This thread is posted daily - please try to post all relevant US political content in here, such as news, updates, opinion articles, etc. Extremely significant events may warrant a separate topic, but almost all should be posted in here.

This is an inherently political thread; please try to avoid antagonistic arguments and bickering matches. Comment threads that devolve into unproductive arguments may be removed so that the overall topic is able to continue.

This thread is posted daily - please try to post all relevant US political content in here, such as news, updates, opinion articles, etc. Extremely significant events may warrant a separate topic, but almost all should be posted in here.

This is an inherently political thread; please try to avoid antagonistic arguments and bickering matches. Comment threads that devolve into unproductive arguments may be removed so that the overall topic is able to continue.

As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their week. Did you accomplish any goals? Suffer a failure? Do nothing at all? Tell us about it!

This thread is posted daily - please try to post all relevant US political content in here, such as news, updates, opinion articles, etc. Extremely significant events may warrant a separate topic, but almost all should be posted in here.

This is an inherently political thread; please try to avoid antagonistic arguments and bickering matches. Comment threads that devolve into unproductive arguments may be removed so that the overall topic is able to continue.

This topic is part of a series. It is meant to be a place for users to discuss creative projects they have been working on.

Projects can be personal, professional, physical, digital, or even just ideas.

If you have any creative projects that you have been working on or want to eventually work on, this is a place for discussing those.

Hey guys,

I have been flip-flopping back and forth on this idea for a while, and would love some feedback on whether peeps would find this valuable.

Although I still call my self a "software developer" (and try to code daily), for the last 8 years I have ran a small 5-person agency that I started from the ground up, so my role was really CEO/CTO/CFO/Everything-O. My company focused on delivering high-quality custom software. Not brochure websites, and not Wordpress - our niche was internal business software (or as I like to call it "boring software for boring businesses") - and for a client service company we got very high margins of return.

Last year my business was acquired by a larger company which was an amazing result after the time and effort I had poured into it. I have realised I now want to help other developers who want to start their own software agency, or maybe they already have and are looking for hints or advice on certain topics.

So I have started Dev to Agency - a part blog part guidebook for how a full-stack developer can start and successfully run a software development agency, the things to pay attention too (and the things to ignore), and the key-values that I feel helped my business go from nothing, to 7 figures per year, and then to being acquired (if that is a path people would want to take).

I have just published my first couple of posts, About Dev To Agency that is a rundown of what I hope to achieve with this, then a post about My small custom software development agency - which gives an overview of what I built and where I think my articles will add value, and lastly You are the gold standard which covers how I feel an owner/maker should set the businesses standards and practises based of their personal values.

I have never written a blog before (or really done any writing before), so it would be fantastic to get some feedback from the community, and if there are any developers that this could interest then please subscribe on the website.

Cheers,

Chris.

Since I took so long to reply to Tips to use NixOS on a server? by @simao, I decided to create a new topic to share my configs. Hopefully this is informative for anyone looking to do similar things - I'll also gladly take critiques, since my setup is probably not perfect.

First, I will share the output of 'lsblk' on my VPS:

NAME      MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
vda       253:0    0   180G  0 disk  
├─vda1    253:1    0   512M  0 part  /boot
└─vda2    253:2    0 179.5G  0 part  
  └─crypt 254:0    0 179.5G  0 crypt 

That is, I use an unencrypted /boot partition, vda1, with GRUB 2 to prompt for a passphrase during boot, to unlock the LUKS encrypted vda2. I prefer to use ZFS as my file system for the encrypted drive, and LUKS rather than ZFS encryption. This is an MBR drive, since that's what my VPS provider uses, though UEFI would look the same. The particular way I do this also requires access through the provider's tools, and not ssh or similar. The hardware-configuration.nix file reflects this:

# Do not modify this file!  It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations.  Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:

{
  imports =
    [ (modulesPath + "/profiles/qemu-guest.nix")
    ];

  boot.initrd.availableKernelModules = [ "aes_x86_64" "ata_piix" "cryptd" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];

  fileSystems."/" =
    { device = "rpool/root/nixos";
      fsType = "zfs";
    };

  fileSystems."/home" =
    { device = "rpool/home";
      fsType = "zfs";
    };

  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/294de4f1-72e2-4377-b565-b3d4eaaa37b6";
      fsType = "ext4";
    };

  swapDevices = [ ];

}

# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, lib, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  # Hardware stuff
  # add the following to hardware-configuration.nix - speeds up encryption
  #boot.initrd.availableKernelModules ++ [ "aes_x86_64" "cryptd" ];
  boot.initrd.luks.devices.crypt = {
    # Change this if moving to another machine!
    device = "/dev/disk/by-uuid/86090289-1c1f-4935-abce-a1aeee1b6125";
  };
  boot.kernelParams = [ "zfs.zfs_arc_max=536870912" ]; # sets zfs arc cache max target in bytes
  boot.supportedFilesystems = [ "zfs" ];
  nix.maxJobs = lib.mkDefault 6; # number of cpu cores

  # Use the GRUB 2 boot loader.
  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  # boot.loader.grub.efiSupport = true;
  # boot.loader.grub.efiInstallAsRemovable = true;
  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
  # Define on which hard drive you want to install Grub.
  boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
  boot.loader.grub.enableCryptodisk = true;
  boot.loader.grub.zfsSupport = true;

  networking.hostName = "m"; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.

