on windows and mac they just get a prompt and a lot of people don't read it, care, nor wonder what it's actually doing they just want it to work.

I know you all know this but companies will do this knowing that exploiting all of us.

I use Linux and agreed on all those points. when I used adobe before it wanted to charge me a fee to cancel my subscription and wouldn't let me just 'cancel' in their system so I just blocked the payments on my card and dipped out.

good software, garbage company

Heh, I had a similar situation once, but my bank wouldn't let me block the transactions.

So I switched banks. It was a interesting call with my previous banks support folks.

On linux they just use sudo and similary don't read, care or wonder.

Right, and the same with private citizens. Don’t fine a month’s income to some and a minute’s to someone else because it’s “fair” and evenly applied.

yeah but Linux is love, linux is life. if you really want to get the beatings going:

Rust > C and GNU/Linux should be Rust.

Birds of a flock crap on everybody together.

> How many more broken social contracts can society endure before it crumbles?

I wouldn't call this much of a society if people's eyes are open.

What's that song name, they don't care about us?

Note that the certbot instructions are to renew 2x a day with up to one hour of randomized delay; using @monthly as suggested here will result in occasional outages if the "once a month" renewal attempt fails in two consecutive months due to transient peak service blips (such as those caused by '@monthly' hardcoding for month X day 1 time 00:00 often UTC without randomization), especially as Let's Encrypt drops their lifetimes to 45 days over the next 2 years, which would result in certificates avoidably expiring in production. Please instead use certbot's recommended 2x/day renew with a random sleep of up to an hour before initiating each attempt; at least one of cronie, at, bash, python, perl random sleep methods are available on most* platforms, and are offered up by the crontab-command generator at https://certbot.eff.org/instructions .

* There is a stack overflow page from 2016 filled with solutions for Busybox, so I'd say 'all' rather than 'some' but someone out there is hosting a webserver on a potato, so better safe than sorry.

It's not uncommon for a Distro to point NetworkManager or whoever to check for connectivity using their own servers, Arch does it themselves[0].

[0] ping.archlinux.org

Certbot would be like the supply chain attack holy grail. Not sure I'd want software like that running unmonitored automatically with root privileges.

Seeing more and more of 'This message is unavailable' - 'Discord requires ID in order to see certain messages'

Pretty much an AI detecting vulgarity and blocking it, although actual racist, vulgarity gets through things like 'here with my gock' to 'troll it' are what I've seen.

So, yes it is a requirement, and yes, they are censoring people and things, and requiring others to have an ID to see the messages as well.

So 'Not mandatory for all accounts' is technically true, but I mean.. you get it, hopefully.

> You will be able to join a Discord with your friends, chat, and do voice without age verification.

No, building a community is a goal for many; this just isn't acceptable.

> So the claim that Discord is making ID verification "mandatory" or that you need it for gaming chats is untrue.

Again, not mandatory but creates more issues than it solves.

We live in opposite-world where the way it is, is the exact opposite of how it should be

> We didn't review the entire source code And, you don't see the issue with that? Facebook was bypassing security measures for mobile by sending data to itself on localhost using websockets and webrtc.

https://cybersecuritynews.com/track-android-users-covertly/

An audit of 'they can't read it cryptographically' but the app can read it, and the app sends data in all directions. Push notifications can be used to read messages.

Push-to-Sync. We observed 8 apps employ a push-to-sync strat- egy to prevent privacy leakage to Google via FCM. In this mitigation strategy, apps send an empty (or almost empty) push notification to FCM. Some apps, such as Signal, send a push notification with no data (aside from the fields that Google sets; see Figure 4). Other apps may send an identifier (including, in some cases, a phone num- ber). This push notification tells the app to query the app server for data, the data is retrieved securely by the app, and then a push notification is populated on the client side with the unencrypted data. In these cases, the only metadata that FCM receives is that the user received some message or messages, and when that push noti- fication was issued. Achieving this requires sending an additional network request to the app server to fetch the data and keeping track of identifiers used to correlate the push notification received on the user device with the message on the app server.

Is that not still incredibly vulnerable to timing attacks?

Maybe I’m mis-interpreting what you mean, but without a notification when a message is sent, what would you correlate a message-received notification with?

Nothing changed, but many people struggle to understand their our own degree of relative ignorance and overvalue high-level details that are leaky abstractions which make the consequentially dissimilar look superficially similar.

No, I'm saying Meta can't be trusted.