100% agreed. Nobody’s going to care about someone stealing his source code if they don’t know about it.

If you are not a copyright holder, then you are not in a position to make any demands. I find it especially ironic, considering when the GPL was actually violated on multiple occasions, even as recently as a few months ago, nobody ever takes issue with that.

Ironic that he says he understands licensing but doesn’t understand that, if you’re not a copyright holder, you don’t have standing to do anything about those violations. The Violations of GNU Licenses page states that if you see a violation, you should confirm the violation, collect as many details as you can, and then:

Once you have collected the details, you should send a precise report to the copyright holders of the packages that are being wrongly distributed. The GNU licenses are copyright licenses; free licenses in general are based on copyright. In most countries only the copyright holders are legally empowered to act against violations.

I remember reading about someone attempting to challenge that by suing for the rights that should have been conveyed to them by the infringer respecting copyright, but I wasn’t able to find anything on it. I did find references to people who were partial copyright holders being found to not have standing due to not having sufficient ownership to make a claim, though - see the outcome of https://sfconservancy.org/copyleft-compliance/vmware-lawsuit-faq.html

Good to know! I saw that mentioned on some (apparently outdated) Comodo marketing copy as a benefit over LE

EV certs give you an extra green bar or something along those lines. If your customers care about it, then you have to. If they don’t - and they probably don’t - it’s a waste.

What exactly are you trusting a cert provider with and what are the security implications?

End users trust the cert provider. The cert provider has a process that they use to determine if they can trust you.

What attack vectors do you open yourself up to when trusting a certificate authority with your websites’ certificates?

You’re not really trusting them with your certificates. You don’t give them your private key or anything like that, and the certs are visible to anyone navigating to your website.

Your new vulnerabilities are basically limited to what you do for them - any changes you make to your domain’s DNS config, or anything you host, etc. - and depend on that introducing a vulnerability of its own. You also open a new phishing attack vector, where someone might contact you, posing as the certificate authority, and ask you to make a change that would introduce a vulnerability.

In what way could it benefit security and/or privacy to utilize a paid service?

For most use cases, as far as I know, it doesn’t.

LetsEncrypt doesn’t offer EV or OV certificates, which you may need for your use case. However, these are mostly relevant at the enterprise level. Maybe you have a storefront and want an EV cert?

LetsEncrypt also only offers community support, and if you set something up wrong you could be less secure.

Other CAs may offer services that enhance privacy and security, as well, like scanning your site to confirm your config is sound… but the core offering isn’t really going to be different (aside from LE having intentionally short renewal periods), and theoretically you could get those same services from a different vendor.

You can get wildcard certs with LetsEncrypt (since 2018): https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578

You say that like it’s not compatible with the ones people already have.

I use --format-sort +res:1080, which, if my understanding of the documentation is correct, will make it prefer 1080p, the smallest video larger than 1080p if 1080p isn’t available, or the largest video if nothing 1080p or larger is available.

res is the smallest dimension of the video (so for a 1080x1920 portrait video, it would be 1080).

Default sort is descending order. The + makes it sort in ascending order instead.

My guess is they thought they were 99% done but that the 1% (“just gotta deal with these edge case hallucinations”) ended up requiring a lot more work (maybe even an entirely new sub-system or a wholly different approach) than anticipated.

I know I suggested the issue might be hallucinations above, but what I’m genuinely curious about is how they plan to have acceptable performance without losing half or more of your usable RAM to the model.

Ah, you’re right - Trilium doesn’t use file-backed notes at all - it saves them in a database (I think Sqlite but I’m not positive).

Trilium supports writing notes in multiple formats, including Markdown.

Does your script handle bi-directional sync or one-way only?

https://github.com/TriliumNext/Notes is a fork that appears to be actively developed. Found it near the end of the issue linked from the maintenance notice.

Traction control and other related features is a bigger deal than AWD in my opinion. In the past five years I’ve had AWD engage maybe twice.

Also, you can replace two tires at once as opposed to all four, depending on the specific vehicle and how much the difference will be between the tires you’re keeping and getting rid of. You only need to replace all four if the difference is enough to cause issues.