  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
  # Per-interface useDHCP will be mandatory in the future, so this generated config
  # replicates the default behaviour.
  networking.useDHCP = false;
  networking.interfaces.ens3.useDHCP = true;
  networking.hostId = "aoeu"; # set this to the first eight characters of /etc/machine-id for zfs
  networking.nat = {
    enable = true;
    externalInterface = "ens3"; # this may not be the interface name
    internalInterfaces = [ "wg0" ];
  };
  networking.firewall = {
    enable = true;
    allowedTCPPorts = [ 53 25565 ]; # open 53 for DNS and 25565 for Minecraft
    allowedUDPPorts = [ 53 51820 ]; # open 53 for DNS and 51820 for Wireguard - change the Wireguard port
  };
  networking.wg-quick.interfaces = {
    wg0 = {
      address = [ "10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64" ];
      listenPort = 51820;
      privateKeyFile = "/root/wireguard-keys/privatekey"; # fill this file with the server's private key and make it so only root has read/write access

      postUp = ''
        ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.1/24 -o ens3 -j MASQUERADE
        ${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT
        ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o ens3 -j MASQUERADE
      '';

      preDown = ''
        ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.1/24 -o ens3 -j MASQUERADE
        ${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg0 -j ACCEPT
        ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o ens3 -j MASQUERADE
      '';

      peers = [
        { # peer0
          publicKey = "{client public key}"; # replace this with the client's public key
          presharedKeyFile = "/root/wireguard-keys/preshared_from_peer0_key"; # fill this file with the preshared key and make it so only root has read/write access
          allowedIPs = [ "10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128" ];
        }
      ];
    };
  };

  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  nixpkgs.config = {
    allowUnfree = true; # don't set this if you want to ensure only free software
  };

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "us";
  };

  # Set your time zone.
  time.timeZone = "America/New_York"; # set this to the same timezone your server is located in

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment = {
    systemPackages = with pkgs; let
      nvimcust = neovim.override { # lazy minimal neovim config
        viAlias = true;
        vimAlias = true;
        withPython = true;
        configure = {
          packages.myPlugins = with pkgs.vimPlugins; {
            start = [ deoplete-nvim ];
            opt = [];
          };
          customRC = ''
            if filereadable($HOME . "/.config/nvim/init.vim")
              source ~/.config/nvim/init.vim
            endif

            set number

            set expandtab

            filetype plugin on
            syntax on

            let g:deoplete#enable_at_startup = 1
          '';
        };
      };
    in
    [
      jdk8
      nvimcust
      p7zip
      wget
      wireguard
    ];
  };

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  #   pinentryFlavor = "gnome3";
  # };

  # List services that you want to enable:

  # Enable the OpenSSH daemon.
  services = {
    dnsmasq = {
      enable = true;
      # this allows DNS requests from wg0 to be forwarded to the DNS server on this machine
      extraConfig = ''
        interface=wg0
      '';
    };
    fail2ban = {
      enable = true;
    };
    openssh = {
      enable = true;
      permitRootLogin = "no";
    };
    zfs = {
      autoScrub = {
        enable = true;
        interval = "monthly";
      };
    };
  };

  # Set sudo to request root password for all users
  # this should be changed for a multi-user server
  security.sudo.extraConfig = ''
    Defaults rootpw
  '';

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users = {
    vpsadmin = { # admin account that has a password
      isNormalUser = true;
      home = "/home/vpsadmin";
      extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
      shell = pkgs.zsh;
    };
    mcserver = { # passwordless user to run a service - in this instance minecraft
      isNormalUser = true;
      home = "/home/mcserver";
      extraGroups = [];
      shell = pkgs.zsh;
    };
  };

  systemd = {
    services = {
      mcserverrun = { # this service runs a systemd sandboxed modded minecraft server as user mcserver
        enable = true;
        description = "Start and keep minecraft server running";
        wants = [ "network.target" ];
        after = [ "network.target" ];
        serviceConfig = {
          User = "mcserver";
          NoNewPrivileges = true;
          PrivateTmp = true;
          ProtectSystem = "strict";
          PrivateDevices = true;
          ReadWritePaths = "/home/mcserver/Eternal_current";
          WorkingDirectory = "/home/mcserver/Eternal_current";
          ExecStart = "${pkgs.jdk8}/bin/java -Xms11520M -Xmx11520M -server -XX:+AggressiveOpts -XX:ParallelGCThreads=3 -XX:+UseConcMarkSweepGC -XX:+UnlockExperimentalVMOptions -XX:+UseParNewGC -XX:+ExplicitGCInvokesConcurrent -XX:MaxGCPauseMillis=10 -XX:GCPauseIntervalMillis=50 -XX:+UseFastAccessorMethods -XX:+OptimizeStringConcat -XX:NewSize=84m -XX:+UseAdaptiveGCBoundary -XX:NewRatio=3 -jar forge-1.12.2-14.23.5.2847-universal.jar nogui";
          Restart = "always";
          RestartSec = 12;
        };
        wantedBy = [ "multi-user.target" ];
      };
      mcserverscheduledrestart = { # this service restarts the minecraft server on a schedule
        enable = true;
        description = "restart mcserverrun service";
        serviceConfig = {
          Type = "oneshot";
          ExecStart = "${pkgs.systemd}/bin/systemctl try-restart mcserverrun.service";
        };
      };
    };
    timers = {
      mcserverscheduledrestart = { # this timer triggers the service of the same name
        enable = true;
        description = "restart mcserverrun service daily";
        timerConfig = {
          OnCalendar = "*-*-* 6:00:00";
        };
        wantedBy = [ "timers.target" ];
      };
    };
  };

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "20.09"; # Did you read the comment?

