They can just sell their normal phone. As long as the user is able to run the installer it doesn’t really matter.

In the worst case it will just be Motorola shipping their base android version with verification and then just flashing grapheme over it. Just the way it currently works with pixels.

In Germany there are a lot more Jones about the French army, which probably stem from how fast France was captured in ww2.

Selling a French army rifle. Good condition. Never used, only dropped once.

How many gears does a French tank have? One forward for the parade, 5 backwards for war.

Why does a French tank have rear view mirrors? So the can alsonsee the front.

Whats the first thing a French soldier learns? To capitulate in 10 languages.

How many man do you need to defend Paris? No one knows, no one ever tried.

And so one.

I should have been more clear.

I meant for self hosting.

Though realistically, even if the service is provided for the public, you could just use an instance of keycloak or something similar with open registration. That’s what an association I’m close to is doing already.

By default, the Credentials provider does not persist data in the database. However, you can still create and save any data in your database, you just have to provide the necessary logic, eg. to encrypt passwords, add rate-limiting, add password reset functionality, etc.

That is exactly the complexity I wouldn’t want. With just SSO it is enough to send a redirect URL to the browser and on the callback set a cookie. No js needed. If your service gets compromised and someone leeks the credentials, just log everyone out.

If i created a service I would go in the opposit direction. Only offer SSO and no other option.

You loose quite a bit of complexity that way.

If anyone ist surprised by that they should look up why niantic was ever founded.

It was always about data collection in the real world.

I didn’t know about that one.

You say you are on a budget. Yet you talk about 128 Gigs of ram.

Maybe you should clarify what your budget is.

You’ve got to reboot after kernel updates, otherwise it can’t load new modules. I’ve been confused at least twice why something didn’t load until.I remembered the reboot.

Im sorry, but what integrity are we talking oft?

The Problem with open source is, it relies on self exploitation. Most OS Dev don’t get paid, so they’ve got to work another jib full time. This leads to a lot of burned out devs from their project and that is a real problem.

Before a project becomes self sufficient on donationa, it needs to become really big. Most projects simply never reach that scale.

Its a config option. Add ILoveCandy in the options.

How are they connected

Its timing based. When piped a script, bash executes each line completly before taking the next line from the input. Curl has a limited output buffer.

1. Operation that takes a long time. Like a sleep, or if you want it less obvious. A download, an unzip operation, apt update, etc.
2. Fill the buffer with more bash commands.
3. Measure on the server if at some point curl stops downloading the script.
4. Serve a malicious payload.

They can even serve a different file for curl vs curl|bash

Not every country is as lax as america. In Germany is often 3 months. On the other side a really good reason is required to fire someone.

I manage all my services with systems. Simple services like kanidm, that are just a single native executable run baremetal with a different user. More complex Setups like immich or anything that requires a pzthon venv runs from a docker compose file that gets managed by systemd. Each service has its own user and it’s own directory.

For Facebook it doesn’t matter if its e2e. They control the client on both sides. They can just let the client sent the clear text data to them.

If a service doesnt offer Oidc, just dont self host it. The SSO service can then be properly secured and even if its only a password, at least its not reused.