There are a ton of crossover SUVs with FWD, though. Here are a few:

• Honda CR-V
• Toyota RAV4
• Lexus RX 350
• Toyota Highlander
• Hyundai Tucson
• Hyundai Palisade
• Kia Telluride
• Nissan Kicks
• Nissan Rogue
• Nissan Murano

Doesn’t their API also require you to allow-list IPs, making it basically useless for dynamic DNS?

From https://www.namecheap.com/support/api/intro/ under “Whitelisting IP.”

When I was in like first grade, my parents got us a Super NES, which I took to a friend’s house to play, thinking it was the same thing as a regular NES (just “super,” y’know?). I spaced and left it behind… and never saw it again.

I don’t even know who the friend was anymore, tbh.

When I was in fourth or fifth grade, a teacher did this thing where you could earn bonus points during the year and later spend them on prizes. I had a lot of points and so got to make my selections early, and I got a bunch of gaming magazines because I liked to read them, even though we didn’t have a modern console. Some other kid in the class, whom I do remember, got annoyed at this and stole them from my locker. I think I found out, because I remember that he explained it was because I wasn’t even a gamer - I didn’t have a PlayStation or Dreamcast so obviously (in his mind) it didn’t make sense for me to take those magazines. Sorry for being poor, I guess? I’m pretty sure I got the magazines back, because I remember reading them, but I’m not positive.

First situation I blame myself more than them. Second one I’m still annoyed when I think about it.

if Apple has that group on their “approved” list and they match donations, they are effectively donating to that group.

Not really.

First, like I said in my previous comment, the article doesn’t say if there’s an “Approved” list or if they just approved everything the donation platform supports (all 2.1 million nonprofits). I’ve never used Benevity and so have no way of knowing how corporations select which nonprofits they’ll match donations to. I looked at the Benevity site and they didn’t make it clear, either.

Secondly, like I said in my previous comment, it doesn’t state whether anyone has actually donated (particularly over the last 9 months or so). Benevity has 2.1 million nonprofits in their database but has only supported less than a quarter of them - 470 thousand.

If nobody has actually donated, Apple hasn’t, either. Heck, suppose a hundred people have donated an average of $100 each. That’d be $10,000 that Apple has donated and $20,000 more than should have been donated, but that’s still ultimately not a remotely relevant amount. The IDF gets $3.8 BILLION every year from US taxpayers. And unlike with donation matching, those taxpayers don’t get a choice in where their money goes. In this case, the employees are in control.

It’s completely feasible that Benevity doesn’t provide an easy way for corporations like Apple to prevent donations to particular “charities” like this one without impacting other donation options. I.e., they might have an all or nothing approach, where the company selects groups of charities, and in order to prevent donations to the Friends of IDF, Apple would need to also prevent donations to every other actual charity in the same group.

It’s also completely feasible that it does provide this option. But the article doesn’t say.

The article also doesn’t explain why the signatories aren’t also making a big deal about the donation platform facilitating donations to Friends of the IDF in the first place. Heck, it doesn’t even mention how many of the “900+ leading brands who use Benevity” have donations to Friends of the IDF enabled.

OP is basically saying “Grab your pitchforks! It’s Apple harvesting time!” and using an article written by someone too lazy to even email Benevity and ask for the basic missing info I’ve outlined above.

Ah, like using Edge to download Firefox!

Should I apologize for hurting your feelings by suggesting that Windows is bad?

From the article (emphasis mine):

The controversy stems from Apple’s employee donation-matching programme, which allows workers to make contributions to various non-profit organisations and receive matching funds from the company through a platform called Benevity. Among the charities Apple’s controversial platform allows funds to be sent to are Friends of the IDF

This doesn’t say Apple is donating to the IDF, just that it allows its employees to, and will match that donation. That’s an employee benefit. It doesn’t say how many employees are taking advantage of this, if any.

It doesn’t say if Apple has simply allowed every Benevity cause or some subset of them that happens to include Friends of the IDF.

I get that this was organized by Apple employees, but Benevity is the one facilitating this - and not just for Apple. They should be the ones getting pressured to stop enabling it.