}

Edit: Also, the provider I use is ExtraVM, who has been excellent.

As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their weekend. Did you make any plans? Take a trip? Do nothing at all? Tell us about it!

This thread is posted weekly, and is intended as a place for more-casual discussion of the coronavirus and questions/updates that may not warrant their own dedicated topics. Tell us about what the situation is like where you live!

Sunday Security Brief

This brief covered a unique attack vector, information on a broad campaign using DNS attacks, a case relating to technology law, and a few advisories that either stuck me as important or curious.

What happened last night can happen again ~ fortune

Topics:

• IDN Homograph Attack
• A Deep Dive on DNS Hijacking Attacks
• Law enforcement has seized the domains and infrastructure of three VPN services being used for cybercrime
• Advisories

IDN Homograph Attack

This particular exploit is interesting. It takes advantage of the fact that many different characters look alike to mislead people from their desired domain to a malicious one. I wonder what practices could help avoid this issue. The obvious step is to be concious of limiting the links that you click on from websites like Tildes, Hacker News, Reddit, or where anywhere can share a link with you via text. For example, if you see a Reddit thread about PayPal where someone includes a link to the PayPal Customer Service Center... Don't click it, just Google "PayPal Customer Service". This will be far safer in ensuring that you're going to the domain that you meant to!

Another thing to note is the importance of realizing how your trust online and how that changes your behavior. I know that I have a general sense of trust for people here that removes a lot of doubt when it comes to clicking random stuff you all share here. That trust could potentially work against you.

"The internationalized domain name (IDN) homograph attack is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike"

"The registration of homographic domain names is akin to typosquatting ~ Wikipedia, in that both forms of attacks use a similar-looking name to a more established domain to fool a user. The major difference is that in typosquatting the perpetrator attracts victims by relying on natural typographical errors commonly made when manually entering a URL, while in homograph spoofing the perpetrator deceives the victims by presenting visually indistinguishable hyperlinks."

IDN homograph attack ~ Wikipedia

A Deep Dive on DNS Hijacking Attacks

The article covered is a few months old, but still relavant as ever. The U.S. government alongside private security personnel issued information of a complex system that allowed suspected Iranian hackers to obtain a huge amount of email credentials, sensitive government and corporate information. The specifics of how this attack occured are not publicly available but Cisco's Talos research has a write up of how DNS Attacks work, the relavant snippets are below.

"Talos said the perpetrators of DNSpionage were able to steal email and other login credentials from a number of government and private sector entities in Lebanon and the United Arab Emirates by hijacking the DNS servers for these targets, so that all email and virtual private networking (VPN) traffic was redirected to an Internet address controlled by the attackers."

"Talos reported that these DNS hijacks also paved the way for the attackers to obtain SSL encryption certificates for the targeted domains (e.g. webmail.finance.gov.lb), which allowed them to decrypt the intercepted email and VPN credentials and view them in plain text."

"A Deep Dive on the Recent Widespread DNS Hijacking Attacks" ~ Krebs on Security

Law enforcement has seized the domains and infrastructure of three VPN services being used for cybercrime

The balance between allowing autonomy and protecting our collective interests comes to my mind. This seems like a worthy example of when stopping people from victimizing others overshadows the benefits of free action.

"Law enforcement agencies from the US, Germany, France, Switzerland, and the Netherlands have seized this week the web domains and server infrastructure of three VPN services that provided a safe haven for cybercriminals to attack their victims."

"... described the three as "bulletproof hosting services," a term typically used to describe web companies that don't take down criminal content, despite repeated requests."

"According to the US Department of Justice and Europol, the three companies' servers were often used to mask the real identities of ransomware gangs, web skimmer (Magecart) groups, online phishers, and hackers involved in account takeovers, allowing them to operate from behind a proxy network up to five layers deep."

Law enforcement take down three bulletproof VPN providers ~ Zdnet

Advisories

• Debian, DSA-4824-1 chromium security update. Source

• Arch, CVE-2020-25637 libvirt. Source

• CentOS, CESA-2020-5437, Important CentOS 7 kernel. Source

• RedHat, RHSA-2020:5665, Important: mariadb:10.3 security, bug fix, and enhancement update. Source

• Windows, If you know of a good tracker for Windows securities advisories, please let me know. I was considering just drawing from the Microsoft Security Response Center Blog.

Saturday Security Brief

Topics: Attack Surface Management, Active iMessage exploit targetting journalists, Academic research on unique EM attack vectors for air-gapped systems.

