unique_token}). We can then check that token for validity every time someone touches our webhook, ensuring that only someone we trust can get in.

Class is in Session

Just as there are two commonly accepted models for how to handle receiving updates from third-party systems, there are also two common models for how to assign a webhook to those systems:

1. Hard-coding the webhook in your account settings, or
2. Passing a webhook as part of request payload.

Model #1 is, in my experience, the most common of the two. In this model, our authentication token is typically directly linked to some user or user-like object in our system. This token is intended to be persisted and reused indefinitely, only scrapped in the event of a breach or a termination of integration with the service that uses it. Unfortunately, if the token is present within the URL, it's possible for your token to be viewed in plaintext in your logs.

In model #2, it's perfectly feasible to mirror the behavior of model #1 by simply passing the same webhook endpoint with the same token in every new request; however, there is a far better solution. We can, instead, generate a brand new token for each new request to the third-party system, and each new token can be associated with the request itself on our own system. Rather than only validating the token itself, we then validate that the token and the request it's supposed to be associated with are both valid. This ensures that even in the event of a breach, a leaked authentication token's extent of damage is limited only to the domain of the request it's associated with! In addition, we can automatically expire these tokens after receiving a certain number of requests, ensuring that a DDoS using a single valid token and request payload isn't possible. As with model #1, however, we still run into problems of token exposure if the token is present in the URL.

Model #2 treats each individual authentication token not as a session for an entire third-party system, but as a session for a single request on that system. These per-request session tokens require greater effort to implement, but are inherently safer due to the increased granularity of our authentication and our flexibility in allowing ourselves to expire the tokens at will.

Final Thoughts

Security is hard. Even with per-request session tokens, webhooks still aren't as secure as we might like them to be. Some systems allow us to define tokens that will be inserted into the request payload, but more often than not you'll find that only a webhook URL is possible to specify. Ideally we would stuff those tokens right into the POST request payload for all of our third-party systems so they would never be so easily exposed in plaintext in log files, but legacy systems tend to be slow to catch up and newer systems often don't have developers with the security background to consider it.

Still, as far as securing webhooks goes, having some sort of cryptographically secure authentication token is far better than leaving the door wide open for any script kiddie having a bad day to waltz right in and set the whole place on fire. If you're integrating with any third-party system, your job isn't to make it impossible for them to get their hands on a key, but to make it really difficult and to make sure you don't leave any gasoline lying around in case they do.

Firstly - thanks for the invite, looks like a good place!

I signed up and read some posts, alt tabbed to other sites, came back and went to post a reply but got an error https://i.imgur.com/Fz1MXtd.png

I opened a new tab and logged in and could post ok, but it didnt feel like that long from when I logged in to when it timed out on me.

I spent most of 2018 exploring the Soulsborne games (Demon's Souls, Dark Souls I (no longer for sale, thanks to the Remaster), II, III, and Bloodborne) and wanted to know all of your thoughts on them. Like them? Hate them? Want to try them? Favorite and least favorite?

From Software is probably my favorite game dev studio now. I want to say I adore all of the games, but I haven't tried Demon's Souls or Dark Souls II... yet. Bloodborne is my favorite out of the collection (or what I've played of it) because of the familiar but much faster-paced gameplay, with higher risk meeting higher reward. Not to mention they didn't put Ornstein and/or his armor in it.

I haven't posted at all on Tildes, but I've been here! I've seen how great of a community it is, even if it isn't that popular yet, so I wanted to ask you kind people for advice on where I should move to. Please tell me if this is the wrong group.

I can't decide where to move. I really want to live in a giant city like NYC because I have a degree in CS and computers are popular in big cities, plus I just enjoy them, but (as I'm sure everyone knows) it's super expensive. I also really love rain and snow. If any of you could recommend a relatively inexpensive city that rains and snows a lot, I'd greatly appreciate it. It doesn't have to be in the U.S. Thank you all so much!

Hi all, Hope ya'll doing good. I am done with windows. So I want to switch to linux. I have used it a few times. I just wanted to know, how long will it take to have it setup? Also, I am learning data science. Will switching to linux have any serious implications? Thanks

Edit: #9, not #8; sorry for messing the title up. Would be glad if someone can fix it for me, I can't edit it apparently. Thanks a lot, Deimos, for fixing it up!

What are you reading currently? Fiction or non-fiction, any genre, any language! Tell us what you're reading, and talk a bit about it.

Past weeks: Week #1 · Week #2 · Week #3 · Week #4 · Week #5 · Week #6 · Week #7 · Week #8

Well, I know that I'm just stating the obvious, but I love Tildes for a few reasons. Right now, however, I'd like to discuss one thing: text posts can become popular. "But Sans, they could on reddit too!" Text-only subs notwithstanding, not really. Find any fandom subreddit or r/games, and you'll find a bunch of memes. They're the only thing anyone likes. Here, however, one can actually ask insightful questions in text posts, and it is visible. People like it. They upvote it. On Reddit, that doesn't happen. Nobody upvotes text posts. Just my two cents.

thank you for coming to my ted talk

I've played and enjoyed Neverwinters Nights, Baldur's Gate, Icewind Dale, and Planescape: Torment. I was wondering if you guys could recommend some games in a similar style that I've overlooked. Thanks!

Intro

Hello everyone.

Due to @Kat’s ever-failing health, I will be analyzing the data instead of her this time around. If you have no idea what this is about, see the demographic survey that was posted on the day of Tildes’ half-year birthday. She’s done this before, so let’s see what's new.

