r00ty

They're deporting themselves now too? That's efficient.

Yep. Also, I did clarify that I would usually do an overall upgrade at the same time.

I get the message there's an upgrade. Say I'll do it myself, go to console.

yay -S discord (or more likely just do an overall upgrade and reboot, what they hell)

Restart discord.

Should it, or should it be "1"? (just removing one, one)

It is if you leave the keys in the ignition.

They send fake (non-existing) actor ids for votes to obfuscate the identity of the real user. It is "compliant", but completely against the spirit of a public social network.

There have been discussions about how to implement this before. But it has to be done in a way that is agreed by other threadiverse software. Unless they actually provide profiles for these fake actors there will be problems since some software will look up the profile info to cache it, even for likes..

Personally I'm of the opinion of a standard header to mark a favourite message as a private one and use a random ID that the originating instance can use to validate the message as genuine. But, this needs to be adopted properly by all.

But this is the crucial thing. It wasn't in the repository. It was in the tarball. It's a very careful distinction because, people generally reviewed the repository and made the assumption that what's there, is all that matters.

The changes to the make process only being present in the tarball was actually quite an ingenius move. Because they knew that the process many distro maintainers use is to pull the tarball and work from that (likely with some automated scripting to make the package for their distro).

This particular path will probably be harder to reproduce in the future. Larger projects I would expect have some verification process in place to ensure they match (and the backup of people independently doing the same).

But it's not to say there won't in the future be some other method of attack the happens out of sight of the main repository and is missed by the existing processes.

I bought my first HDD second hand. It was advertised as 40MB. But it was 120MB. How happy was young me?

Yeah but if you tick TCP and pay the extra postage you can get proof of receipt.

Yeah, but asking film/tv producers for permission would kill my content collection!

And just to show I'm serious, you have zero seconds to comply.

Actually how is your ISP giving out IPs to you? Mine uses IPv6 PD to give me a /48. And I then use SLAAC locally on the first /64 prefix on my LAN. Plus another /64 for VPN connections.

If you mean receiving RA/ND packets from your ISP (which are used to announce IPv6 prefixes) then you need to allow icmpv6 packets (if you don't want to be able to be pinged, just block echo requests, ICMP in v4 and v6 carry important messages otherwise).

If your ISP uses DHCPv6 Prefix delegation you will need to allow packets to UDP port 546 and run a DHCPv6 client capable of handling PD messages.

If you have a fixed prefix, then you probably don't need to use your ISPs SLAAC at all. You could just put your router on a fixed IP as ::1 and then have your router create RA/ND packets (radvd package in linux, not sure what it would be on pfsense) and assign IPs within your network that way.

If you have a dynamic prefix.. It's a problem I guess. But probably someone has done it and a google search will turn up how they handled it.

EDIT: Just clarified that the RA/ND packets advertise prefixes, not assign addresses.