While private prisons are abhorrent and unconscionable, they aren’t even close to the root cause of our prison problem. Hint: it’s systemic racism and our militarized police culture.

https://www.sentencingproject.org/reports/private-prisons-in-the-united-states/

Louisiana, the #1 on the list supposedly had 0 private prison inmates in 2021. Blaming private prisons at this point almost feels like deflecting from the real issues.

Still missing a few but it’s the best I found in 30 seconds.

I’m not sure about color support without HTML or add-ons, but Obsidian is a good markdown editor with a lot of functionality and extensibility.

It’s not open source but it runs on everything.

The definition I learned for web 2.0, as it was happening, was a shift from static web pages generated all at once on the server and delivered to the client whole, to using Ajax with in-browser Javascript dynamically changing already-delivered pages with back-end XML calls.

Look man, it’s okay to be wrong. It’s a natural part of growth.

But when you double down on your ignorance instead of taking the opportunity to open your mind and listen to the experts in the room, you just end up embarrassing yourself.

Try to be better.

We can restrict the use of software TOTP, which is what companies are doing when they move users onto the MS Authenticator app.

Admins can’t control the other TOTP apps like Google Authenticator or Authy unless they go full MDM. And I don’t think someone worried about installing the MS Authenticator app is going to be happy about enrolling their phone in Intune.

Edit: And even then, there is no way to control or force users to use a managed device for software TOTP.

This is incredibly well said and I agree 100%. I’ll just add that software TOTP is weaker than the MS Authenticator with number matching because the TOTP seed can still be intercepted and/or stolen by an attacker.

Ever notice that TOTP can be backed up and restored to a new device? If it can be transferred, then the device no longer counts for the “something you have” second factor in my threat model.

While I prefer pure phishing-resistant MFA methods (FIDO2, WHFB, or CBA), the support isn’t quite there yet for mobile devices (especially mobile browsers) so the MS Authenticator is the best alternative we have.

We’re not as stupid as they think we are.

Aren’t we though?

It’s on the higher end of battery usage but it plays remarkably well. I play locked to 45 FPS / 90 Hz and I think I’m using the default Proton.

Curious where that is. Here in Chicago it’s called the Boneless Meal Deal and it’s $16.99.

And what’s wrong with asking that? Plenty of email platforms let you change your primary SMTP address and/or add/remove aliases.

It’s a legitimate question. And it could be that the lack of ability to change it has a perfectly logical answer. It still wouldn’t invalidate the question.

I have several docker servers, but for Immich I want a dedicated VM. Regardless the problem isn’t going to be setting it up, that should be easy. But for something as important as this, I am going to pore over every possible architectural design decision from the storage tier to the HA and DR strategy. I don’t want to start migrating to it then realize I wanted to do something differently and have to migrate again.

If it’s replacing Google Photos for my family, I expect the same level of resiliency and data protection standards. Or at least as close as I can reasonably get.

Do you even know what an electrolyte is?!

Yeah I won’t argue with that.

In Chromium browsers you can simply type “thisisunsafe” to bypass even HSTS failures.

They mean CAA records:

https://developers.cloudflare.com/ssl/edge-certificates/caa-records/

That’s been my plan to move off of Google photos. Decided on Immich a few months ago. Now if only I had some more of that free time to set it up.

And conversely, when we lose weight the vast majority is exhaled as CO2, not excreted as liquid or solid waste.