The original survey was answered by 404 people, while the half year survey was answered by 293. Though the total number of replies was lower, the completion rate was actually higher: 293 responses from 422 unique visitors, or 69.4%, up from the first year’s 404/599=67.4%. The decrease in answers is most likely attributed to the change of the default sort from “Activity, all time” to “Activity, 3 days”: the response rate held fairly consistent for the first three days, then plummeted after the third as the topic stopped being able to gain any publicity. Though response rates on the original were not high after the first three days, there was a steady trickle up until the survey stopped accepting responses.

While the numbers are relatively big (for a community of this size), do take anything found with a healthy dose of scepticism. Even though the original dataset she shared with me does not contain any identifiable information (all I can see are randomly-generated user strings) the specifics of that data will not be posted, as was mentioned during the original survey. This is because I am unable to be certain I can sufficiently anonymize it. Typeform has created a summary of the data on a per-question basis with substantially more datapoints than this thread, which you can find https://themeerkat.typeform.com/report/H2TtYg/rVf75AqbKaPncy6y.

Explanation

I will compare the statistics with a similarish reference set based on the six most common territories, all of which are above one percentage of the survey answers. That means when I compare on the general populace, I will base it on numbers from USA, Canada, UK, Australia, the Netherlands, and France.

This means it will be weighted like this:

I’ll clean up my data sheet and post it in the comments later. You all are absolutely encouraged to fix it because it will most likely contain errors.

The interesting stuff

What has changed in the first half year?

Age

This time around an age range was used instead of an exact numerical input, but if we were to assume that everyone is aged in the middle of their age range (so 20 for 18-22 year olds, for instance), the average age of a user would be 26.84 years, or 26 years, 9 months, and 4 days old (roughly). So we’ve grown a bit younger than last year, on average.

Gender and identity

Gender distribution seems to be roughly the same. We see a small decrease in percentage of heterosexuals, divided roughly evenly on the remaining categories. We also see a significant increase in the amount of transgender users, but since the amount reported is small, that could also just be statistical noise. The percentage of polyamorous people has remained exactly the same. For pronouns, there are only three users who prefer it/its, and zero who prefer any neopronoun set: every “Other” was offering commentary on the question rather than answering it. Similarly, almost all of the “Others” for orientation were expressing that they didn’t understand the specifics of the options given.

All in all, little has changed.

Territorial

In both surveys, three options dominated: the USA, the UK, and Canada. On that end, little has changed, though it seems that all of the Swedes disappeared, with zero answering the half year survey as compared to eight for the first one. Wonder what they’ve been busy with.

Native language

Unsurprisingly, about everyone speaks English. What is more surprising is the lack of native multilinguals: fewer than 6% of Americans who natively speak English also natively speak a second language. For comparison, that’s 10% for Australians, 21% for Canadians, and 13% for the UK. This represents an overall decrease in geographic diversity, with users coming from 36 different countries as compared to 42 the first time.

Religion

Compared to the world at-large, we sure are a god-denying folk. A whopping 52% of us consider ourselves atheists, whereas the sample data puts it at 12.1%, so we’re far from the norm of our fellow citizens.

We got a few interesting answers in the “other” section of the religion part of the survey. We got a few interesting ones I had never heard of before, like “Discordian”. But generally speaking, around half of them were either “none” or one of the actual options. Two stood out to me though.

To the one Chinese user who filled it in as “The heck is chinese traditional”: I have no idea either.

To the one Australian user who wrote “Left-hand path Heathen”, you be yourself, mate.

Politics

The average has barely moved in the last half year—we’re still slanted very much to the left. Unlike the first survey, there was no freeform input this time around, so the specifics are hard to discuss.

Computers

We have seen a drastic fall in the percentage of Windows users. It was at 60%, and is down to 43%. Nearly all of this has gone to Linux, which is now at 38%. That’s quite large, especially compared to the reference data, which has Linux use among web users at 1.23%. It’s like a herd of penguins in here.

Mobile phones

Compared to half a year ago, not many of us have switched mobile OS. Compared to the calculated data, we like Android slightly more than average. 62% vs 72%.

Not much interesting in the “other” section, though I will give a salute to the one American user still holding out on Windows 10 Mobile.

Work

We have a pretty even distribution with three exceptions. “Computer software”, “Never employed”, and “IT”. Nearly 3/4 who answered “Never employed” are currently students.

Among the students, we only have one student that proudly smokes and has no interest in quitting. The campaigns seem to be working.

Tildes usage

If we look at the users who visit Tildes multiple times per day, we see a few interesting trends. Nearly all of them use Android, and nearly all of them are employed. Beyond that it all seems surprisingly… average.

Overall, people rated Tildes as a platform as-it-stands a 5.7/7 (0.81), and their optimism for the future of the site at a 5.4/7 (0.77). The most important reason they use the site (of the options given) is “Minimal, fast design” at a 4.6/5 (0.92), with “Privacy-consciousness and lack of trackers” right on its heels. 20.8% of users have ever contributed money to Tildes (surprisingly high, compared to most donation campaigns), with about half as many making a recurring donation.

Despite @Kat’s insidious attempt to influence the data, “waves” as a demonym only received 5.5% of the vote. The leader for that, overwhelmingly, is “no demonym at all”, with a combined 49% of the votes and 18.5% of respondents strongly preferring the site not to have a demonym. Second place, the generic “users”, only has 15.8% in comparison. The first Tildes-specific demonym present is Tilders/~​rs, with 13.4%.

Most notably, about ⅔ of users would prefer Tildes to be remain invite-only long-term.