Any feedback or thoughts on the experience of receiving and discussing news through this brief or in general are welcome. I'm curious about this form of staying informed so I want to experiment. (Thanks again for the suggestion to post the topics as comments.)

Attack Surface Management

This concept is about ensuring that your network is equipped to handle the many issues that arise from accommodating various "Servers, IoT devices, old VPSs, forgotten environments, misconfigured services and unknown exposed assets" with an enterprise environment. Some of the wisdom here can be applied better think about protecting our personal networks as well. Outdated phones, computers, wifi extenders, and more can be a foothold for outside attackers to retain persistant access. Consider taking steps to migigate and avoid potential harm from untamed devices.

Consider putting certain devices on the guest network if your router supports doing so and has extra rules for devices on that network so they can't cause damage to your other devices directly.

"A report from 2016 predicted that 30% of all data breaches by 2020 will be the result of shadow IT resources: systems, devices, software, apps and services that aren’t approved, and in use without the organization’s security team’s knowledge. But shadow IT isn’t the only area where security and IT teams face issues with tracking and visibility."

Attack Surface Management: You Can’t Secure What You Can’t See ~ Security Trails

Multiple Journalists Hacked with ‘Zero-Click’ iMessage Exploit

Mobile spyware is continuing to evolve and tend towards professional solutions. Recently this technology has been abused to conduct espionage on journalists of major networks. Where once these exploits typically required some mistaken click from the user, new developments are allowing their activities without any trace or requiring interaction from the target.

"NSO Group’s Pegasus spyware is a mobile phone surveillance solution that enables customers to remotely exploit and monitor devices. The company is a prolific seller of surveillance technology to governments around the world, and its products have been regularly linked to surveillance abuses."

"In July and August 2020, government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The personal phone of a journalist at London-based Al Araby TV was also hacked."

"The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates."

"More recently, NSO Group is shifting towards zero-click exploits and network-based attacks that allow its government clients to break into phones without any interaction from the target, and without leaving any visible traces."

The Great iPwn Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit ~ Citizen Lab

Security researchers exfiltrate data from air-gapped systems by measuring the vibrations made by PC fans.

Besides this potential exploit the article mentions past research done by Guri and his team which is worth checking out, like:

• LED-it-Go - exfiltrate data from air-gapped systems via an HDD's activity LED

• AirHopper - use the local GPU card to emit electromagnetic signals to a nearby mobile phone, also used to steal data

• MAGNETO & ODINI - steal data from Faraday cage-protected systems

• PowerHammer - steal data from air-gapped systems using power lines

• BRIGHTNESS - steal data from air-gapped systems using screen brightness variations

"Academics from an Israeli university have proven the feasibility of using fans installed inside a computer to create controlled vibrations that can be used to steal data from air-gapped systems."

Academics steal data from air-gapped systems using PC fan vibrations ~ Zdnet

Good Practices

"Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Here’s the story of one such incident."

Turn on MFA Before Crooks Do It For You ~ Krebs on Security

As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their week. Did you accomplish any goals? Suffer a failure? Do nothing at all? Tell us about it!

When you click in a tag in a tildes group, you see the topics that have been posted in that group with that tag according to your filters. There's also a link to go back to normal viewing. I think an option to see that tag in all groups would be a neat addition, even if not particularly important. Thoughts?

As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their weekend. Did you make any plans? Take a trip? Do nothing at all? Tell us about it!

This thread is posted weekly, and is intended as a place for more-casual discussion of the coronavirus and questions/updates that may not warrant their own dedicated topics. Tell us about what the situation is like where you live!

I built a link sharing website where you connect to users that share your interests. When you upvote a link - you connect to other users who upvoted that link and LinkLonk shows you what else these users upvoted.

The more in common you have with another user the more prominently their other recommendations appear on your list.

The intuition is that the more useful your past recommendations have been for me, the more I can trust your future recommendations.

This is how trust works in meatspace - we keep track of how positive our experiences have been with other people and use that track record to decide who we can trust in the future.

Except that mechanism does not work online. It just does not scale to the numbers of users we interact with. We can remember around 150 other people (the Dunbar number). Beyond that our builtin trust mechanism breaks down. We revert to more coarse and primitive trust mechanisms such as tribalism and mistrust in everyone.

While we cannot personally keep track of every user on a platform - that is what computers are good at.

That is the idea behind LinkLonk. You don't need to remember the names of users who you can trust (in fact there are no usernames on LinkLonk). You simply upvote content that was useful to you and LinkLonk constantly keeps track of how useful every other user has been and ranks new content accordingly.

Another important part of trust is that if you misplace your trust in someone and they let you down then you need a mechanism to stop trusting them.

This is what the downvote button is used for: when you downvote an item, LinkLonk reduces your “trust” in other users that upvoted it. As a result, you will see less content from those users.

