sylver_dragon

Do you really want Musk starting a game console company?

It’s a dick move, but I can kinda understand why SpaceX would make it. There has been a push to “de-risk” supply chains, after the disruptions caused by Covid, Russia’s invasion of Ukranie, and other world events. This type of de-risking was partly responsible for the CHIPS and Science Act. The US Government has a strategic incentive to have a stable and resilient supply chain for semiconductors.

For SpaceX, having critical components be only available from fabs in Taiwan is a risk to business. China has been more and more vocal about it’s desire to annex Taiwan. With Trump taking office, one can imagine that the US commitment to protect Taiwan may not be quite as iron clad as it has been in the past. It’s not hard to imagine a future where China launches an invasion of Taiwan and the US does little more than shrug. At that point, any business which is solely reliant on Taiwan for semiconductors is going to see major disruptions.

So ya, it’s a complete dick move. But, I suspect SpaceX will be far from the last company looking to build a supply chain outside Taiwan.

Some employees have accused Dell of trying to shrink its workforce with this policy

There’s the real goal. Cut headcount without directly cutting headcount. Of course, the headcount which bails first will be the highest performers with the greatest ability to find other employment. But, that won’t show up on the bottom line for a few years.

Have you considered just beige boxing a server yourself? My home server is a mini-ITX board from Asus running a Core i5, 32GB of RAM and a stack of SATA HDDs all stuffed in a smaller case. Nothing fancy, just hardware picked to fulfill my needs.

Limiting yourself to bespoke systems means limiting yourself to what someone else wanted to build. The main downside to building it yourself is ensuring hardware comparability with the OS/software you want to run. If you are willing to take that on, you can tailor your server to just what you want.

As much “doom and gloom” as the article pushes, I kinda feel that the compromised keys being well known makes detection easier. The malicious binary needs to be signed with one of these keys, this means that there will be very specific structures (e.g. the public key) at well known locations in the file. This is exactly the type of threat which anti-virus is good at detecting. Assuming a network’s security folks aren’t completely asleep at the switch, these attacks should get picked up and blocked pretty fast.

There is a reason attackers spend so much time and effort obfuscating code and keeping files off the disk. While A/V may be a pretty terrible security control and easily bypassed in many cases, watching for files with well known patterns is one of the few things A/V tends to do well.

I do agree with what you are saying, but for a complete beginner, and a very general overview, I didn’t want to complicate things too much. I personally run my own stuff in containers and am behind CG-NAT (it’s why I gave it a mention).

That said, if you really wanted to give the new user that advice, go for it. Rather than just nit pick and do the “but actshuly” bit, start adding that info and point out how the person should do it and what to consider. Build, instead of just tearing down.

No, but you are the target of bots scanning for known exploits. The time between an exploit being announced and threat actors adding it to commodity bot kits is incredibly short these days. I work in Incident Response and seeing wp-content in the URL of an attack is nearly a daily occurrence. Sure, for whatever random software you have running on your normal PC, it’s probably less of an issue. Once you open a system up to the internet and constant scanning and attack by commodity malware, falling out of date quickly opens your system to exploit.

Short answer: yes, you can self-host on any computer connected to your network.

Longer answer:
You can, but this is probably not the best way to go about things. The first thing to consider is what you are actually hosting. If you are talking about a website, this means that you are running some sort of web server software 24x7 on your main PC. This will be eating up resources (CPU cycles, RAM) which you may want to dedicated to other processes (e.g. gaming). Also, anything you do on that PC may have a negative impact on the server software you are hosting. Reboot and your server software is now offline. Install something new and you might have a conflict bringing your server software down. Lastly, if your website ever gets hacked, then your main PC also just got hacked, and your life may really suck. This is why you often see things like Raspberry Pis being used for self-hosting. It moves the server software on to separate hardware which can be updated/maintained outside a PC which is used for other purposes. And it gives any attacker on that box one more step to cross before owning your main PC. Granted, it’s a small step, but the goal there is to slow them down as much as possible.

That said, the process is generally straight forward. Though, there will be some variations depending on what you are hosting (e.g. webserver, nextcloud, plex, etc.) And, your ISP can throw a massive monkey wrench in the whole thing, if they use CG-NAT. I would also warn you that, once you have a presence on the internet, you will need to consider the security implications to whatever it is you are hosting. With the most important security recommendation being “install your updates”. And not just OS updates, but keeping all software up to date. And, if you host WordPress, you need to stay on top of plugin and theme updates as well. In short, if it’s running on your system, it needs to stay up to date.

The process generally looks something like:

• Install your updates.
• Install the server software.
• Apply updates to the software (the installer may be an outdated version).
• Apply security hardening based on guides from the software vendor.
• Configure your firewall to forward the required ports (and only the required ports) from the WAN side to the server.
• Figure out your external IP address.
• Try accessing the service from the outside.

Optionally, you may want to consider using a Dynamic DNS service (DDNS) (e.g. noip.com) to make reaching your server easier. But, this is technically optional, if you’re willing to just use an IP address and manually update things on the fly.

Good luck, and in case I didn’t mention it, install your updates.