Freeform questions

The survey had three freeform questions: “What do you like most about Tildes, thus far?”, “What do you like least about Tildes, thus far?”, and “What is the most pressing missing feature/‘pain point’ for you about Tildes in its current state?” All the comments fill over 30 pages, so it seems like we really have a lot to say. You can download and look at all of the raw answers here, if you’d like. They’ve been shuffled to ensure privacy.

Likes

A large majority of the comments boil down to “a quality of discussion where disagreement is discussed in a respectful and level-headed way”. A very significant amount also point out the lack of “low effort content and trolls” as a good thing. A significant amount also mention the simple and quick-loading interface. We also have one user who believes he can find a twerk team on Tildes.

So on this, @Deimos can feel proud for what he has done. Though you know what really makes the site good? There is one comment that properly gets it: “The people, d’awwww.”. Yes, that includes you.

Dislikes

But not everything is perfect, though negatives about Tildes seem to be a lot less unanimous than the positives. There are a few that repeat a bit more often than others: the biggest one is “left centrism in discussions” or “echo chambers”, though in a close second, as with any political discussion, is its exact opposite with complaints about “too much discussion about left-centrism in discussions”—notably, though, in the question “Do you feel as though Tildes has a good mix of political opinions, for your personal preferences?”, the leading answer was “Yes” with 63%. A small amount of users also think we have too many software developers.

Beyond that, the main complaint that stands out is “lack of users and content”, which I am sure will improve in time.

Missing feature/pain point

This too is very varied. A lot of the comments are actually about features that have been introduced since the survey was done, like bookmarking. Honestly, it’s not that many complaints compared to just likes and dislikes.

The “majority” seem to be on a lack of tag autocompletion, USA-centrism, and the lack of a mobile app.

There was one more section: “If you would like to offer any long-form commentary, criticism, or feedback regarding Tildes, you may do so here.” Due to its nature, I’ll let you read through them yourself in the raw data, if you’re interested.

Closing words

First of all, to everyone who took the time to answer: thank you! I hope this post and the survey has brought some fun to everyone. If there’s an interest, I am sure that Kat, myself, or someone else will make another one at the one year anniversary. We already got some feedback in the previous thread, but we’re always open for more.

I will do some additional data comparisons on request. I might be a bit occupied this weekend, though, so that will come when it comes.

Tildes is currently invite-only. (Thank you redditor u/⎷⎷⎷⎷⎷⎷). Of course, it's in alpha testing, so that makes sense. When do you think tildes will be made public? How will they do it? I don't think it ever really needs to be made public. The reasons are that:
1 - Bans are actual bans. Getting beyond a ban is ridiculously hard compared to on Reddit, where someone just makes a second account. On Tildes, if you're banned, you're banned. That's it. It weeds out a lot of trolls.
2 - Throwaways can't be made. Making a throwaway account on Tildes costs one of your invites, so it's much more annoying to do so.
Hopefully you enjoyed my little rant.

This week let's share some of those favorite tracks that you don't usually advertise to other people - the guilty pleasures. The ones that tend to make music critics and other music lovers cringe, and garner raised eyebrows from your friends and family. We've all got them hiding in our playlists.

Thanks @ainar-g for the topic suggestion. Feel free to suggest topics for upcoming threads in the comments, and happy listening. :)

Last week's thread on uplifting earworms.

Last month my dad had a stroke. Miraculously he didn't lose much functionality at all, though he does have some minor cognitive issues that we're working on in rehab - mainly memory. Accordingly, we want to find some games he can play on his tablet to help keep his mind active and focus his attention. But the mobile game market is hard for me to navigate and sort through for what I'm looking for.

I need games that're about a dollar or less and don't have in-app purchases. Basically games you could give to your kid and trust that they're not gonna be psychologically manipulated into wanting to empty your bank card or something like that.

Brain teasers and simple puzzles are ideal for sharpening his mind but any game that's good clean straightforward fun will work. I don't think he's going to be able to handle anything with a whole lot of moving parts like an RTS right now, for instance.

I can't afford to spend much on this and I don't know what kinds of games will interest him most so I want to give him a lot of choices. I've already looked through a couple of the other mobile game rec threads on here and I'm checking out the games listed there, but I was hoping you all could help me think of some stuff more geared to my situation. Any pointers even just on where to go looking or what to google would be appreciated. Cheers!

Edit:

Thank you all for being so supportive! I've added a bunch of the games you recommended, and I also found a couple nice lists that I thought I'd add here for anyone else interested.

Short List of Totally Free Games

10 Completely Free Mobile Games

Stay awesome tildes!

What are some of the must-dos, must-installs, must-uninstalls, and must-alters of setting up a new PC? I'm getting my first new PC in 5 years on Sunday and the old one is really showing its age. I would like to avoid that as much as possible in order to keep the PC running smoothly as long as possible. I'd also like to optimize its performance and have useful software tools.

Thank you for any advice,
gbbb

I was looking for preferences on 120/140mm case fans. RGB is a want, but not at the expense of quality fans.

I'm pretty new to the topic and not super familiar with the technical side. So open to reading more in depth too.

Thanks!

Releases of the week 17/11/2018 - 23/11/2018

Featured Release

Oneohtrix Point Never - Love In The Time Of Lexapro (EP) (Prog Electronic, Ambient)

Oneohtrix Point Never has dropped off his new EP, Love in the Time of Lexapro....
The new effort follows producer Daniel Lopatin’s impressive 2018 album, Age Of, and The Station EP from July. It contains a pair of new songs and alternate, collaborative versions of two Age Of tracks.
The two previously unreleased originals are titled, “Thank God I’m a Country Girl” and “Love in the Time of Lexapro”. The latter title track has been an audience favorite on Lopatin’s Age Of tour, but has never been properly recorded and released until now. Also included is a rework of Age Of’s “Last Known Image Of A Song” from veteran Japanese experimental musician and composer Ryuichi Sakamoto (The Revenant), as well as an updated take on Age Of highlight “Babylon” featuring additional contributions from (Sandy) Alex G.”