The above describes the basic idea. There are a couple more concepts:

• You start off weakly connected to all users, which means that at first you see content sorted by popularity. Rate something and refresh the page - the ranking will change.
• You are not limited to a single persona/interest. If you have multiple interests then you can create a separate collection for each of your interests. When you upvote a link you can choose what collection it belongs to. For example, if you are interested in woodworking and music then you can create two collections and put woodworking links into one and music links into the other. Then other people who liked your woodworking recommendations will only see your other recommendations from the same collection and will not get your music. This is mostly a way for you to help other users find relevant content. It’s optional. You can put everything into the “default” collection if you don’t feel like organizing.
• LinkLonk has another source of recommendations - RSS feeds. When you upvote a blog post LinkLonk connects to the RSS feed of that blog - as if it was another user. LinkLonk pulls updates from the feed and shows you the new entries using the same ranking algorithm: the more you upvote items from the feed the higher the other items from the feed are ranked. You can submit any RSS url and LinkLonk will connect (subscribe) you to it. My hope is that in the early days when we don't have many users you would find LinkLonk useful as a sort of an RSS reader.
• Moderation. When you downvote an item then you get connected to other users who also downvoted that same item. In other words, you will trust their other downvotes. If they downvote something then that item will rank lower for you.

Give it a try at: https://linklonk.com/register with 'tildes' as the invitation code. The invitation code can be used multiple times and I will keep it active for a few days. After that please DM me to get a fresh code.

I’m posting this on Tildes in part because I like the group of people that Tildes has attracted. And I also feel the topics of trust systems, content curation and moderation are relevant to Tildes and to its users (see: https://docs.tildes.net/future-plans#trustreputation-system-for-moderation).

What do you think?

As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their week. Did you accomplish any goals? Suffer a failure? Do nothing at all? Tell us about it!

This topic is part of a series. It is meant to be a place for users to discuss creative projects they have been working on.

Projects can be personal, professional, physical, digital, or even just ideas.

If you have any creative projects that you have been working on or want to eventually work on, this is a place for discussing those.

As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their weekend. Did you make any plans? Take a trip? Do nothing at all? Tell us about it!

This thread is posted weekly, and is intended as a place for more-casual discussion of the coronavirus and questions/updates that may not warrant their own dedicated topics. Tell us about what the situation is like where you live!

As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their week. Did you accomplish any goals? Suffer a failure? Do nothing at all? Tell us about it!

As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their weekend. Did you make any plans? Take a trip? Do nothing at all? Tell us about it!

This thread is posted weekly, and is intended as a place for more-casual discussion of the coronavirus and questions/updates that may not warrant their own dedicated topics. Tell us about what the situation is like where you live!

I always enjoy Amos' writing, he does a great job of walking through topics in depth and explaining each step of the way. It looks like he's starting a new series to work through all of this year's Advent of Code problems, which will probably be a good read for people interested in Rust (whether you already have experience with it or not).

Only the first day is up so far, but the overall series page is here, and individual links:

• Day 1
• Day 2
• Day 3
• Day 4
• Day 5
• Day 6
• Day 7
• Day 8
• Day 9
• Day 10
• Day 11

I'll update this post with new links as the new parts come out, and possibly bump it occasionally.

Hello! If you've clicked on this I'd like to start off by apologizing for the title! I'm in a bit of a strange headspace right this moment as I try to digest some thoughts thrown my way today. I'm currently coming at this from the personal lens of myself, but I think there are some larger questions/generalizations that could be made and might be helpful for others.

Ok, so for some background I am a "straight" man. My previous partners have all been women, with the exception of one who identified as female when we were dating, and my current partner is non-binary but female-presenting and has identified as such the entirety of the time we have been dating. I have previously viewed myself as straight and an ally to my partner and the lgbtq+ community. Today, I was having a long conversation with my cousin about his experiences coming out of the closet and with homophobia in our family. I mentioned at one point that I didn't feel comfortable making some assumptions/statements since I am straight and not a member of the community. He (very politely) brought up that, at least strictly technically speaking, the fact that I am dating someone who is non-binary means we are not in a heterosexual relationship and that I am not technically straight, more likely being bi or pan (if we could lets not turn this into the bi vs pan debate which I know is a controversial topic but not really what I'd like to focus on). He also made a point to stress that these are all technical definitions and that gender and sexual identity are very personal and if I don't feel that it describes me then it isn't for him to decide I'm wrong. This made me a bit uncomfortable. It made me uncomfortable because while he's right, it feels wrong. I feel like if I began identifying as pan/bi, it would come off as a straight white male looking for a way to put himself in the position of being oppressed or marginalized for woke points. I don't know if it is because the college I went to was full of dudes like this, constantly looking for ways to be the victim, but its just something I feel deep in my bones. I don't really know though. I feel like if someone came up to me and described my life as their own and told me they identified as pan/bi I would agree and support them, but I won't extend that to myself. I don't know if its just a lifetime of assuming I was straight is why this is or if the term is actually wrong.

I guess to summarize/generalize, I'll put some reallly fucking loaded questions where I know the 'real' answer is "It is a deeply personal thing and will vary by person to person because the LGBTQ+ community isn't a monolith with all the same ideas" but I'm hoping maybe writing all this out and reading some of the results will help me color, process and digest my thoughts.

1. What/where would you put the line between straight and not straight (if anywhere). I know personally while I like to keep an open mind, I do heavily preference female-presenting people, whether they be trans, nb, or identify as a woman. But is that openness to dating someone who doesn't identify as a woman enough for me to be not-straight? I want to say yes, I don't think you need to date someone of a different gender to be not-straight. My cousin is bi but has exclusively dated men. I wouldn't tell him he isn't bi.

