I have changed my email more than once, just as part of customizing my online identity and all that.

and that obviously required me to login into any accounts I had and updating the email associated with them.

the most common workflow I have found is
login -> navigate to settings page -> edit the email field to the new email -> go to the inbox for the new email -> click confirm on confirmation email

then you can go to that website and do the forgot password, provide your email and change the password and get complete control.

I have always found that workflow weird cause it's the most prevalent one I have come across and seems so susceptible to tampering.

if someone leaves their laptop unattended for 3-4 minutes in public while visiting a bathroom (which happened often in the library of my university), there was nothing preventing me from going to their Facebook or whatever account they had open on their computer, changing the email to my own email and then clicking confirm on my inbox once I am back at my desk.

and most people don't have 2FA so that would effectively give me control of their account.
Hell, my university once had a potential data breach and they were 99.999% sure the data was not actually accessed by a malicious actor but still sent a mass email saying that they were advising everyone to change their passwords. a classmate of mine in the software systems program's attitude was basically "oh well, who cares?" and I just facepalmed internally.

there are maybe 3 websites I have come across that instead first send a confirmation email to your current inbox and after you confirm on that, then you get a confirmation email on the new email inbox. which isn't perfect but I feel like it's a bit more sensical and the best you can do without involving 2FA.

even then, that's also susceptible to the situation I described above if the user is always logged into their email.

I find it odd that websites don't prompt for a password as part of the email update process (or better yet 2FA with an app as even prompting for a password isn't a guarantee if the user has the password manager as an extension in their browser and they recently unlocked it before leaving their session unattended) to ensure that email changes are always done by the account owner.

I am a big fan of Cloudflare Tunnels, it's let me muck about with quite a few low risk apps and it's been fun.

one thing that's always bothered me though is the SSL setup.

According to their website, only enterprise users are allowed to manage their own TLS private keys.

I can kinda understand the logic behind free accounts not having that perk.

But if you are someone who really doesn't like cloudflare reading your traffic or you are a business, it seems odd to me that it's not being demanded of cloudflare that they make it more available for paid users to not expose their TLS private keys to cloudflare.

Why are so many folks OK with cloudflare essentially being able to read all their traffic?

or am I overestimating how many people are using the Pro and Business account? is the majority of their users just Free or Enterprise?

So I am finally starting the process of designing a personal website that can help manage and organize my finances for me.

So obviously, the security of such data is paramount and for the heck of it, I want to design a webapp where it doesn't operate by the rules of "trust me bro" even though I will be the one designing it and most likely will be the only one ever to use it. Just want that experience of proper encryption setup.

Also, even if I am the one operating it, I'd like to set it up so that even if the database is compromised, none of my information is.

skip to bottom if you want to just see my 2 question

Did some reading online, between reading when StandardNotes does encryption as well as how it does it and some basic reading into encryption

• https://www.baeldung.com/java-aes-encryption-decryption
• https://security.stackexchange.com/questions/14068/why-most-people-use-256-bit-encryption-instead-of-128-bit

and the importance of not having a local unencrypted database like Joplin does

So all that got me curious how Google encrypts the user data it has and would up reading

• https://security.stackexchange.com/questions/269341/how-does-googles-on-device-encryption-work
• https://developers.google.com/workspace/cse/guides/encrypt-and-decrypt-data

and the basic take-aways seem to be:

• utilize encryption on a field before storing it in a database so that even if the machine gets compromised, the data won't be
• if you want to go even further, take the approach of StandardNotes, where it seems even the web server itself never touched unencrypted data it seems? Looks like all the encrypting and decrypting happens locally and only encrypted data is sent to the server

1. But that got me curious. It can't be argued that Google is not secure. they have the best minds working there to ensure just that. and yet its also well known that their respect for user privacy is non-existent. Which means that they've made sure to protect the data [email, google searches, google docs, google maps history] from hackers but they can themselves decrypt at least some user data for the purpose of data collection and selling ads.
   But if Google can decrypt the data and that implies they store the keys on a server from what I can tell from my reading, how it is protected if someone malicious gains access to the database? If that person got access to the database and the keys that Google uses to decrypt the data, wouldn't that compromise the data?

2. if I decide to design my webapp so that all the encrypting and decrypting happens locally, that means that if I were to decide to create a REST API for my application, that would also have to be taking in data in encrypted format, no? Cause if that takes it in plaintext, that means that my webserver would have to be responsible for encryption, which it needs the keys to do that with and if it can encrypt with keys it has access to, then it can decrypt too, no? or are websites that deal with encrypted databases and have REST APIs that can take in plain text information generally coded to be using asymmetric encryption? meaning its different keys being used for encryption and decryption? Or is API Token the key in an encrypted format? or have I misunderstood the whole thing?

I have this Motherboard with 3 hard drives. I want the order to be

• P2
• Windows
• P5

and I have set that order many times, but for reasons I can't figure out, every once in a while, the order changes like you can see in this screenshot or other times, P5 somehow becomes the first option.