Source: Consequence of Sound

Stream Links

Other Notable Relases

Dipset - Diplomatic Ties (Trap, Hip Hop)

Listen to single

Rita Ora - Let You Love Me (Pop, Electropop)

Listen to single

Boosie Badass - Boosie Blues Cafe (Hip Hop, Blues)

Listen

Art Brut - Wham! Bang! Pow! Let’s Rock Out! (Indie, Rock)

Listen to single

Feel free to discuss or feature any and all other releases in the comments below

Discussion Points

Have you listened to any of these releases yet?
What are your thoughts?
What are you looking forward to listen to?
What have you enjoyed from these artists in the past?

// All feedback on this format welcome below.

I never talked to anyone in real life about it before yesterday, and even though it was really, really difficult, I'm glad that I pulled through.

I had a meeting with a nurse and a doctor at the psychiatric wing of a hospital, but for other reasons - I have a lot of mental health issues so I keep in touch with them in case I have a breakdown or whatever. That way I won't spiral completely out of control; they can catch me. So anyway, after meeting with said nurse and doctor which was a rather quick meeting, I asked my nurse (who is sorta my contact there) if she had a moment for a one-on-one conversation. She thankfully did and we went to her office. I was pretty anxious all along and once we sat down, I could barely even speak because I kept losing my composure, and my voice was super shaky and I nearly cried.

But I managed to get through it, and told her how I'd seen a short film a couple of days ago that made me burst into tears. How I'd been questioning for years at this point, how I'd always felt out of place and like I was the odd one out. How maybe it's all sorts of things, but perhaps it's because I'm trans.

Not to sound arrogant or anything, but I'm really proud of myself for having the guts to do it. I wouldn't have been able to do that just one year ago. She did say that I was cool/tough for being able to say it out loud and honestly she was the best about it! No judging, no nonsense, no crap. She said all the right things and was really empathetic and understanding despite not at all being qualified for this kind of thing.

So basically what came out of it is that it really felt good to talk to someone face to face. She said she didn't know what to do, but she knew how to find out - which is of course all that I could ask! She's gonna get in touch with a different hospital that has a sexology department (don't know if that's a thing in other countries, I don't know the English name for it sorry). And then she's gonna call me on Monday with her findings!

I still don't know if I'm trans though. I feel like I might be, considering the way I could barely even speak when talking about it out loud. But maybe I'm non-binary too - that's why I'm hoping to get to talk to someone from the sexology clinic. Perhaps they know what questions to ask... I'm also moving in two weeks and I have two exams in that very same week, within 24 hours of one another. But the number one thing on my mind is the above... I think that's pretty telling.

Thank you for reading <3

I have poor vision and I rely heavily on a Firefox plugin called Stylus to make websites readable - in particular the trend for low contrast and small text. That includes Tildes.

I updated it to v1.5.0 and now the styles I set for Tlldes no longer work - most other sites still appear to work but I've not checked them exhaustively.

I immediately tried rolling back a release or two (1.4.23 and 1.4.22) but those versions no longer work for any site. I tried randomly downgrading to even older versions but the same result. I think I'm stuck with the latest version..

I notice in the browser console there are 2 errors reported on Tildes e.g. on this page I see:

Content Security Policy: The page's settings blocked the loading of a resource at inline ("script-src"). new_topic:1:1
Content Security Policy: The page's settings blocked the loading of a resource at inline ("style-src"). new_topic:1:1

Using the Firefox Developer tools Inspector - I see my style settings for Tildes injected by Styuls (after the body) but they do not work any more.

Since only Tildes so far is not working with my Stylus settings I guess there is also a recent change to Tildes that is causing Stylus to fail.

This is a rather serious issue for me as all the colour options in the setting are low contrast and cause eye strain which becomes painful without the Stylus settings.

Thanks for any help you can offer.

Hello everybody! As the Americans here are probably aware, this week is our holiday for Thanksgiving. One of the traditional parts of the holiday (at least as I've always practiced it) is everybody writing a list of the things they're thankful for in their life and over the past year. Especially since this is our first Thanksgiving together since Tildes was founded, I was wondering if you'd like to contribute such a list. :)

So I'm doing my GED at the moment and I'm in the same couple of classes this gal. It's only 3 months into the semester and we won't be in the same classes next semester anyway. Nevertheless, despite it only being 3 months we quickly became acquainted and within the last month or so we've become friends. Last week however, her boyfriend broke up with her and today he kicked her out of his apartment - so she's homeless. And in order to not live on the damn street she's going back to Norway (she's only been here in Denmark for a bit over a year) to live with her family until she can find somewhere to live here - she still has another semester to go until she's done with school here, so it need only be temporary.

She's leaving tonight and so I asked if she wanted to meet after school today. We did and talked for a couple of hours at a cafe - and it was pretty nice despite her situation being total shit. I'm a really empathetic person in general and I feel all sorts of compassion for her. Simultaneously, despite barely even knowing her (today was the first time we actually hung out, come to think of it), I am gonna miss her like crazy... This is mostly about her because of how much it sucks for her and how bad I feel for her, but I can't help but feel like shit too even though I barely even know her! I can't tell if I have a crush on her or if I just like her as a friend, but who cares anyways - she's gone now and I might not see her again...

Just had to get this off my chest I guess. I just wish so bad that she didn't have to leave - that I could've gotten to know her more and spent more time with her.