2. I am very uncomfortable with this question but do you feel there is a degree of "not-straight" you need to be to be an active part of the queer community. To kind of explain my thoughts on that: From an outside perspective, no one that hasn't been told my partner is nb would question if we said we were a straight couple. I've never and probably will never feel fear or be oppressed based on my sexuality. I dunno. I just feel really weird. like I'm inserting myself into a community I've always identified as an ally of but been an outsider to.

Anyway, sorry for this rant. I know the two questions are really loaded and I honestly feel like I know the answer to both of them. But just because i know the answer doesn't change how conflicted I feel and so I guess I'm just trying to work through some of the thoughts and conflicts.

I also want to take a second to note: I am actively talking with my partner about these thoughts and feelings. This is an ongoing discussion in our household, I am just looking for more perspectives and views to help me see things from different angles and work through my thoughts and feelings. Helping me through this is absolutely not the responsibility of anyone on Tildes and I don't want it to seem like I am putting that pressure on the community.

As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their week. Did you accomplish any goals? Suffer a failure? Do nothing at all? Tell us about it!

This topic is part of a series. It is meant to be a place for users to discuss creative projects they have been working on.

Projects can be personal, professional, physical, digital, or even just ideas.

If you have any creative projects that you have been working on or want to eventually work on, this is a place for discussing those.

Basically the title. I'm not going to navel-gaze too much here because it's not that much of a complex problem.

Currently, as it stands, if a submission is older than x days (where x may be 3, but I'm not sure), new comments in that submission will no longer cause Tildes to bump the thread to the top of the list in activity view. Additionally, after 2 weeks, a note will be appended to the comment posting view indicating community standards around commenting on older threads.

The scenario I'm seeking to solve is where one submission covers an event of some duration longer than a few days—where Tildes users feel repeated or recurring submissions are not warranted. My example is this thread about a YouTube video series that was released in three parts, but all discussion has been placed in that submission, presumably because no one has felt that duplicating a post for each new part of the series is worthwhile.

Perhaps if a certain proportion of comments occur within a timeframe, after the submission has been aged out of the sliding window where new comments cause a bump in activity, a bump should still be allowed, but should require more than 1 comment to trigger said bump?

There's some fairly good discussion in that thread that feels wholesome enough that it could be exposed again to the wider Tildes community—because right now everyone interested in that thread is operating under the implicit assumption that to read and participate about this topic, they have to remember to go back to thread y.

As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their weekend. Did you make any plans? Take a trip? Do nothing at all? Tell us about it!

This thread is posted weekly, and is intended as a place for more-casual discussion of the coronavirus and questions/updates that may not warrant their own dedicated topics. Tell us about what the situation is like where you live!

As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their week. Did you accomplish any goals? Suffer a failure? Do nothing at all? Tell us about it!

As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their weekend. Did you make any plans? Take a trip? Do nothing at all? Tell us about it!

This thread is posted weekly, and is intended as a place for more-casual discussion of the coronavirus and questions/updates that may not warrant their own dedicated topics. Tell us about what the situation is like where you live!

IMPORTANT INFORMATION

Deadlines

The creative portion for Timasomo ends at 11:59:59 PM on November 30, 2020, relative to wherever you are.

The showcase will be next Sunday, December 6th (probably posted around 18:00:00 GMT).

Next Steps

Finish up your project in the next two days. You have the following week to prepare your showcase. This means you can edit, add polish, find hosting, etc. It's your week to get your project ready for however you're wishing to present it! And if you have to cram in a little creativity in that time too, well, I won't say anything. :)

Showcase Logistics

Changes

You can see last year's Timasomo showcase here. It will look fairly similar, but there are going to be a few changes this year based on feedback from last year:

• The Showcase will be hosted in ~talk, not ~creative, to expose the projects to the wider Tildes audience.
• Participants will post their own projects in the comments rather than me posting them within the topic (this is so people don't have to ping creators, and to give participants better control of their showcase entries)

Preparing Your Showcase

• Give your project a title, and use the # markdown to make it stand out in the showcase thread!
• Link to your project in whatever way works best for your project.
• Give an "creator statement" that contextualizes what your project is.

Showcase FAQ

Do I have to share my whole project?

Nope! Only share what you're comfortable with! Snippets, excerpts, screenshots, or even just a summary from you are all fine. Tildes is a privacy-respecting site, and that extends to Timasomo! :)

What if I have more than one project to showcase?

Awesome! Make more than one entry in the showcase!

What if I didn't meet my goal?

It's up to you if you want to participate in the showcase. Even if you didn't meet your goal but still feel you want to share what you did accomplish, that's fine! If not, no worries!

What if I need hosting for files/images?

Please ask here! There are plenty of people here who can help with that.

What if I have a question not covered here?

Please ask here or by PM!

Timasomo FAQ

As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their week. Did you accomplish any goals? Suffer a failure? Do nothing at all? Tell us about it!

This topic is part of a series. It is meant to be a place for users to discuss creative projects they have been working on.

Projects can be personal, professional, physical, digital, or even just ideas.

If you have any creative projects that you have been working on or want to eventually work on, this is a place for discussing those.