I can't figure out how to fix this?

This is probably a very long shot. I was part of quite a few maling lists / email groups back in the 1990s in Brazil. Lists for things like writing, The X-Files, Star Trek, or skepticism. I made a few friends. I know some of them were probably hosted on large foreign companies like Yahoo. I don't remember the actual names of the lists, and the internet provider where I had my email no longer exists. So I don't expect to find them easily, but I imagine that there must be some kind of archive where they may or may not exist. I'm okay with sifting through for a very long time if I have to. That may be facilitated by the fact that the Brazilian internet was fairly small back then. And I do remember possible usernames I might have used at the time, which I can use in a search.

Is what I want possible at all? Is there some kind of centralized archive that is easy for me to use?

Thanks!

I had heard about GLG a while ago and I was just approached by someone from GLG for a project. Does anyone have experience working with them specifically? I have never done any paid consulting gigs and I want to make sure I understand what I'm getting into.

Thanks!

I would like to upgrade my aged 8 years old laptop and I'm completely undecided about which laptop to buy right now.

I considered Apple Intel laptops terrible, bad thermals, overpriced, unreliable, touch bar (uggg), I hated every second working on it, when the company I work for upgraded me with a M1, it was such a huge improvement from any laptop I have ever tried, absolutely no noise, incredibly performant and the longest battery life of any laptop by a lot.

I still don't like the Apple ecosystem, and I would prefer to use Linux as my main OS, but I can't find anything that comes even closer for the price of a Mac Air, If I go with Framework I'll get a less performant machine with a way worse battery, I honestly don't think the premium on repairability is worth for me when I don't have any issues repairing more challenging laptops, at the end repairability will be how easy is to get new parts.

ThinkPads have good reputation and repairability, but for what I see, the quality has gone down the drain in their latest models, and if I go with their premium models I get similar performance to Apple with worse battery, Dell has similar issues.

Gaming laptops are not an option, I don't do any PC gaming and the size and aesthetics are a dealbreaker for me.

The main issue seems to be that until ARM processors become better competitors to Apple, the battery life will be always the bottleneck, and I don't know how good the new Snapdragon X Elite compares right now.

Besides web development, photography edition and video editing (4k), I don't do many demanding tasks, I'm more than fine with the performance of a M1 as the baseline.

As an alternative, I'm thinking about getting a powerful desktop for the demanding tasks and a less powerful laptop with a good battery and screen, but ideally I would prefer a single machine.

I went down the path of thinking about switching to Passkeys but it seems like more hassle than it is worth, so I hoped this community could tell me if I am crazy.

I use Bitwarden to generate and save passwords for anything important and always use an authentication app when the option is present. I never use the same password. Sadly, most Canadian banks are awful and only allow SMS 2FA if anything at all. That said, of the two banks I primarily use, one does allow an authentication app and the other uses its own app to send authentication codes.

I always read that Passkeys are better for people who are lazy/bad with their passwords. For someone like me, is the security practically the same or is there still some benefit to switching everything I can to Passkeys?

When Musk bought Twitter and "unleashed free speech" on the platform, it made me curious about other social media platforms, specifically one where data and privacy are much more respected.

That inevitably lead me to mastodon. I opened an account and all that, but I must be doing it wrong, or maybe mastodon just isn't what I want it to be.

I don't really know who or what to follow on there that would create an experience that draws me in.

In fairness, it could just be that I am not following interesting accounts but I follow 7 accounts

• grapheneOS which is just updates about their O.S.
• Daniel Micay who hasn't posted in a loooong time
• James Gunn rarely posts
• nixCraft is just memes

and the rest are just news outlets like Ars Technica, Electronic Frontier Foundation and Propublica, which ain't bad but like, they post links to long-form articles, which isn't really what you are really looking for if you are just doing a light skim of your feed for a quick 5 minutes.

Are interesting folks not on mastodon? or I am just not following the right accounts? Im interested in tech stuff and social issues and some politics (but not much cause that can get doom scrolly fast)

I enjoy Tildes a lot for its thoughtful discussion and well curated links. It's a site you can enjoy casually and not get addicted to.

But sometimes you're dealing with a cold, or laying in a hotel room after a long flight, or just feeling lousy, and you start to long for that infinite scroll, dopamine hit, image / video cornucopia. Or really, there are just times I want to laugh at memes, people's drama, etc., until I'm ready to get out of bed and back to the world.

In the old days, we had things like memebase, or early reddit to scratch that itch. But these days social media algorithms have gone nuts. For example, I can't spend five minutes on reddit without finding myself in a racially charged discussion. Platforms like TikTok likewise seem appealing (an endless scroll of silly videos would be great), but again the algorithms are there to highlight conflict and make you miserable. I feel like even if you work hard to curate on these platforms, you're not safe.

So for anyone who feels like me: is there a solution to this? Perhaps a fedeverse instance still small enough to avoid astroturfing. Or non social-media options with a huge amount of content (something like thedailywtf, or hitting random on a quality web comic). I would love to hear about what you enjoy when you're looking for internet junk food.