I'm also trying to follow some advice from a psychologist, because I have borderline personality disorder and basically it means I feel feelings a lot more intensely than the average person. I also haven't been a very social person historically speaking so I find it difficult to navigate relationships and situations like this. So the advice I'm trying to follow is particularly this bit: Instead of ‘I love you with the passion of a thousand fiery suns’ it might be nice to do a small gesture. But it's difficult to not write her on messenger and just say something like "I'm gonna miss you :(" - I know it's stupid to do that and she doesn't feel the same way I do because it's only been like 1 month of actual friendship, but it's genuinely how I feel.

Wasn't sure if this belongs in ~life or here, so I figured I'd just go with this one. Just had to get this off my chest so that maybe I'll not be dumb and write her something that the overly attached girlfriend meme could have written. I used to be super clingy and it's driven people away in the past so yeah. Anyway, thanks for caring if you read this whole post :)

I might soon be part of an internet startup. We're talking with a relative about setting up a consultancy & business news service on a certain sector, and I've generated a part of the idea and accepted to take on the technical/editorial side for a while (I've almost a year til when I start my master's, and will probably work up until when I start my thesis; so almost two years). If things work out, this might be a dream job (except academia) for me, and even very lucrative. But I'm fairly n00b in this space, both business and professional work, though I have the technical skills. Thus I'm seeking general advice on

• how to organise this thing: how to make sure we communicate well on dates and plans and how to make educated guesses when setting up an agenda

• how much will it cost: we'll start with making a database and running a sector-specific blog/news site as publicity (though I'll make sure the content is quite decent, not just a showpiece), but then later we'll introduce a tangential online service and a mobile app leveraging that crowd

• working with non-techies: I'll be the only techie in this startup and I need to help people with gathering, storing, organising and utilising historical data with certain variables, ensuring they keep an accurate record and can make quality queries easily; the 3 people apart from me will be non technical

I think quite a bit of you here have been involved in this sort of scenario, so maybe you could have some advice for me. I'd appreciate anything, examples of approaches, links to tools, what not, anything you think could be useful. Thanks a lot in advance!

OC from me when I was a college student. Also a good excuse to watch some cartoons and call it study ;-P Mods - feel free to move this if this isn't the appropriate sub. Thanks!

Who Has the Power? He-Man and the Masters of Marketing

Once upon a time the sole purpose of children’s television was to educate. But this changed in the 1980s when the Federal Communications Commission refused to enforce a ban on children’s programming tied to commercial products. Mattel took advantage of this to market a line of toys with their show He-Man and the Masters of the Universe. This was the crown jewel of the toy-based children’s programming in the 1980s and made Mattel over a billion dollars in revenue from toys and accessories. The program sparked controversy over marketing and violence in children’s programming.

The F.C.C. and Deregulation
In 1969 the F.C.C. found that the ABC children’s show Hot Wheels to be nothing more than an episode-length commercial for the Mattel product. The commission banned product-based programs saying that they are not designed to entertain or inform the public (New York Times, February 3, 1986). This regulation was enforced throughout most of the 1970s, but the F.C.C.’s position on children’s programming changed drastically during the 1980s to become market-driven. By 1986 this change was explicit when F.C.C. Chairman Mark Fowler told the New York Times that “‘The public’s interest determines the public interest.’”
Fowler had replaced Charles D. Ferris as chairman when President Reagan took office. Ferris had been a proponent for government-mandated children’s programming aimed at specific age groups (New York Times, July 25, 1982). Ferris said in the article:

We are well aware that it is not in the economic interest of the broadcasters to aim this kind of programming at an audience amounting to 16 to 18 percent of the population- age 12 and younger- but if the obligation falls evenly on all, then no one is particularly disadvantage.

For 27 years Captain Kangaroo served this function for CBS, but in July 1982 it went off the air leading New York Times reporter Holsendolph to ask “how could the situation reach a point where no children’s fair is regularly scheduled on weekdays on the commercial networks?” Like Ferris, Holsendolph did not realize that the door was being opened for commercialism. But Bob Keeshan, aka Captain Kangaroo, had an idea of what was coming, “‘Frankly, I think the needs of our nation’s children are just too important to be left to the networks and their profit motives, or to Mark Fowler’s market concept.’” With Fowler’s F.C.C. backing off from enforcing bans and also calling for deregulation of the industry, the market was ripe for the picking and the toy-maker Mattel was ready and waiting.

Marketing to Children
Before the popular show He-Man and the Masters of the Universe ever existed, the toys were designed and sold starting in 1982. He-Man was not the creation of a lone artist at Mattel but rather the product of marketing research. According to a People Weekly article by Carl Arrington, the research began as a response to the highly profitable Kenner Star Wars action figures. Mattel conducted 17 studies on everything from boys’ play habits to the preferred hair color of the hero (blond). Mattel examined such classic works as Joseph Campbell’s Hero with a Thousand Faces to develop archetypes for the characters. The characters were given a fantastic flair because the research indicated a preference for high-fantasy and made it easy to capitalize off of the success of the Star Wars toy line.

The first toys came with mini-comic books that explained some of the background behind the characters. Originally, He-Man was a wandering barbarian similar to Arnold Schwarzenegger’s character in Conan the Barbarian but this changed as the toy-line evolved. The toys were priced around $5 apiece and the accessories ranged between $20 and $40. Mattel eventually made 70 characters and urged kids to collect them all.