As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their weekend. Did you make any plans? Take a trip? Do nothing at all? Tell us about it!

This thread is posted weekly, and is intended as a place for more-casual discussion of the coronavirus and questions/updates that may not warrant their own dedicated topics. Tell us about what the situation is like where you live!

As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their week. Did you accomplish any goals? Suffer a failure? Do nothing at all? Tell us about it!

When Pauline Harmange published her Essay “I hate men” (in French: “Moi, les hommes, je les déteste”) – the first edition with only 400 copies printed by a small French publisher – the 25 years old blogger and author expected, that only feminist activists would be interested in it.
But then Ralph Zurmély, an advisor of the French Ministry for Equality, read the text and publicly threatened Harmange with a lawsuit for “Inciting Hatred”. The ministry quickly distanced itself, but the public had already gotten wind of the manifest. For the author, this meant a flood of insults and threats over social networks, but also attention from international publishers. Her book is now being translated into ten languages; in German it is being published by Rowohlt. At this point, the 25 year old can laugh about Zurmélys threat, “because it proves my thesis beautifully”, she says on the telephone.

ZEIT Campus ONLINE: Feminists worldwide are justified in defending themselves against all forms of misogyny, the hatred of women. Now you are advocating for hating men. Fighting hate with hate, can that be a good idea?

Pauline Harmange: Now, hating men and hating women are not the same thing. Behind misogyny, the hatred of women, there is a system, which is extremely dangerous and violent in many ways. Misandry, hating men, is a way for women to protect and defend themselves from the violent behaviour of men. It is a counter-reaction. There would not be a need to dislike or hate men, if hating women would not systematically exist. Men are in many ways simply a danger to our life.

ZEIT Campus ONLINE: But does that justify a general hate against men, all men?

Harmange: For me and a lot of other feminists men form a social class. The phrase “I hate men” means that I hate the social group of men, because of all the privileges that they enjoy. I’d like to tell everyone that it is okay and important to be tired of this group. Misandry is a freeing form of hostility, and it covers a wide range of emotions and needs: It can mean, that we publicly fight against the violence of men against women. It can also mean personal consequences, like making the decision to not meet with men anymore and not trust them. All those things are okay and legitimate.

ZEIT Campus ONLINE: Is it not more important to differentiate, which men and which behaviours are problematic?

Harmange: When we take the time and effort, to exactly decide which men are good and bad, we lose a lot of our feminist energy, which we need in the fight against the patriarchy. The “Not all men” argument isn’t a strong enough answer for the systematic oppression which women experience through men. When we as feminists say, that we hate all men, that doesn’t mean that we don’t make any differences.

ZEIT Campus ONLINE: Which differences do you mean?

Harmange: Picture the system of misogyny like a pyramid. On top we have a few extremely violent men. Under that comes a large portion of men, which can be good, for example to the woman that they love. But that doesn’t mean that they don’t live in a misogynist system and support it in other ways. For example if they make sexist jokes or speak badly of women with their friends.

Zeit Campus ONLINE: You are married to a man and have male friends. How do you live with the contradiction, hating all men, but loving one and liking some?

Harmange: That is not a contradiction. I’m only married to a man, because we grew together as people. I live in a relationship which allows me to be the person I want to be. But yes, it was tiring to become a feminist and kind of take my husband with me during that process. I don’t know if I could do that again with a different man. My husband and my male friends know, what I mean when I say that I hate men or “men are trash”. They understand, that masculine ideals are not good for themselves or society. Only because one dislikes men as a social group, does not mean that one cannot have individual, very good relationships to men. The prerequisite for that however is, that you have men in front of you who are ready to listen and understand.

ZEIT Campus Online: You don’t seem to have a lot of faith in the introspection of men. In your text you write that behind every man that takes an interest in gender equality, “there are multiple women which have opened his eyes with hard work.”

Harmange: It is very frustrating for me and a lot of other feminists that men don’t use any of their time to learn anything about gender equality. A lot of women don’t get the choice but learn about the topic of sexual violence, for them it is only a choice of life or death. They have to learn to protect themselves. We get taught from small age to always learn and better ourselves to find a place in society. Men don’t feel that need. They grow up with the idea, that they are good the way they are. For them it is easier to say “I don’t hate women, I treat my girlfriend well, I’m one of the good ones.” That’s not enough, because it’s not just about the women they love. Men have to think about privileges and the system of oppression of women through men.

ZEIT Campus ONLINE: But if you advocate misandry, wouldn’t the opposite happen? Wouldn’t men feel appalled by feminist discourse and stop taking an interest in it?

Harmange: I find this idea horrible, that men have to feel liked by women to be interested in the feminist fight and gender equality. We don’t have the time or energy to convince men or give them a good feeling just to hope that they maybe do something for us. This inequality between the genders exists since hundreds of years, thousands of smart things have been said and written about it. Now it’s one the men to take an interest in it. By motivating themselves. It can’t be, that this interest is only done for their girlfriends.

ZEIT Campus ONLINE: What does that mean for you? Do you not talk to your male friends about gender equality?

Harmange: I’m ready to discuss with individuals I like and where I know that they want to learn and be better. But I won’t be a teacher for men in general. It is extremely tiring and gives me no benefit.