I have a Moto G 5G 2023 and 2025 Chevy Trax that I'm trying to troubleshoot why Android Auto cannot last more than 10 minutes without crashing out and needing to either wait for the connection to be available again, or unplug and replug the USB cord to get it to reconnect. Sometimes it goes for an extended period of time, and sometimes it won't last for longer than a minute before it crashes with no visible error on the phone. I think it might be something in RAM, but more often than not it's when Google Maps is up, with Audible in the background and I'm not sure if it's one of those or possibly my Launcher or having the three buttons turned on for my phone, or some weird esoteric thing.

I'm one of those mythical Linux users who has been using it for years but has little to no idea what's going on behind the scenes or under the hood.

In my time using it, I've sort of passively gleaned that certain things are controversial, but I don't necessarily know why. It's also hard for me to know if these are just general intra-community drama/bikeshedding, or if these are actually big, meaningful issues.

If you're someone who's in the know, here's your chance to lay out a Linux controversy in a way that's understandable by someone like me, who can't tell you why people always make "GNU/Linux" jokes for some reason whenever people mention "Linux."

Here are some things that have pinged for me as controversial in my time using Linux:

• Unity
• Canonical
• Deepin
• systemd
• Arch
• GNOME
• Manjaro
• Kali
• Rust in the kernel
• elementaryOS
• Linus Torvalds
• Snaps
• Wayland
• Something about a university being banned from contributing to Linux
• NVIDIA drivers
• Package managers vs. Snaps/Flatpaks

There are certainly more -- these are just the ones I can remember off the top of my head.

Replies don't have to be limited to the above topics. I'm interested in getting the lay of the land about any Linux controversy.

IMPORTANT

This topic is intended for learning, not bickering.

• Please try to explain a controversy as fairly as you can.
• Please try to not re-ignite a flame war about a specific controversy.

It's fine to discuss these in good faith, but I do not want this topic to become yet another Linux battleground online. There are plenty of those already!

Disclaimer: I do not like LLMs. I am not going to fight you on if you say LLMs are shit.

One of the things I find interesting about conversations on LLMs is when have a critique about them, and someone says, "Well, it's no different than people." People are only as good as their training data, people misremember / misspeak / make mistakes all the time, people will listen to you and affirm you as you think terrible things. My thought is that not being reliably consistent is a verifiable issue for automation. Still, I think it's excellent food for thought.

I was looking for new music venues the other day. I happened upon several, and as I looked at their menu and layout, it occurred to me that I had eaten there before. Not there, but in my city, and in others. The Stylish-Expensive-Small-Plates-Record-Bar was an international phenomenon. And more than that, I couldn't help but shake that it was a perversion of the original, alluring concept-- to be in a somewhat secretive record bar in Tokyo where you'll be glared into the ground if you speak over the music.

It's not a bad idea. And what's wrong with evoking a good idea, especially if the similarity is just unintentional? Isn't it helpful to be able to signal to people that you're like-that-thing instead of having to explain to people how you're different? Still, the idea of going just made me assume it'd be not simply like something I had experienced before, but played out and "fake." We're not in Tokyo, and people do talk over the music. And even if they didn't, they have silverware and such clanging. It makes me wonder if this permutation is a lossy estimation of the original concept, just chewed up, spat out, slurped, regurgitated, and expensively funded.

other forms of conceptual perversion:

• Matters of Body Image - is it a sort of collapse when we go from wanting 'conventional beauty' to frankensteining features onto ourselves? Think fox eye surgeries, buccal fat removal, etc. Rather than wanting to be conventionally attractive, we aim for the related concept of looking like people who are famous.
• (still thinking)

A while ago some of the keys on my Dell XPS laptop started working poorly, they were only registering the presses half of the time or if I pushed them really hard. I tried removing the keycaps and cleaning the keys on the inside, but to no avail. Well, I thought, that means it's time to get a new laptop. So I was choosing the next laptop to get. One of the options I considered was the Framework laptop, which is supposed to be super repairable - I mean, if only I could just replace my laptop keyboard, I wouldn't have to buy a whole new laptop just because of a few broken keys!

Then I thought about it again. I realized that a repairable laptop is only useful if you actually try to repair your laptop, which I've never done. So, I looked it up, and turns out Dell, while obviously not as easily repairable as Framework, has very well-detailed official service manuals as well!

Two weeks of waiting for a Chinese copycat keyboard from AliExpress and three hours of work later, I finally have a fully working laptop! Turns out it isn't hard at all to replace a broken keyboard - but I'm still very proud of myself for doing it, mostly for even deciding to do it instead of just turning a fully functional laptop into e-waste as I would've done otherwise. I was also really surprised that Dell laptops are that easy to fix (though they don't officially sell replacement parts to consumers), since it's known to be a company that makes a ton of money on expensive support offerings.

I don't really know what the lesson of this post is, I just wanted to share this small achievement with y'all.