He-Man and the Masters of the Universe first aired in September 1983. Prior to that almost all children’s shows were on the networks (ABC, NBC and CBS), but with the number of independent TV stations tripling since 1972, a new market had opened up. He-Man took advantage of this by airing on 166 independent networks. The toy companies shared the cost of the programs with the producers. The producers then made a deal with a syndicator, who traded air time with the station managers for the use of the show. The syndicator then sold some of the air time to advertisers and funneled the cash back to the producer. Many independent TV stations also received a cut of the toy profits for airing a show, a practice the F.C.C. condoned (New York Times, February 3, 1986).

Many critics called the show “a program-length advertisement” for the toys. The Boston-based Action for Children’s Television, who lamented the end of Captain Kangaroo and advocated a government mandate to ensure children’s programming earlier in the decade, was infuriated that the F.C.C. had allowed the market to determine children’s programming. They said that programs based on toys constituted a commercial. Peggy Charren, the group’s president, said “‘What makes matters worse is that most of the products are being advertised on children’s television as well, making it hard to distinguish between product and programming.’” The president of the National Association of Broadcasters, Edward O. Fritts, said that the complaints were “‘an outrageously shortsighted and overly idealistic approach,’” and he added that the industry had made incredible progress in children’s programming (New York Times, October 12, 1983). Dr. William H. Dietz, chairman of the American Academy of Pediatrics’ task force on children and television, also opposed the programs. “‘They sell a product while claiming to be entertainment. And kids don’t know the difference. It is unfair and deceptive advertising. It is unethical to do that, in my opinion,’” said Dietz (New York Times, February 3, 1986).

The Success of the Show and the Toys
The show became the No. 1 children’s program in America and was aired five days a week, something that had never before happened with a children’s program. Besides the 166 U.S. stations that aired the show, 37 foreign countries were invaded by He-Man. It quickly became a favorite of boys age 4 to 8, but around 30 percent of the viewers were female, according to the show’s executive producer Lou Scheimer (New York Times, December 18, 1984). He-Man had 9 million viewers after only 15 months on the air, wrote Patricia Blake in a 1985 Time Magazine article.

The show was a cultural phenomenon and parents everywhere were berated with demands for the toys from their children. Paula Higgins recalled how her son wanted the toys so badly that she took him to five toy stores in search of the He-Man action figure. She noted in her New York Times column that “He-Man and company have an advantage over their Star Wars counterparts, [because] they are on a cartoon five afternoons a week, every week.” Although she approved of the cartoon she did not like the marketing. She wrote “I also know I do not like what is happening, but this is all new territory for us. Our son has never got caught up in this kind of advertising hype before” (New York Times, April 29, 1984).

In 1984, Mattel had sold $500 million in toys and another $500 million in other merchandise, such as He-Man toothbrushes, underwear, lunchboxes and bed sheets. That year the toys were so popular that Mattel had to hire freight airliners rather than ships to get the toys over from Hong Kong, Japan, Taiwan, Malaysia, and Mexico to meet demand (New York Times, December 18, 1984). This was just the beginning of a wave of toy-based cartoons such as G.I. Joe: A Real American Hero, the Transformers and the Teenage Mutant Ninja Turtles.

Violence and Morals
The 1980s was also a decade of concern about violence on television and most particularly violence in children’s programming. The National Coalition on Television Violence found that the new Walt Disney cable network was showing cartoons that contain violence unsuitable for children. They stated that 19.3 violent acts were shown in Disney cartoons each hour (New York Times, April 23, 1984). Disney’s cartoons paled in comparison to the violence in the military themed shows. Children’s shows like Rambo and G.I. Joe were at the center of the violence debate, but He-Man was not exempt. The He-Man show sparked debate among concerned parents who feared its extreme popularity spread violent play. At a viewing of He-Man at the Christ Church Day Care, Peggy Marble, a mother, said that she was concerned the show promoted violence and “unusually aggressive play” (New York Times, December 12, 1985).

Filmation, the studio that produced He-Man, hired Stanford University Communications Professor Donald Roberts as an educational consultant to ensure that the popular show kept the violence to a minimum. Roberts said that none of the characters get killed or seriously hurt, in a Time Magazine article by Patricia Blake. Furthermore, Roberts said that He-Man deplores violence and thus the battle scenes are “‘really anti-battle scenes.’” To combat the charges of violence that were occurring within the industry, the He-Man program also incorporated a moral message at the end of every show, much like another popular show of the time, G.I. Joe: A Real American Hero. Filmation President and He-Man Producer Lou Scheimer defended the show by saying that they have done episodes addressing drugs, child molestation and gun control (New York Times, December 12, 1985).

A 1982 National Institute of Mental Health study found that violence on TV was directly related to children’s violent behavior off-screen. Dr. Jerome L. Singer, professor of psychology at Yale University, said “‘It is true that some shows, like He-Man, have a kind of moral. But our observations of young children have been that they don’t get it. What we have noticed is that the play with toys like He-Man tends to be rather aggressive’” (New York Times, December 12, 1985).

Conclusion
The debate over toy-based programming continued longer than the popularity of Mattel’s He-Man, whose sales dropped $250 million in 1986 as kids lost interest. In 1990, Congress passed the Children’s Television Act that limited commercials to 12 minutes of every hour of programming. However, the F.C.C. declined to define shows based on toys as commercials. Instead, they ruled that a program is only a commercial if an advertisement for the related toys is run during the breaks. This provoked the ire of Peggy Charren, president of the Action for Children’s Television, who said “‘The problem is not with the four or five minutes of advertising time. The problem is the 26 minutes that the ad agency, the program producer and the toy company have prepared’” (New York Times, November 9, 1990).