ZEIT Campus ONLINE: What about a man who takes interest in gender equality and wants to do something? What can he do?

Harmange: There’s a feminist influencer on Instagram which I really like, @irenevrose, and she wrote “When men ask me what they can do for the feminist fight, I always say: Watch the kids while your girlfriends go take part in demonstrations.” Even when the women in their surroundings aren’t activists, men should ask themselves: How can I support them and help? It’s important that men don’t push themselves into the foreground. It’s not their fight and not their stage.

ZEIT Campus ONLINE: But isn’t it important that men call themselves feminists in public and talk about gender equality, so the work doesn’t just stay with the women?

Harmange: Men who call themselves feminist in public often sadly want to be the star of the show. Many of them want to get compliments, without ever asking themselves: “When have I benefited from my male privilege? How did I treat the women in my life?” There was surely problematic behaviour at some point. If a man is serious about his fight against the patriarchy, he has to start with himself. And his friends. Men can talk with friends about how to treat women and can criticise it, when someone makes a sexist joke or comment. That’s much more important than any kind of interview or text, in which a man celebrates himself as an exemplary feminist.

ZEIT Campus ONLINE: Back to the hate on men: Which social vision is connected to this? If you think it through – do we really want to live in a society, where all women hate men?

Harmange: I think the chance, that we wake up tomorrow in a matriarchy, in which all women hate men is fairly small (laughs). But seriously: We women know how hard it is to be oppressed in a society and treated harshly. All women have lived through it at some point. We wouldn’t wish that experience on anyone. To think, that from critical feminist discourse a matriarchy would arise which oppresses men is a too simple view on the subject. I see this fear of men of man-hating, female wielders of power as admitting their own wrong behaviour.

ZEIT Campus ONLINE: How do you mean?
Harmange: Well, they seem to think that systematic oppression of women in the patriarchy for hundreds of years could evoke a strong counter reaction. The best thing would be to reflect on this fear and ask yourself: In which society do I want to live? A lot of men would conclude that the patriarchy hurts them too. Of course, in the first step they lose the as naturally viewed confirmation from women. But in the second step they gain a new equality between the genders. Men and women would learn to be more honest to each other, in their relationships as well.

ZEIT Campus ONLINE: What personal consequences have you drawn from hating men?
Harmange: I’ve realised that my well-being is not depended on the acknowledgement from men. I’ve shifted my focus radically on the women in my surroundings, whose support I need and whom I can offer help and support myself. I think that allowing yourself to hate men can help a lot of women in deepening the relationships to their female friends. Through this I have discovered a new quality of sisterhood.

ZEIT Campus ONLINE: What defines this sisterhood?

Harmange: One thing in which women are better than men are building up emotional relationships to other people. That can help us build deep connections. Moments, in which women are between each other, are important. We collect our energy, charge our batteries for the feminist fight. It doesn’t matter if we meet to knit, read, network or protest. I believe firmly that the private and intimate is political, so a round to knit can be political. Just sitting down with female friends and drinking tea helps the feminist fight, because we say things that we wouldn’t be saying if men were present. Because we talk about our experiences in a patriarchal society. And because we realize that it’s beautiful that men don’t play a role in every aspect of our lives.

This text is a translation of the German original. The translation is written by me. Not because I agree with the person, I think her views are abhorrent and self-absorbed, more because I think it's a good basis for discussion, and because I liked the exercise. Link to the (paywalled) original

As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their weekend. Did you make any plans? Take a trip? Do nothing at all? Tell us about it!

This thread is posted weekly, and is intended as a place for more-casual discussion of the coronavirus and questions/updates that may not warrant their own dedicated topics. Tell us about what the situation is like where you live!

As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their week. Did you accomplish any goals? Suffer a failure? Do nothing at all? Tell us about it!

So what I'm talking about is stuff like this 10-video playlist or this 3 video playlist (Emp never actually made it a playlist unfortunately).

So how should we deal with multiple videos from the same person on the same subject?

Should the ability to make 10 link posts and wrap them under a single topic so people can comment on each video individually be a new feature (and if so should we be able to upvote the whole thing or each link individually?)

Should we upload a playlist of all the videos like this?

Should we make a text post with all the video links, like this but with videos instead of chapters?

Or should we do something else?

This topic is part of a series. It is meant to be a place for users to discuss creative projects they have been working on.

Projects can be personal, professional, physical, digital, or even just ideas.

If you have any creative projects that you have been working on or want to eventually work on, this is a place for discussing those.

Two parts to this topic:

• What music have you grown out of? (This is music you used to love but that you now find it very hard to enjoy)

• What, if anything, caused/spurred the separation?

• What music has remained resonant throughout the years? (This is music that still speaks to you like it did when you first listened to it, years or even decades earlier).

• What do you think gives it such staying power?

"Music" can refer to specific songs, albums, artists, labels, genres, etc. -- whatever best fits the questions and your musical preferences.

As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their weekend. Did you make any plans? Take a trip? Do nothing at all? Tell us about it!

This thread is posted weekly, and is intended as a place for more-casual discussion of the coronavirus and questions/updates that may not warrant their own dedicated topics. Tell us about what the situation is like where you live!