Java is dying in the same way that Linux is winning the desktop war, it’s always going to happen “next year” but never “this year”. I spent a lot of years as a sysadmin and while I would have been quite happy to piss on the grave of Java, we always seemed to be installing some version of the JRE (though, usually not the latest version) on systems. There is just a lot of software which is built with it. This was especially true when dealing with US FedGov systems. Developers for the USG loved Java and we had both the JRE and JDK (because why not require the Development Kit for a user install?) sprinkled about our environment like pigeon droppings.

That said, don’t get too caught up focusing on one language. A lot of the underlying data structures and theory will transfer between languages. What you are learning now may not be what you end up working with in the future. Try to understand the logic, systems and why you are doing what you are doing, rather than getting too caught up on the specific implementation.

Russia could do that. But, they are kinda busy trying to keep up with demand from their own forces. And that’s only going to get worse as they run out of mothballed Soviet shitboxes to reactivate.

I suspect Politico fixed it. When I first loaded the page, it had the same image you see in the thumbnail. And that’s was what prompted my comment. Looks like they updated the page and it’s now an appropriate image.

Story about Belgian F-16s.
Picture shows US F-35.
Guess the AI’s came for Politico’s editors first.

Unfortunately, yes. There have been a lot of efforts to shift the energy mix in the EU away from Russian oil and natural gas. But, the effort has been slow and has meant rising costs. Also, by removing Russian production from the supply side, prices will invariably increase. Ukraine does have to balance the damage that can do to foreign support, against their war aims. Personally, I think it’s pretty selfish of the EU and US to ask Ukraine not to strike those resources. It’s essentially the US/EU saying, “more of your people need to die, so we can save money.” It’s a really crappy thing to ask.

War is logistics. If the Russian war machine can be starved of fuel and money, the machine will grind to a halt. It’s just a question of, can Ukraine cause enough damage to Russia’s oil infrastructure fast enough to survive the advantages Russia has in manpower and equipment?

I mean, the US could do that, but it’s kinda pointless. Ukraine would just be buying them with money that the US Government gave them in the aid package. It would mean the US Treasury moving money from the “aid going to Ukraine” column to the “US DoD budget” column. Sure, some of the aid is structured as loans. However, the President has the power to forgive half of those loans by the end of the year and the next President will have the power to forgive the rest of those loans in 2026. Unless the war suddenly ends and Ukraine suddenly finds a shit-ton of money somewhere, those loans are just going to be forgiven. As there is just no way they will ever be paid back.

Handy Infographic from the Congressional Budget Office (CBO):
.

• Total Federal outlays: $6.1 Trillion
• Federal Social Spending
  • Social Security: $1.3T
  • Medicare: $0.839T
  • Medicaid: $0.616T
  • Income Security Programs: $0.448T
  • Total Social Spending: $3.203T

Math warning:

(3.203T / $6.1T) * 100% = 52.5%  

So, not quite the previous poster’s 55%, but pretty close. There is also an “Other” column which likely includes other social spending and may have gotten us to that number. But, it’s enough of a mixed bag, and way too much work, to try and pick it all out.

While the US could certainly adjust it’s spending in a lot of good ways, the idea that the US spends “nothing” on social programs is provably false. These numbers also get weird and much harder to pin down when we look at State level taxes and spending. Many years ago, I dug into education spending in the US. And while Federal Education spending is a drop in the bucket, the actual number is pretty large, because it’s considered a State responsibility and each State spends large amounts of money on it.

For example, my home State of Virginia budgets $29.9 Billion for “Health and Human Services” this Fiscal Year 2024 and $25.0 Billion for “Education”, those two line items eating up about 62% of the State budget.

Considering that Congress just (fucking finally) handed the President a whole lot of money in “Presidential Drawdown Authority”. I suspect the conversation is going to go a whole lot like:
US DoD: We bought all these former Soviet shit-boxes to prevent them being used by Russia and to build goodwill with Kazakhstan.
US President: Hey, look at all these former Soviet shitboxes the DoD has sitting in inventory. We don’t need these. I’m giving them to Ukraine who can find a use for them.

US Federal Law does NOT require that bills only deal with a single issue. So, a single bill could send aid to Ukraine, outlaw hats and declare Tuesday, “puppy kicking day”. And that would be fully within the US Constitutional method for passing Federal laws. All that matters is that the exact same text is passed in both The House of Representatives and The Senate and is then signed by The President. There’s a whole bunch of other stuff around it (veto process, and filibuster), but the ELI5 version is both houses of Congress pass the same bill and the President signs it and thus it becomes US Federal Law.

There will, of course, be a whole other process around the law being challenged in the Courts. ByteDance will undoubtedly challenge the TikTok ban in Court. And that will take years to fully wind it’s way through the system. And the courts may issue an injunction, preventing the law from being enforced, until the decision is made. Basically saying, “nope Federal Government, you cannot enforce this until we say so”. Personally, I would expect that in this case. So, don’t expect TikTok to leave the US any time soon. Note that, this can be done to part of a law (again, I would expect this) and not the whole law at once. So, this won’t imperil US aid to Ukraine, Israel or Taiwan. It just means that we’re likely to see the bounds of US Federal Government power tested a bit. Does the US Federal Government have the power to unilaterally kick a company out of the US? I’d bet on “yes”, especially with the ties to national security. But, I could easily lose that bet.

He just wants a bit more Living Space.

Yes, yes it has. And it’s directly because Russia engaging in exactly the type of expansionist wars NATO was set up to stop.