He-Man’s catchphrase that he booms out at the beginning of every episode is “By the power of Grayskull, I have the Power.” And he does, or at least Mattel does along with the rest of the toy industry. By uttering the magic phrase, He-Man transforms himself from wimpy Prince Adam, his alter-ego, into a muscle-bound barbarian with flawless super powers. In much the same way, toy companies like Mattel transformed themselves from mere manufacturers of play-things to marketing giants with muscles that bulged five days a week.

Coverage of F.C.C. deregulation was prevalent but its impact on children’s programming received less coverage than other aspects such as the Fairness Doctrine. Controversy of toy-based children’s programming focused on violence and the extreme popularity of the toys and the shows. F.C.C. regulations were usually only mentioned as a backdrop for these stories.

While the debate over market-driven children’s programming began over 20 years ago it remains a concern in today’s society. Prepubescent cries of “buy me this toy” can be heard in any toy store in the country, no doubt inspired by a TV show that has followed the He-Man marketing strategy. Today, parents and doctors are more worried about the marketing of high-fat and high-sugar foods during children’s programs. The Institute of Medicine recommends legislation banning ads for such bad food during children’s shows. At a time when 31 percent of children are obese this message is one of “urgency,” according to J. Michael McGinnis, chairman of the IOM committee. ‘The prevailing pattern of food and beverage marketing to children in America represents, at best, a missed opportunity, and, at worst, a direct threat to the health of the next generation,” according the IOM report (USA Today, December 7, 2005).

[seen on reddit but no discussion - if it's not okay to seek out better discussion here after seeing something fall flat on reddit, I am very sorry and I'll delete promptly]

I've had some experience in this realm for a while now, but I'm having a little trouble with one issue in particular. Before I divulge, I'll present my thoughts on best practice and and what I've been able to implement:

• Terraform everything (in accordance to terragrunt's "style guide" i.e. organization)
  THIS IS A BIG ONE: for the jenkins master task, make sure to use the following args to make sure jenkins jobs aren't super slow as hell to start:

-Djava.awt.headless=true -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85

THIS IS A GAME CHANGER (more-so on k8s clusters when the ecs plugin isn't used... hint, it's shit).

• Create an EFS (in a separate terraform module) and mount it to the jenkins ECS cluster at /var/jenkins_home. Makes jenkins much more reliable through outages and easier to upgrade.
• Run a logging agent (via docker container) like logspout or newrelic or whatever IN USER_DATA and not as a task - that way you get logs if there are issues during user_data/cloud_init... this I'm actually not sure about. Running a container outside the context of an ECS task means the ECS agent can't really track it and allocate mem/cpu properly... but it does help with user_data triage.
• Use pipelines and git plugins to drive jobs. All jenkins jobs should be in source control!
• Make sure you setup docker cleanup jobs on DAY 1! If you hace limited access to your cluster and you run out of disk due to docker cache, networks, volumes, etc... you're screwed till the admin ssh's in and runs a prune. Get a docker system prune going or the equivalent for each docker resource with appropriate filters... i.e. filter for anything older than a few days and is dangling.
• Use Jenkins Global Libraries to make Jenkinsfiles cleaner (I always just use vars instead of groovy/java style packages because it's easier and less ugly)
  Jenkinsfiles should mostly call other bash files, make files, python scripts to generate and load prop files, etc. The less logic you put in a Jenkinsfile (which is just modified groovy) the better. String interpolation, among other things, is a fuckery that we don't have time to triage.
• (out-of-scope) Move to using k8s/EKS instead of ECS asap because the ECS plugin for jenkins is absolute shit and it doesn't use priority correctly (sorry whoever developed it and... oh wait abandoned it and hasn't merged anything for years... for for real it's cool, just give admin to someone else).
• (cultural) Stop calling them slaves. "Hey @eng, we're rotating slaves due to some cache issues. If you have been affected by race conditions in that past, our new update and slave rotation should fix that. Our update may have killed your job that was running on an old slave, just wait a few and the new slaves will be ready" <--This just doesn't look good.
  Hope that was some good stuff for you guys. Maybe I'm preaching to the choir, but I've seen some pretty shit jenkins setups.

NOW FOR MY QUESTION!

Has ANYONE actually been able to setup a proper jenkins user on ECS that actually works for both a master and ephemeral jenkins-agents so that they can mount and use the docker.sock for builds without hitting permission issues? I'm talking using the ecs plugin and mounting docker.sock via that.

I have always resorted to running jenkins master and agents as root, which means you have to chmod files (super expensive time and cpu for services with tons of files). Running microservices as root is obviously bad practice, and chmod-ing a zilliion files is shit for docker cache and time... so I want to get jenkins users able to utilize the docker.sock. THIS IS SPECIFICALLY FOR THE AWS ECS AMI! I don't care about debian or old versions of docker where you could use DOCKER_OPTS. That doesn't work on the AWS Linux image.

Thanks! And happy Friday!

In most of my programming, I try and remain professional, and do things in a readable, maintainable way, that doesn't involve pushing the language to breaking point.

But, occasionally, I give myself free reign. What if you didn't care about the programmer who came after you? What if you didn't care about what a programmer should do in a certain circumstance?

For myself, over the years I've written and rewritten a C library, I like to call CNoEvil. Here's a little taste of what you could do:

#define EVIL_IO
#define EVIL_COROUTINE
#include "evil.h"

proc(example, int)
  static int i = 0;
  coroutine();
  While 1 then
    co_return(++i);
  end
  co_end();
  return i;
end

Main then
  displayln(example());
  displayln(example());
end

(And yes, that compiles. Without warnings. Even with -Wpedantic.)

So... Here's the challenge:

Ignoring the rules, and best practices... How can you take your favourite programming language... And make it completely unrecogniseable?

(Might be best to choose a language with macros, like Nim, Rust, any of the Lisps. Though, you can still do some impressively awful things in Java or Python, thanks to overloading inbuilt classes.)

Challenge Ideas:

• Make Python look like C
• Make Java look like Python
• Make anything look like BrainFuck

I don’t know how to really explain my fascination with programming, but I’ll try. To somebody who does it, it’s the most interesting thing in the world. It’s a game much more involved than chess, a game where you can make up your own rules and where the end result is whatever you can make of it. - Linus Torvalds

I just read over the Technical Goals page, and I agree with everything you're doing. I feel like I'm the only one who's annoyed by the recent trends of web design and development that involves heavy use of icon-based navigation and JavaScript. I'm stoked to see what Tildes will become given this direction.

I know I'm not nearly as skilled and experienced as you -- Deimos and the Tildes team -- at web development, but if there's any way that I -- a sysadmin with experience in AWS -- can help, I would be happy to be a part of it. Otherwise, I can continue to lurk, occasionally post, and sing praise of Tildes! Cheers!

Hello.
I moderate a reddit sub with about 450 thousand people and we have had trouble with transgender people facing abuse from idiots in two different threads. In one of them, a woman chimed in and it got ugly (4 bans in the first 12 comments), in the other a trans woman took part and got shit for it (also featured a few users banned).

Now, each of them had a very different approach. The first got defensive and stopped participating, while the second took the time to respond to the stupid but not offensive ones, trying to educate them.

So even if this is something that bothers me a lot and makes considerably angry, I realised that maybe I should take a more nuanced view on this, and I should actually ask for more opinions on how to handle thiS, instead of simply applying my own standards and maybe making things worse and/or missing a chance to make things better. And since Tildes has always provided me with intelligent, thoughtful and interesting points of view and opinions, I thought this would be the best place for this question.

And so here I am, asking anyone that would care to give an opinion: what would a good moderator do? How harsh or lenient should we be with ignorant but not offensive comments? Should we get involved at all if the discussion is not offensive? What would make our sub a nicer place to everyone? Any other thoughts?

Thank you very much to all.

I'm interested in patterns and culture. I think it's a fascinating topic from many perspectives. Mathematically there are many tools for pattern analysis and formation, but at the same time philosophically our minds try to make things fit into patterns generally (maybe because it requires more energy to remember a whole thing than a set of rules that describe the thing). A mathematical example of cases where order arises from pure disorder (or maximum entropy) would be Ramsey theory.

I'd like to discuss the cultural influence on our pattern analysis/synthesis, but also explore a bit what is a pattern, whether everything is a pattern or nothing is a pattern, whether patterns are interesting in themselves or not, etc.

I was wondering if anyone has recommendations for readings in this area, or if anyone has an opinion on it. I know of many works regarding a single pattern (for example the different theories of linguistics, the different theories of music, the different theories of cooking... you get the idea) but I've never seen a meta-perspective on why are we so interested on patterns and whether our approach actually makes sense.

Thanks!

I grew up playing DOOM, but if I were to boot up the original game I would find it frustrating to play by modern standards (e.g. mouse movement?!). Thankfully, there are a ton of source ports that modernize the engine and make the game more accessible to current gaming sensibilities (e.g. WASD-movement). They're basically community remasters of the game.

It got me wondering about what other games have strongly benefited from tools that exist outside of the game itself.

Examples of what I mean:

1. Source ports (e.g. DOOM)
2. Community bugfixes (e.g. Vampire: The Masquerade - Bloodlines)
3. Restored/extended content (e.g. Star Wars: Knights of the Old Republic II)
4. Significant mods (e.g. Frostfall for Skyrim)
5. Rulesets/challenges (e.g. Nuzlocke Challenge for Pokémon)
6. Anything else that doesn't fit the above categories

Designing, coding, moderating, promoting and doing all the business admin on Tildes must be fairly thankless. But without all this effort we'd not be able to enjoy discussions with each other & share all this interesting content. I don't feel that much appreciation is really shown on here (except maybe miss-voting on all Deimos' comments).

But it is a little awkward, spurious thanks all over the place would just be noise. I thought I'd make a topic especially for people to say thanks in. I'm really enjoying Tildes content and discussion. Plus I'm a big believer in the goals of Tildes as laid out in the docs.

So I'd like to say a big thank you to Deimos and other useful contributors! Thanks for making the site we have to use today and dreaming of the hopefully better possible site we'll see in the future.

I'm also hoping to start a discussion on what enthusiastic Tildes users can do to most usefully help make Tildes good now and better in the future.

A list of stuff we can do:

• Obviously posting lots of good content and interesting discussions. Voting honestly and using comment labels judiciously.

• You can donate and currently we can see Tildes Patreon is at $375 a month. Deimos posted some more figures recently.

• We all regularly get invite codes and bringing in more people who can get excited (and maybe also help) is obviously good.

• The issue tracker and bug reports are all public so you can make suggestions, vote or comment on existing ones and perhaps more usefully see if you can work out how to reproduce reported bugs.

• As of a bit over two months ago Tildes is open source. This means you can track down bugs from the issue tracker or even contribute code for new features.

RFC:

So are other people liking Tildes? What is it you like? Are you excited enough to want to help out?

Also is there anything useful users can do I've missed? In these already mentioned areas what's actually most useful to do? Are some things of negative use? Could Deimos change his process to make more use of community help? Is there anything Deimos could delegate that people would be willing to volunteer on? Gitlab Walmart greeter would be cool but is anyone willing to do it?